US Executive Order means stronger software supply chain security. Tehama Secure Digital Office delivers.

Tehama Team

Tehama Team

May 19, 2021


5 min read time

US Executive Order means stronger software supply chain security. Tehama Secure Digital Office delivers.

A recently-announced Executive Order on Improving the Nation’s Cybersecurity from U.S. President Joe Biden means many companies will soon have to step up their IT security and compliance game.

The Executive Order is intended to provide a preview and guidance to the direction by both public and private sectors. Most onlookers agree that software and other companies doing business with the U.S. government will almost certainly have to (among other things):

  • Implement multi-factor authentication and data encryption
  • Submit and abide by a “software bill of materials” stating exactly what’s inside their  software (this would override any non-disclosure agreements in place)
  • Keep an expanded volume of digital records on hand in case of investigation
  • Work with organizations such as the FBI and Department of Homeland Security in the event of an incident
  • Disclose any breaches or attacks to the government in a timely manner

“If you’re doing business with the federal government, then when you have an incident, you must notify us quickly,” said Anne Neuberger, deputy national security adviser for cyber and emerging technology, in an NPR story.

The order will also create a cybersecurity incident response board to conduct investigations,  similar to the National Transportation Safety Board’s role following a plane crash, according to media reports.

Observers note the changes will most dramatically impact larger software vendors, such as Microsoft and SalesForce, but will likely affect to some degree every software vendor that sells to the U.S. government.

Response to SolarWinds exploit

The executive order comes following the December 2020 discovery of the SolarWinds-Microsoft-VMware hack, a wide-ranging (and long lasting) supply chain attack that (among other attack avenues) trojanized SolarWinds Orion software updates to distribute malware.

Security firm FireEye, which discovered the attack, says the campaign affected public and private organizations around the world by leveraging “multiple techniques to evade detection.”

The attack primarily affected large software vendors to the government, such as Microsoft, which said after its own investigation that the hackers downloaded some of its Azure, Exchange, and Intune source code. But the damage wasn’t limited to large companies – the White House recently said at least 100 companies and nine federal agencies were affected, including the U.S. Treasury and departments of Commerce, State, Energy, and Homeland Security.

The massive hack discovered in late 2020 isn’t the only cyber threat currently on the minds of White House officials. More recently, a ransomware attack on a major U.S. oil pipeline forced its owner to shut down the conduit indefinitely – one of the largest-ever attacks on U.S. infrastructure.

How Tehama’s Secure Digital Office Platform delivers the supply chain development security requirements

Many organizations will need to quickly scale up to meet these and any other requirements within the upcoming executive order.

In many cases that will be a significant challenge requiring considerable IT expenditure and complexity, including stacking additional IT security solutions on top of existing data and desktop estates. It could also require companies to accelerate their laptop refresh strategy (depending on the age of their physical machines) and be far more disciplined when implementing system updates and patches.

It’s an even bigger challenge for companies engaged in distributed software development and other hybrid workforce use cases, where employees regularly connect to environments remotely and physical endpoints are spread out over several regions.

Tehama’s Secure Digital Office Platform, however, can help.

Tehama combines Desktop as a Service (DaaS), Security, Audit, and Networking to secure the supply chain by providing software developers with a high-performance development environment on a secure virtual desktop within a virtual room. It’s got the security and attestation features organizations need to reduce vulnerabilities, along with complete visibility (and a full audit trail) into everyone that uses a virtual room or desktop:

  • Zero-Trust access controls including multi-factor authentication and least privilege permissions
  • Nested virtualization to automate and rapidly provision development environments
  • Built in encryption, anti-malware and dynamic firewall tools
  • Centralized policy controls and management
  • Automatic system and application patches and updates
  • Virtual Windows and Linux desktops (including GPU desktops) to meet any workload need

Because it securely captures all room and desktop activity through session recordings, its built-in tools help you prove all development takes place within secure environments (while allowing the actual developer to be anywhere in the world with an internet connection).

Tehama next-gen enterprise DaaS: A more secure option

Tehama makes it easy to meet any IT security standard through an arsenal of built-in security and compliance tools. Its unique architecture constructs a secure perimeter around a virtual room containing secure virtual desktops, and provides the controls and capabilities required to quickly onboard, scale, manage, and audit your entire hybrid workforce or roster of third-party vendors in minutes.

Rooms and desktops connect to corporate and cloud systems through our encrypted Tehama Gateway, a secure channel that handles all network traffic.

And all virtual desktops are powered by Teradici PCoIP Ultra technology, which uses AES 256 encryption while compressing and transmitting a pixelated representation of a centralized virtual machine.

Tehama enterprise DaaS customers leverage our solution every day to provide secure access to production, development, and staging environments. That means they’ve already got the security and compliance tools necessary to easily accommodate the U.S. government’s upcoming executive order on IT security.

By ensuring Tehama is their only path to committing code to production, they’ve secured their software development supply chain.

Shape line

Read More

How Financial Service Businesses Can Stop Cybercrime in its Tracks

How Financial Service Businesses Can Stop Cybercrime in its Tracks

Securing sensitive financial data is already difficult for financial services firms due to complex IT infrastructures and the growing frequency of cyber threats. And it is expected to become even more challenging in the coming years as banks and financial institutions expand their use of third-party contractors and consultants to drive efficiencies and cost savings that can come from supplementing the work already being done by full-time employees. Yet, a recent study by the Financial Services Information Sharing and Analysis Center (FS-ISAC) found third-party risk to be among the top cyber threats facing financial institutions in 2022, along with zero-day…
How Financial Services Firms can Hit the Cost Efficiency, Innovation and Security Trifecta

How Financial Services Firms can Hit the Cost Efficiency, Innovation and Security Trifecta

Modern banking is experiencing a paradigm shift. Industry consolidation, historically low interest rates, and the entrance of non-traditional players such as Apple, Amazon and Google onto the financial services scene, have increased pressure to adopt new technologies that support mobile banking and contactless payments. The reality is that the ability to offer hybrid and remote work options is becoming critical to hiring and retention across many industries, including financial services. According to a Vidyard and Atomik Research study released in January 2022 and titled “The Future of Work in Financial Services: Remote or In-Office”1, nearly nine-tenths (88%) of respondents reported…
Goodbye Traditional Banking and Welcome to the Employee-Driven Workplace

Goodbye Traditional Banking and Welcome to the Employee-Driven Workplace

The “app-ification” of financial services and consumer adoption of mobile banking and contactless payments has paved the way for banks to make significant changes in how they deliver productivity to their employees Over the last few years, traditional banking has undergone a paradigm shift as an increasing number of consumers have adopted mobile banking and contactless payments for everything from depositing checks to transferring money to making purchases both online and at brick-and-mortar establishments. This “app-ification” of the banking experience has signaled the end of traditional banking for many, and is prompting financial services firms to now look at other…
Subscribe Here!
Get Tehama insights sent straight to your inbox!
By submitting this form, I consent to receive e‑newsletters, helpful information and promotional messages and can withdraw consent at anytime.
Subscribe Here!

Get Tehama insights sent straight to your inbox!