US Executive Order means stronger software supply chain security. Tehama Secure Digital Office delivers.


Gene Villeneuve

Gene Villeneuve

May 19, 2021

·

5 min read time

US Executive Order means stronger software supply chain security. Tehama Secure Digital Office delivers.

A recently-announced Executive Order on Improving the Nation’s Cybersecurity from U.S. President Joe Biden means many companies will soon have to step up their IT security and compliance game.

The Executive Order is intended to provide a preview and guidance to the direction by both public and private sectors. Most onlookers agree that software and other companies doing business with the U.S. government will almost certainly have to (among other things):

  • Implement multi-factor authentication and data encryption
  • Submit and abide by a “software bill of materials” stating exactly what’s inside their  software (this would override any non-disclosure agreements in place)
  • Keep an expanded volume of digital records on hand in case of investigation
  • Work with organizations such as the FBI and Department of Homeland Security in the event of an incident
  • Disclose any breaches or attacks to the government in a timely manner

“If you’re doing business with the federal government, then when you have an incident, you must notify us quickly,” said Anne Neuberger, deputy national security adviser for cyber and emerging technology, in an NPR story.

The order will also create a cybersecurity incident response board to conduct investigations,  similar to the National Transportation Safety Board’s role following a plane crash, according to media reports.

Observers note the changes will most dramatically impact larger software vendors, such as Microsoft and SalesForce, but will likely affect to some degree every software vendor that sells to the U.S. government.

Response to SolarWinds exploit

The executive order comes following the December 2020 discovery of the SolarWinds-Microsoft-VMware hack, a wide-ranging (and long lasting) supply chain attack that (among other attack avenues) trojanized SolarWinds Orion software updates to distribute malware.

Security firm FireEye, which discovered the attack, says the campaign affected public and private organizations around the world by leveraging “multiple techniques to evade detection.”

The attack primarily affected large software vendors to the government, such as Microsoft, which said after its own investigation that the hackers downloaded some of its Azure, Exchange, and Intune source code. But the damage wasn’t limited to large companies – the White House recently said at least 100 companies and nine federal agencies were affected, including the U.S. Treasury and departments of Commerce, State, Energy, and Homeland Security.

The massive hack discovered in late 2020 isn’t the only cyber threat currently on the minds of White House officials. More recently, a ransomware attack on a major U.S. oil pipeline forced its owner to shut down the conduit indefinitely – one of the largest-ever attacks on U.S. infrastructure.

How Tehama’s Secure Digital Office Platform delivers the supply chain development security requirements

Many organizations will need to quickly scale up to meet these and any other requirements within the upcoming executive order.

In many cases that will be a significant challenge requiring considerable IT expenditure and complexity, including stacking additional IT security solutions on top of existing data and desktop estates. It could also require companies to accelerate their laptop refresh strategy (depending on the age of their physical machines) and be far more disciplined when implementing system updates and patches.

It’s an even bigger challenge for companies engaged in distributed software development and other hybrid workforce use cases, where employees regularly connect to environments remotely and physical endpoints are spread out over several regions.

Tehama’s Secure Digital Office Platform, however, can help.

Tehama delivers on demand a Next-gen DaaS to secure the supply chain by providing software developers with a high-performance development environment on a secure virtual desktop within a virtual room. It’s got the security and attestation features organizations need to reduce vulnerabilities, along with complete visibility (and a full audit trail) into everyone that uses a virtual room or desktop:

  • Zero-Trust access controls including multi-factor authentication and least privilege permissions
  • Nested virtualization to automate and rapidly provision development environments
  • Built in encryption, anti-malware and dynamic firewall tools
  • Centralized policy controls and management
  • Automatic system and application patches and updates
  • Virtual Windows and Linux desktops (including GPU desktops) to meet any workload need

Because it securely captures all room and desktop activity through session recordings, its built-in tools help you prove all development takes place within secure environments (while allowing the actual developer to be anywhere in the world with an internet connection).

Tehama next-gen enterprise DaaS: A more secure option

Tehama makes it easy to meet any IT security standard through an arsenal of built-in security and compliance tools. Its unique architecture constructs a secure perimeter around a virtual room containing secure virtual desktops, and provides the controls and capabilities required to quickly onboard, scale, manage, and audit your entire hybrid workforce or roster of third-party vendors in minutes.

Rooms and desktops connect to corporate and cloud systems through our encrypted Tehama Gateway, a secure channel that handles all network traffic.

And all virtual desktops are powered by Teradici PCoIP Ultra technology, which uses AES 256 encryption while compressing and transmitting a pixelated representation of a centralized virtual machine.

Tehama enterprise DaaS customers leverage our solution every day to provide secure access to production, development, and staging environments. That means they’ve already got the security and compliance tools necessary to easily accommodate the U.S. government’s upcoming executive order on IT security.

By ensuring Tehama is their only path to committing code to production, they’ve secured their software development supply chain.


Shape line

Read More

How to Manage Your EUC Strategy During a Worldwide Hardware and Chip Shortage

How to Manage Your EUC Strategy During a Worldwide Hardware and Chip Shortage

In late 2020, as the COVID-19 pandemic continued to surge around the globe, the world began hearing about a new crisis – the global chip shortage. Primarily attributed to the pandemic, the crisis stemmed from the global lockdowns that sent workers home and took factories offline during 2020. At the same time, demand for electronics rose exponentially as consumers upgraded their home computers, monitors, TVs, webcams, and more to drive connectivity, collaboration and productivity for themselves and their families during lockdowns. This has now created a shortage of processors, memory and other chips used to power everything from computers, gaming consoles…
Stop Shipping Laptops to Your Remote Workers & Contractors

Stop Shipping Laptops to Your Remote Workers & Contractors

According to Gartner research, one laptop is stolen every 53 seconds. And nearly 41% of all data breach events from 2005 through 2015 were caused by lost devices such as laptops, tablets and smartphones. What this research neglects to mention is that mobile device security developments have outpaced those of desktop operating systems, leaving laptops as a far greater source of risk than phones and tablets. The result? U.S. organizations face the threat of a breach with an average cost of $3.86 million (according to IBM Security’s 2020 Cost of Data Breach Report). . Shipping laptops is increasing your threat surface With COVID-19…
Weighing the costs and savings of remote work – Five key areas

Weighing the costs and savings of remote work – Five key areas

Commercial real estate, computer hardware, catering, utilities, cleaning staff, supplies and physical security are just some of the costs eliminated when employees work from home. On July 22, I hosted a panel for Tehama’s Digital by Default Summit on the costs and potential savings associated with remote work. One of our panelists was Susan Richards, managing partner of numbercrunch inc., which offers outsourced CFO services for small business clients. When asked if she would consider ditching the traditional office, based on numbers alone, she had an illuminating answer. “As a managerial accountant by profession, I probably would,” Richards said. “But all the companies…
Subscribe Here!

Get Tehama insights sent straight to your inbox!