This made me realize that silos can exist in companies of every size. Maybe this is why the management folks and the engineering folks at many companies do not have a good understanding of the customer deployment environments and how their products fall short, including with regard to cyber security.
On the other hand, some companies definitely are paying attention. Brivo Systems has paid extensive attention to the secure engineering of their service offerings. PlaSec has a long standing engagement with Veracode, a company that tests the security of ISV (independent software vendor) applications. Firetide includes information in their installation guide on how to harden their network. A few other companies have made similar good moves, and I’d like to hear from those who have that I didn’t mention.
One final thought: the computer and network security spotlight continues to be focused brightly on security industry products and services. When the spotlight shifts to your company, what will we see?
Ray Bernard, PSP, CHS-III is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services for public and private facilities. He is founder and publisher of The Security Minute 60-second newsletter (www.TheSecurityMinute.com). For more information Write to Ray about this column at ConvergenceQA@go-rbcs.com. Mr. Bernard is also a member of the Subject Matter Expert Faculty of the Security Executive Council (www.SecurityExecutiveCouncil.com).