Information Security Xperts, Inc. (ISX) Select SpyLogix™ Enterprise by IdentityLogix as its Cloud Security Monitoring Platform

ISX Cloud IAM Service

Merrillville, IN (PRWEB) April 10, 2012

IdentityLogix, an innovator in continuous security intelligence and real-time data actualization, announces a strategic partnership with Atlanta-based Information Security Xperts, Inc. (ISX).

ISX has selected SpyLogix Enterprise™ technology for its Cloud Identity and Access Management (IAM) offerings. ISX specializes in identity and access solutions based on CA Technologies software.

The partnership will enable customers to efficiently manage support costs, quickly access expertise, bring web applications online faster and improve responsiveness when upward or downward scalability as needed.

ISX Cloud IAM Service powered by IdentityLogix’s SpyLogix Enterprise provides security intelligence through:

    Continuous native access to SiteMinder policy, performance and activity (events)
    Advanced messaging architecture to stream or route data to the cloud
    Automatic data management for efficient SiteMinder data storage
    Real-time data actualization services for effective data analysis and use in the cloud

These advanced SpyLogix Enterprise features simplify management and control of CA SiteMinder. ISX embodies these continuous situational awareness, enhanced visibility and

real-time data analysis features within its Cloud IAM service.

“ISX with their team of expert consultants have developed a comprehensive IAM cloud service based on SpyLogix Enterprise and CA SiteMinder technologies to better assist clients in improving security, web application uptime and people resource management,” said Michael Hrobat, vice president sales and marekting at IdentityLogix. “This cloud service can reduce operational costs and enhance an organization’s ability to respond rapidly to issues within SiteMinder and Identity Manger environments.”

“As, CA Technologies’ premier North American partner focused on the sales and services of the CA Security Suite of products, we work on some of the most complex environments for CA Identity Manager and CA SiteMinder,” said Ed Pascua. Senior Vice President at ISX. “ISX’s partnership with IdentityLogix, and our new IAM Cloud Continuous Monitoring Solution allows us to bring a new dimension of service and value to our customers.”.

ISX has deep experience and years of “real-life” experiences with mid and large entities, which it has used to develop a powerful and comprehensive IAM cloud service. This cloud service simplifies complexities when using CA IAM software.

The seamless addition of SpyLogix Enterprise completes this solution by providing continuous visibility and situational awareness into the IAM environment providing critical information for operational efficiency, effective trouble shooting, performance monitoring and change management, as well as, providing detailed reporting for compliance and governance activities.

About IdentityLogix

IdentityLogix is an innovative software company offering products that improve the efficiency and effectiveness of people, process and technologies that secure business information. It’s SpyLogix™ Enterprise software is state-of-the-art security middleware, which allows for continuous monitoring and comprehensive automated real-time visibility of enterprise digital assets across IT infrastructures users, networks, identity systems, applications, mainframe systems and cloud services. Corporate and government entities utilize SpyLogix to be proactive for enterprise situational awareness, data analysis and real-time actualization to support issue resolution. They benefit from increased IT staff productivity, stream-lined audit support, enhanced overall security and improved governance, risk and compliance posture.

For more information please visit http://www.identitylogix.com.

About Information Security Experts

Information Security Xperts, Inc. (ISX) is an IT security consulting firm specializing in complex, enterprise-class deployments of Identity and Access Management solutions. Our many years of deep experience of designing, architecting, implementing, and “rescuing” implementations gone awry positions us well to serve as a trusted security advisor to key Fortune 500 and Global 2000 organizations. Our clients call us when they have pressing security concerns—from setting strategic direction to executing operational change across the enterprise. They look to us for straightforward, experienced advice that balances governance, business requirements, and technology investment. Our focus on our clients permeates every aspect of our operation, building on the foundation of our strong quality-management discipline. We leverage this discipline to manage and deliver project engagements to timely and successful completion. Throughout the engagement we actively measure the impact of our work on the client’s business operations, and our cycle of continuous improvement extends economic benefits beyond the discrete project. By collecting, measuring, and deploying to cross-functional stakeholder specifications, we ensure a streamlined project and client satisfaction.

Specialties

Identity and Access Management, Single Sign-On, Cloud Security, Risk and Compliance

For more information please visit http://www.isxconsulting.com.

IdentityLogix and SpyLogix are either registered trademarks or trademarks of IdentityLogix in the United States and/or other countries. All other trademarks or trade names are property of the respective holder.

Attachments

©Copyright 1997-

, Vocus PRW Holdings, LLC.
Vocus, PRWeb, and Publicity Wire are trademarks or registered trademarks of Vocus, Inc. or Vocus PRW Holdings, LLC.

GroupLogic® Wins “Innovation in Enterprise Security” Category at Eighth Annual Info Security Products Guide’s Global Excellence Awards

Info Security Product Guide Award Winner

Arlington, VA (PRWEB) March 01, 2012

GroupLogic®, the industry’s leading provider of software products that unlock the power of new enterprise platforms, announced today that it has been awarded the “Innovation in Enterprise Security” distinction at this year’s Info Security Products Guide’s Global Excellence Awards. GroupLogic was recognized for the 2011 release and debut of mobilEcho™, the industry’s first and only Mobile File Management (MFM) product for providing secure mobile file access.

Each year, the awards recognize security and IT vendors with advanced, groundbreaking products and solutions that are helping set the bar higher for others in all areas of technology. GroupLogic’s win recognizes the company and mobilEcho among the ‘best of the best’ in the industry.

“mobilEcho was developed so that enterprise IT could take advantage of the unbounded business benefits gained from providing mobile access to corporate files for employees, but without violating the security and compliance requirements enterprises face,” said Anders Lofgren, VP of Marketing and Product Management at GroupLogic. “This recognition from Info Security Products Guide further validates our clear commitment to our customers and addressing their enterprise security needs.”

Before mobilEcho, enterprise iPad and iPhone users were forced to use inherently flawed and unsecure workarounds to access files, including emailing files to themselves or uploading enterprise files into unsecured consumer-based cloud storage environments, violating corporate security, governance and compliance policies and increasing the risk for IT managers.

GroupLogic has solved this issue by enabling enterprise IT organizations to rapidly install mobilEcho, which provides them with simple, secure and managed Mobile File Management for users of mobile devices such as iPhone and iPad. Centrally managed by IT, mobilEcho connects directly to enterprise file servers, while also giving IT the control it needs with a remote wiping feature. This greatly mitigates risk and reduces stress for IT managers – making it easy for enterprises to embrace the consumerization of IT trend. To view a video of mobilEcho in action, please visit: http://www.grouplogic.com/enterprise-file-sharing/ipad-file-system/.

More than 50 judges from a broad spectrum of industry voices from around the world participated and their average scores determined the 2012 Global Excellence Awards finalists and winners. Winners were announced during an awards dinner and presentation on February 29, 2012 in San Francisco.

About GroupLogic

GroupLogic® helps enterprise and education IT organizations simply and securely integrate diverse computing platforms into enterprise environments, connecting employees to enterprise files, content and assets to facilitate a more productive and efficient work environment. With more than two decades of experience, GroupLogic leads the marketplace in helping IT organizations effectively and easily manage the integration of Apple products into the enterprise ecosystem. Whether IT organizations are looking to integrate existing Apple assets, purchase additional Apple hardware like Mac and iPad, or want to take advantage of the hardware costs savings that accompany the adoption of IT consumerization, GroupLogic enables IT organizations to easily and securely manage the rapid integration of diverse platforms while ensuring resources are optimized. GroupLogic enables the enterprise to focus on what is really important – competitive differentiation, improved employee productivity, mitigated risk and reduced costs. GroupLogic’s proven products—mobilEcho, ExtremeZ-IP, ArchiveConnect, and MassTransit—are in use by some of the world’s most innovative companies, including Christie’s, International Greetings and Omnicom Group.

About Info Security Products Guide Awards

Info Security Products Guide sponsors leading conferences and expos worldwide and plays a vital role in keeping end-users informed of the choices they can make when it comes to protecting their digital resources. It is written expressly for those who are adamant on staying informed of security threats and the preventive measure they can take. You will discover a wealth of information in this guide including tomorrow’s technology today, best deployment scenarios, people and technologies shaping info security and market research that facilitate in making the most pertinent security decisions. The Info Security Products Guide Awards recognize and honor excellence in all areas of information security. To learn more, visit http://www.infosecurityproductsguide.com and stay secured.

###

GroupLogic®, mobilEcho™, ExtremeZ-IP®, MassTransit®, Zidget®, ShadowConnect™ and ArchiveConnect™ are all registered or unregistered trademarks of GroupLogic, Inc. All other trademarks referenced herein are the property of their respective owners.

© 2012 GroupLogic, Inc. All Rights Reserved.

©Copyright 1997-

, Vocus PRW Holdings, LLC.
Vocus, PRWeb, and Publicity Wire are trademarks or registered trademarks of Vocus, Inc. or Vocus PRW Holdings, LLC.

A&I Solutions Selects SpyLogix™ Enterprise by IdentityLogix as Its Cloud Security Services Platform

MERRILLVILLE, IN (PRWEB) February 01, 2012

IdentityLogix, an innovator in continuous security intelligence and real-time data actualization, announces a strategic partnership with A&I Solutions, a leading provider of IT consulting and managed services specializing in solutions based on CA Technologies software. A&I Solutions, today announced it has selected SpyLogix Enterprise to be its platform for cloud security offerings. A&I Solutions’ Advanced Continuous Monitoring System (ACMS) for SiteMinder will be the first in a series of cloud security services by A&I Solutions and powered by SpyLogix technologies.

This partnership will enable customers to efficiently manage support costs, bring web applications online faster, and improve responsiveness when upward or downward scalability is needed.

“Our companies have invested in certifying a team of expert practitioners on SpyLogix Enterprise and CA SiteMinder technologies to better assist clients in improving security, web application uptime and people resource management,” said Michael Hlebasko, president and founder at IdentityLogix. “This cloud service can reduce operational costs and enhance an organization’s ability to re-invest precious capital.”

“At A&I Solutions we understand the challenges facing our customers face securing business data using web based technologies, especially web access management using SiteMinder,” said John Balsavage, president and founder at A&I Solutions. “Our ACMS solution includes assessment, design, development, delivery, and support – a comprehensive bundle that can help accelerate web application service delivery.”

ACMS cloud service provides security intelligence to simplify management of CA SiteMinder. ACMS employs continuous situational awareness, enhanced visibility and real-time data analysis features to assist support staffs with operations by monitoring key native SiteMinder security data, including: policies, user store, performance metrics, and activity.

About IdentityLogix

IdentityLogix is an innovative software company offering products that improve the efficiency and effectiveness of people, process and technologies that secure business information. It’s SpyLogix™ Enterprise software is state-of-the-art security middleware, which allows for continuous monitoring and comprehensive automated real-time visibility of enterprise digital assets across IT infrastructures users, networks, identity systems, applications, mainframe systems and cloud services. Corporate and government entities utilize SpyLogix to be proactive for enterprise situational awareness, data analysis and real-time actualization to support issue resolution. They benefit from increased IT staff productivity, stream-lined audit support, enhanced overall security and improved governance, risk and compliance posture.

For more information please visit http://www.identitylogix.com.

About A & I Solutions

A&I Solutions is North America’s premier provider of integrated enterprise solutions, dedicated to implementing solutions from CA technologies. A&I Solutions provides enterprise products and services to help companies achieve the highest level of performance. We focus on the best rated products and extensive experience to deliver comprehensive integrated Enterprise Solutions. Working with enterprise management, resource planning, service assurance, security and infrastructure monitoring, A&I helps organizations achieve their full potential by driving consistency and maximizing efficiency. Our proven methodologies, innovative best practices and deep technical experience produce better business results for our Customers. A&I has expertise across all IT environments – physical, distributed, cloud, virtual and heterogeneous platforms. We specialize in the following: CA Security Suite, CA Clarity, CA Wily – Introscope, CEM, SOI, NetQoS, Reporting – Business Objects, Crystal Reports, Actuate Reporting, Enterprise Integration.

For more information please visit http://www.anisolutions.com.

IdentityLogix and SpyLogix are either registered trademarks or trademarks of IdentityLogix in the United States and/or other countries. All other trademarks or trade names are property of the respective holder.

# # #

Attachments

©Copyright 1997-

, Vocus PRW Holdings, LLC.
Vocus, PRWeb, and Publicity Wire are trademarks or registered trademarks of Vocus, Inc. or Vocus PRW Holdings, LLC.

More Enterprise Asset Press Releases

I have previously shown you how to import users so this tutorial will show you how to import data via interface tables and set the users security groups.  You will be able to set a users security group to defaults such as EVERYONE, DEFLTREG and even MAXADMIN security group. Related Posts:Import data with Maximo Enterprise Adapter [...]
Maximo Times

Enterprise Management Associates and IBM Industry Experts to Present Free Unified Management for Security Webinar Series

Boulder, CO (PRWEB) January 19, 2012

Enterprise Management Associates (EMA), a leading IT and data management research and consulting firm, today announced it will host a complimentary Unified Management for Security Webinar series. This series, featuring EMA Managing Research Director Scott Crawford and IBM Senior Product Marketing Manager Mark Ehr, will provide a comprehensive overview of unified security and IT operations management.

“Organizations worry about the threat landscape’s unknowns, when they could go far in defending against today’s threats by better securing the known: their own environment,” says EMA’s Crawford. “A good deal of the problem for many is that their approach is more fragmented and disjointed than it needs to be. Security tools and systems management technologies are too often siloed, may not integrate well, and frequently have overlaps, even though they often perform the same functions such as software distribution and control over potentially harmful change. This complicates management and leads to exposures that are avoidable, particularly when solutions exist that could unify these silos, improve efficiencies and – most important – better protect sensitive information assets.”

Registration information for all three Webinars is as follows:

Tuesday, January 31, 2012

11:00 am Pacific / 2:00 pm Eastern

The Three Secrets of Unified Security and IT Operations Management: Part 1 of Unified Management for Security Series

In this Webinar, EMA Managing Research Director Scott Crawford and IBM Senior Product Marketing Manager Mark Ehr will illustrate how a truly unified approach can eliminate redundancies, close gaps and reduce risks, as well as reduce costs.

Thursday, February 16, 2012

11:00 am Pacific / 2:00 pm Eastern

Into Action: How Unified Security and IT Operations Management Works – Part 2 of the Unified Management for Security Series

In this Webinar, attendees will learn the specifics of what to look for in a truly unified solution that addresses both security and IT operations management.

Thursday, March 15, 2012

11:00 am Pacific / 2:00 pm Eastern

Future-proofing Endpoint Management: How a Unified Approach Prepares the Enterprise for What’s Next – Part 3 of the Unified Management for Security Series

Enterprise IT is undergoing a revolution as mobile devices and Cloud Computing re-define what “endpoint” means. In this final Webinar in the series, how a truly adaptable management platform can help enterprises best prepare for the future will be discussed.

About Enterprise Management Associates

Founded in 1996, Enterprise Management Associates (EMA) is a leading industry analyst firm that provides deep insight across the full spectrum of IT and data management technologies. EMA analysts leverage a unique combination of practical experience, insight into industry best practices, and in-depth knowledge of current and planned vendor solutions to help its clients achieve their goals. Learn more about EMA research, analysis, and consulting services for enterprise line of business users, IT professionals and IT vendors at http://www.enterprisemanagement.com or blogs.enterprisemanagement.com. You can also follow EMA on Twitter or EMA on Facebook.

###

©Copyright 1997-

, Vocus PRW Holdings, LLC.
Vocus, PRWeb, and Publicity Wire are trademarks or registered trademarks of Vocus, Inc. or Vocus PRW Holdings, LLC.

Find More Enterprise Asset Press Releases

Cyber Security: Exclusive Podcasts Discussing the $ 300bn USA ‘Big Data’ Industry and $ 32bn Governance, Risk & Compliance Market.

(PRWEB) December 15, 2011

The Enterprise Cyber Security & Information Assurance Summit is an industry leading forum bringing together leading representatives from all the major North American critical infrastructure including; telecoms, healthcare, energy, finance and defense presenting leading case studies of efforts to protect critical infrastructure and information assets. FC Business Intelligence and GICSR and working together with industry and key government agencies to develop strategies to utilize people, process & technology to optimize your governance, risk & compliance management.

The podcasts recorded with the summit’s host organization: GICSR discuss crucial topics at the moment and how they are being covered at this ground breaking meeting in April. The critical information covered in this meeting includes:

    The $ 300bn USA ‘Big Data’ industry
    The $ 1.5 billion cloud security market
    Managing the $ 32bn governance, risk & compliance

The expert interviews also cover the projects being undertaken with GICSR federal partners and some of the speaker line up at this leading event. Industry partners include: DHS, NSA, NASA, NIST, FBI, CERT DoD and many more. Many of these leading organizations including the FBI will be presenting alongside industry leaders such as BT Global, Verizon, Wells Fargo, Tyco, Sempra, Enbridge, UTC, and Raytheon.

Speaking about the conference Richard Zaluski, Executive VP, GICSR said the following:

“GICSR is proud to work, produce and host the Enterprise Cyber Security & Information Assurance Summit in collaboration with FC Business Intelligence. This project will leverage our joint ability to bring together key senior level IT Security personnel to tackle the key challenges facing North American critical enterprises.

The Enterprise Cyber Security & Information Assurance Summit will help you to:

    Develop strategies to utilize people, process & technology
    Gain a positive ROI on your security and technology investment.
    Address the key issues in the Industry and provide security, and technology-related insight necessary to make the right decisions.
    Optimize your governance, risk & compliance management

With the increasing number of regulations and threats facing information assets the time to invest in this area has never been more critical especially when considering the cost of the breakdown of one critical infrastructure could top $ 230bn.”

To access the first podcast interview with Richard Zaluski, Executive VP, GICSR simply follow this link: http://www.cybersummits.com/enterprise-cyber-security-and-data-privacy/gicsr-podcast.php

For more information about the conference please look round the conference site at: http://www.cybersummits.com/enterprise

If you have any questions, please get in touch.

Natasha Sheel

Head of Cyber Security

FC Business Intelligence

###

©Copyright 1997-

, Vocus PRW Holdings, LLC.
Vocus, PRWeb, and Publicity Wire are trademarks or registered trademarks of Vocus, Inc. or Vocus PRW Holdings, LLC.

Brivo Ensures Amneal Pharmaceuticals Maintains Security and FDA Compliance

Amneal Pharmaceuticals Manages 125 doors and nearly 1,000 staff and contractors with Brivo ACS WebService

Bethesda, Maryland (PRWEB) November 29, 2011

Brivo Systems LLC, leader in Software as a Service (SaaS) applications for security management, today announced that Amneal Pharmaceuticals has installed Brivo ACS WebService at four company locations, covering 125 doors, and managing nearly 1,000 employees and contractors.

Amneal Pharmaceuticals, LLC, is a U.S.-based firm that develops, manufactures and distributes generic pharmaceuticals regulated and approved by the U.S. FDA. Known as “Generic’s New Generation,” the company utilizes its newly expanded R&D and manufacturing capabilities to conceive breakthrough developments with lasting impact for a robust product pipeline.

“We are in the narcotics manufacturing business; security is top priority,” explained Rob Symbouras, DEA Compliance Manager and Security Manager. “We are very security minded, and we have access control and CCTV installed on top of our burglar alarm systems extensively throughout our manufacturing plants, warehouse, vaults, perimeters, and offices. Our security systems help ensure we comply with strict FDA guidelines to ensure Good Manufacturing Practices, avoid product cross contamination, and guard against sabotage and employee theft.”

Amneal began installing Brivo in 2006 and, at present, the company uses Brivo ACS WebService to manage approximately 125 doors at four facilities, with the focus on its manufacturing plants. Symbouras continued, “We have to prevent unauthorized personnel from entering manufacturing rooms as well as limit access to the specific areas of the facility based on an employee’s job description. For the vaults, where controlled substances are stored, Amneal employs three layers of security—alarm codes, access control, and requiring two people to simultaneously provide both halves of the necessary access information.”

The Amneal installation has an interesting genesis: Symbouras was working for ADT and is the person who sold the original Brivo system to the company, “I sold the system I would have wanted.” Symbouras continued, “The managed service feature is my favorite part of the Brivo system. Since we’re a 24-hour operation and I’m the main person responsible for security, I get the “emergency” phone calls regardless of the time of day or my current location. When that happens, I reach over for my iPhone and do what I need to do. Someone has been let go? Locked out? Push a button, done. All while under the covers in bed.”

“When I’m visiting family, it’s easy to just jump on any computer—doesn’t matter which browser—no VPN, just log-in and password, and I’m ready to go. Another advantage is my IT Department doesn’t need to be concerned for anything about this system —they provide a connection to the cloud and their job is done; no backups, upgrades, maintenance, no headaches.”

Amneal is in a strong growth phase. At one manufacturing plant, a 380,000-square foot addition is underway. Over the next few years, Symbouras estimates they’ll add upwards to 75 more doors to their Brivo system. Of the 950-plus people under management, Symbouras has them divided into 91 groups with different levels, schedules, and locations of access.

“A day doesn’t go by that I’m not asked to give or take away access,” Symbouras reported. “I got an email earlier today asking how many employees are allowed into a certain room. We have that information at our fingertips, and we have the capability to maintain an intricate level of who can go where, when, and know where anyone has been at any time.” Amneal has video surveillance installed anywhere the Brivo system is installed. Using the two systems in tandem Symbouras and staff use Brivo to trace someone around a building and then use the video to locate them and verify identity and activity.

Rob Symbouras is clearly a satisfied customer. “I can’t imagine with another type of system if we lost a server and had to re-create all our groups and re-organize and implement the intricate levels of access we manage. I’m very satisfied, 5 out of 5. I would recommend this system to anybody.”

For more information on the Brivo Online Access Control System, contact Brivo toll–free at 1-866-692-7486, option 1 or email sales(at)brivo(dot)com. To view a demo, visit http://www.brivo.com/demo

About Brivo Systems

Brivo Systems, LLC is a SaaS-based security management systems provider for organizations that need to protect and remotely monitor buildings and perimeter entry points. When introduced in 2001, Brivo’s Web-hosted physical access control system was a unique solution—after a decade of evolution and innovation, it still is. Brivo’s groundbreaking physical access control and video solutions empower organizations by giving administrators real-time device control, including immediate visibility of security events and video in local or remote facilities—anytime, anywhere.

The company’s innovative, secure, and open architecture-based products and services enable businesses to protect people and assets, comply with regulations, and improve business operational efficiency. These scalable systems—whether standalone or appliance-based or cloud-based—offer a solution for every type of business. Brivo’s security management products are a market-proven fit for commercial office buildings, warehouses, retail stores, manufacturing plants, and sensitive areas, such as server rooms or R&D labs, where real-time control and accountability of entry are important.

With headquarters in Bethesda, MD, Brivo is a wholly-owned subsidiary of The Duchossois Group, a privately held holding company headquartered in Elmhurst, Illinois, which also owns other industry leaders such as AMX, The Chamberlain Group, and Milestone AV Technologies.

Brivo is a wholly owned subsidiary of The Duchossois Group, a privately held holding company, headquartered in Elmhurst, Illinois, which owns AMX, The Chamberlain Group and Milestone AV Technologies. Duchossois also holds strategic interests in Churchill Downs, Inc., and a number of other diversified businesses.

For media queries:                

Bruce J. Doneff                            

Public Relations                

(201) 966-6583                 

bruce.doneff(at)brivo(dot)com            

For Brivo Systems, please contact:

Rajeev Dubey

Director, Product Management

301.664.5251

rajeev.dubey(at)brivo(dot)com

###

©Copyright 1997-

, Vocus PRW Holdings, LLC.
Vocus, PRWeb, and Publicity Wire are trademarks or registered trademarks of Vocus, Inc. or Vocus PRW Holdings, LLC.

Denim Group Expands Software Development, Mobile Application Security Assessments and Developer Training to Mobile Platforms

San Antonio, Texas (PRWEB) November 14, 2011

Denim Group, the leading secure software development company, today announced it has expanded its services to the mobile arena, now offering secure software development, mobile application security assessments and developer training to help make mobile devices a more trusted platform for business and e-Commerce. Mobile applications offer a unique challenge to security in that a single application involves dealing with native code, web services as well as complex application programming interfaces (APIs). In addition, mobile devices provide capabilities unavailable on the desktop or laptop. As a result, there are risks specific to mobile applications that are significantly different from web application environments, and must be dealt with appropriately.

“The importance of the mobile market is clear as not only have mobile device shipments soared beyond PCs, over eight billion mobile application downloads occurred in 2010 alone, and are predicted to increase exponentially, however, there are significant security concerns because mobile applications can be manipulated to reveal sensitive data if they are not built correctly,” said John Dickson, Denim Group principal. “Denim Group is offering software development, security assessments and developer training services focused on overcoming the unique challenges of the mobile platform to address those concerns and help advance development of secure mobile applications across the industry.”

Smartphones and tablet platforms have capabilities beyond that of the typical desktop because of the integration of technologies such as cameras, GPS locators, and audio recorders as well as network resource access, allowing organizations to build innovative applications that deliver unique service solutions to both customers and employees. However, these capabilities create additional security risks because as sensitive data and operations move from servers to mobile devices, there is a greater opportunity for data breaches and the exposure of other security vulnerabilities.

The issues enterprises must address when deploying custom mobile applications include protecting sensitive corporate data on devices that are prone to loss or theft. Even encrypted data on devices may be at risk because of application key handling and data storage issues. In addition, the open networks mobile devices use to communicate are often unencrypted, making that data subject to capture as well. Relying on the security of the mobile device to protect the server-side assets is a mistake many application developers make. However, network services deployed to support mobile applications without server-side protections such as authentication and authorization present attractive targets for exploitation by malicious attackers. Finally, mobile applications can be reverse engineered to reveal private client information or corporate credentials on those devices, forcing the application to unintentionally expose sensitive corporate information.

Denim Group’s new services are intended to help organizations building and deploying mobile applications for their customers and employees to proactively address these associated risks. Practices such as integrating threat modeling into the software development lifecycle can help to identify potential issues during the design stage of application development and minimize costly post-deployment remediation. Security testing for mobile applications and their server-side infrastructure is also an important check to ensure security efforts during the application’s design and development were successful.

In an additional announcement today (see Denim Group Launches Industry’s First Secure Mobile Software Development e-Learning Courses through ThreadStrong), Denim Group also announced the industry’s first e-Learning courses designed to teach developers how to secure mobile applications. Taught through its ThreadStrong Learning Management System (LMS) – compatible program, Denim Group’s training can be particularly valuable for mobile application developers who may not be versed in secure design and development practices and may also be creating applications for unfamiliar platforms with unknown security characteristics. The Overview of Mobile Application Security class familiarizes new students with the challenges specific to the mobile platform. Supplementing the introduction are two initial classes focused on Authentication and Authorization for the Android OS and the iPhone OS platforms. Denim Group will be adding additional in-depth secure mobile training classes in the next few months.

In addition to e-Learning for mobile, ThreadStrong offers a variety of secure application

programming courses that cover topics such as Secure Coding for Java and .NET applications, Threat Modeling, Software Security Remediation Basics as well as a publicly free class explaining Cross-Site Request Forgery (CSRF). Denim Group also offers public classes and instructor-led training, as well as in-house mentorship services.

Denim Group’s services are based on its experience assessing and building mobile applications for a variety of industries and its methodology uses emerging industry standards such as those defined by the Open Web Application Security Project (OWASP). These capture the major classes of vulnerabilities and weaknesses that might exist in systems incorporating mobile applications. In fact, Dan Cornell, leading technologist for Denim Group, is spearheading the platform-specific guidance section for OWASP which will produce detailed information on how to handle the security issues for specific mobile platforms. Additionally, Denim Group examines security risks and usability weaknesses that are common in a mobile computing environment, including, but not limited to the system’s application permissions model, encryption APIs and hardware-supported encryption capabilities as well as the security of network communications and data transmissions to name a few.

Denim Group has identified the likely threat agents and vulnerable components associated with specific application classes to produce a holistic structured view that enumerates possible areas of weakness. Every application is built or assessed with a dataflow diagram, a list of identified threats, detailed countermeasures for these threats, and any areas where additional security measures should be considered kept in mind. Automated source code scanning and manual source code review are used to ensure the security state of the mobile application as well as its associated services. Additionally, Denim Group performs manual security testing of the web services supporting an application. This testing simulates the activities of an attacker who would bypass the mobile application client to attack web services directly as well as attackers who could gain access to user devices in order to try and recover sensitive data stored on the device.

Denim Group’s services are designed to ensure the additional layers of security and access control needed are built into the mobile applications developed for leading mobile device smartphone and tablets including the Android, Blackberry, the Apple iOS and Windows Phone 7 operating systems. While increasing confidence in mobile business, banking, e-Commerce and data access is critical, enabling a seamless mobile application user experience is just as important to ensure corporate resources are protected from unauthorized access without any usability impact to the end user. Denim Group’s suite of services enable organizations to address security concerns for mobile applications in a proactive manner to reap the benefits of creating new and innovative applications without exposing the company’s assets to undue risk.

About Denim Group

Denim Group is the leading secure software development firm. The company builds custom large-scale software development projects across multiple platforms, languages and applications. What makes Denim Group unique is that the company brings significant core competencies in software security to the table, offering an innovative blend of secure software development, testing and training capabilities that protect a company’s biggest asset, its data. Denim Group customers span an international client base of commercial and public sector organizations across the financial services, banking, insurance, healthcare and defense industries. Its depth of experience building large-scale software development systems in a secure fashion has made the company’s leaders recognized experts in their fields. Denim Group has been recognized as one of the 5,000 Fastest Growing Company’s by Inc. Magazine several years in a row, and has won multiple awards including its recent accolades as one of the best places to work in San Antonio. For more information about Denim Group visit http://www.denimgroup.com

###

©Copyright 1997-

, Vocus PRW Holdings, LLC.
Vocus, PRWeb, and Publicity Wire are trademarks or registered trademarks of Vocus, Inc. or Vocus PRW Holdings, LLC.

Related Enterprise Asset Press Releases

Maximo products using WebShere and IBM HTTP Server are exposed to potential security exploit (PM46234) (CVE-2011-3192). This exploit allows HTTP requests using byte ranges to contain ranges larger than the size of the file being served. Performing a significant number of these requests can result in a denial of service. All customers using IBM HTTP [...]
Maximo Times

Here is an interesting post on using the signature option to hide tabs for certain security groups. 1. Sign in to Maximo as maxadmin; 2. Go to System Configuration -> Platform Configuration -> Application Designer; 3. Select the application that has the Tab that you would like to hide; 4. Click Select Action -> Add/Modify [...]
Maximo Times