Modernizing Your IT Operations with a Secure Foundation
This is the first of a four-part security blog series covering why ScienceLogic is listed in the DoDIN APL catalog, what this means for monitoring critical IT infrastructure, and why APL certification is relevant for all organizations. Part one is all about trust and transparency—foundations for a secure platform.
Security is a fundamental tenet for any organization that develops technologies for deployment in today’s enterprises. It’s not enough to have a good idea and to build an appliance, create a service or application, or write code that manifests that idea for customers that find it worthwhile. The product must be hardened against the many threats that a customer faces while conducting business in the digital age.
But how can a technology vendor demonstrate to its customers and to the market at large that it has taken the necessary pains to make security integral to the products it has to offer? A recent article in Security magazine asserts that, “Transparency is a cornerstone of security assurance and should be a core value among more organizations across the technology ecosystem.”
The article goes on to suggest five areas for establishing the kind of transparency that builds trust in a brand and its product portfolio:
- Security Development Lifecycle—following known development policies and processes that are proven to support secure design and operation;
- Compute Lifecycle Assurance—supporting a product from purchase to retirement with ongoing communication, updates and patching, and end-of-life transition;
- Proactive Investment in Security Research—ongoing testing, updating, and patching to make certain that the product is protected against emerging threats;
- Community Support and Policy Advocacy—participation in forums, associations, and communities that advance security awareness and understanding.; and
- Public Security Reporting—public disclosure of internally and externally identified threats.
Maintaining Security Vigilance
ScienceLogic has always operated with this approach. From the beginning we took our commitment to the security development lifecycle and our role in the security of our customers seriously. Although not a security tool, the ScienceLogic SL1 platform, is engineered with an understanding of both the role proper IT management plays in maintaining a secure infrastructure, and to ensure that our products are not a weak link in the security chain.
Investing in the assurances that come with compliance to stringent standards of security, such as those required by the United States Department of Defense (DoD) for integration in the DoD Information Network (DoDIN), represent our dedication to proactive investment in security research. Some of the world’s most closely held secrets are stored, processed, and flow within the systems and circuits of the DoDIN. To be approved for purchase and acquisition by the DoD means you are part of a small community of vendors trusted with that grave responsibility. Meeting the DoD’s high standards offers assurances to all enterprises that a product can be trusted with their most precious data.
A Legacy of Commitment & Trust
Of course, transparency is a big part of our commitment to the communities we serve. That is why ScienceLogic maintains the ScienceLogic Trust Center as a resource for our customers, partners, and others who need to know what we have done to meet the highest standards for security in our industry.
The hardening of any technology product or service, from the core to the edge, is a difficult undertaking. It requires rigorous testing not only for internal development, but across the entire supply chain of what it takes to make a technology product—and especially a SaaS offering—for today’s security conscious organizations. Our Trust Center details and documents these processes, compliances, certifications, and other aspects relevant to maintaining a secure network. This information is freely available to anyone who visits the Trust Center; and for our customers and partners, there is also a simple means for requesting additional collateral that is confidential to them.
Security is a fundamental value to ScienceLogic. All security is baked into every component of SL1 whether it’s:
- Seeing or monitoring and gathering data using SL1 agentless or agent-based collection techniques; or consolidating operations across multiple SL1 deployments using the Global Manager;
- Contextualizing or making sense of data using AI/ML-driven Behavioral Correlation within the core SL1 platform;
- Acting or using SL1 PowerFlow to integrate with and automate workflows across your IT ecosystem.
And all these components are validated against DoDIN’s standards. Our Security and Trust Center allows customers to see our continuing commitment to and investments in security, so they can act based on that information.
And because part of our transparency includes building to the highest standards of security, over the next few weeks we’ll post a series of blogs that describe our enduring commitment to the DoDIN. That includes a discussion about what the DoDIN is; what the DoDIN APL listing means for ScienceLogic, our customers and partners; and reveals a brief look at what it takes to be approved for the DoDIN APL.
We believe this demonstrates our commitment to security and to our community. Of course, in the interest of transparency, we encourage you to visit the ScienceLogic Trust Center, or contact us directly with any questions you might have about the SL1 platform.