Distinguish DocuSign by obtaining ISO 27001 certification from the prestigious BSI Group  for the purpose of establishing, implementing, and maintaining an information security management system (ISMS) across all active DocuSign premises.  This served to increase customer confidence and sales while continuously driving and improving security management, processes, and methodologies across the entire corporate business and cloud-based electronic signature service.

Given eCollege’s always on SaaS platform and the critical importance of securing customer data, eCollege invested in building out a programmatic and comprehensive approach to application layer. eCollege has taken a defense in depth approach to the application layer focusing on Web Application Firewall, dynamic scanning technologies, vulnerability assessments and manual penetration testing.  Additionally, eCollege is integrating and automating application security early into the Software Development Lifecycle to find and remediate security vulnerabilities early in the development process.  Combined with security awareness and secure coding sessions this program has improved the security posture of the organization.

Even the more secure organizations are highly exposed to hackers. Khosla Ventures agreed to permit a complete Presponse Security Health Check on its organization and publish the results to the public to demonstrate how companies are vulnerable to social, cyber and physical threats today.  For a $2.5Billion and high intellectual property organization, security is paramount to its survival and success.  Cylance, Inc. performed the security assessment and found that even with greater than average security infrastructure, the door to the organization was wide open – literally!

Over the past 12 months Rimini Street implemented and certified its Information Security Management System against the ISO 27001 standard. ISO 27001 is a standard that guarantees that effective information Security controls are in place to prevent and defend the company and its clients against information security incidents. It also ensures that 133 implemented security controls continue to meet security needs on an ongoing basis. This certification provides the assurance and confidence that our clients and business partners require when entrusting their systems and data to Rimini Street.

Deploy an encryption solution to all endpoint devices including laptops, desktops and tablets, to protect against the loss of confidential information in the event of a lost or stolen device. Phase II of the project also enabled encryption on the USB ports of these devices.  Any data copied off a device onto a USB or external media drive would require encryption. Provide a FIPS 140-2 certified centrally managed encryption solution that would prevent reportable breaches of PHI and regulated data.

As the number of Union Bank employees using iOS, Android and other devices increased, so did the challenge to provide secure access to email and business applications on non-RIM devices. After searching for a solution that supported the devices that Union Bank employees were demanding, Union Bank’s IT department selected Good for Enterprise and deployed it to over 3,800 employees. To increase mobile collaboration, the bank decided to use Good Dynamics; when used with Good for Enterprise, Good Dynamics allowed users to access, edit and distribute email attachments and files securely, creating an end-to-end mobile workflow.

Website attacks are not slowing down and are becoming increasingly more complex.  While code may have been secure at the time of production implementation, different ways of looking at source code and discovery of new vulnerabilities makes the security posture of web applications a truly moving target.

The Web Application Security Automation project was put together to identify web application defects and vulnerabilities in a manner that ensures mutual accountability between YP’s Development and Information Security teams without the overhead of manual remediation tracking.  While the discovery of defects and vulnerabilities is common practice, monitoring development updates and vulnerability tracking is very time intensive often resulting in lack of accountability or observations simply falling through the cracks.

With a look toward automated discovery, remediation, and tracking, YP implemented an automated external scanning service (WhiteHat) with integration into the existing internal JIRA ticketing system.  This integration proved to be one of our most significant force multipliers, freeing Information Security resources while motivating Developers to address application risks through a process that connects them to Application Security experts and monitors their remediation progress that prevents ticket closure without proper remediation.  Information Security transitioned from an enforcement role to a monitoring role, freeing critical personnel resources for other engineering projects.