Security infrastructure is another one of those ever-changing categories. What looked like infrastructure a few years ago is, for the most part, long gone. In its place is the perimeterless network, the cloud and a plethora of mobile devices. Added to that, mobile devices can be company- or employee-provided. The era of bring-your-own-device (BYOD) was upon us before we knew it and organizations that would no more allow employees to bring their own computers to work than open the network to the outside world now have done both.
Computers around the globe – some company-owned, some employee-owned and some owned by people who are not under control of the organization's policies – now seek to access organizational resources and the organization, in the name of business drivers, not only permits access, it goes out of its way to make access easy. That's a big challenge for any security infrastructure but our Innovators this year have stepped up to the task.
There are a lot of ways to achieve a secure infrastructure – some better and some worse – and our three Innovators in this group have taken very creative approaches that raise the bar. Also, they are very different in which parts of the infrastructure they support. One focuses on mobile devices, one focuses on the integration of business enterprises and control system networks and one is in the governance, risk and compliance (GRC) space.
Last year the theme of this section was GRC, and while we must not ignore the real importance of that, we now have some new areas of concern. Not only do we have the GRC model and the BYOD challenge, we have been mixing control systems such as SCADA with our corporate enterprises for several years. This poses a significant risk to the critical infrastructure and, finally, we see a serious and innovative approach to protecting both environments.
All of that said, we are nowhere near what may emerge as a final definition of what a security infrastructure should look like. The landscape shifts way too fast to settle on any single solution to the problem. But, given the creative approaches we are beginning to see – especially in this group – we are betting that we'll continue to get closer.
We welcome Modulo back this year. Modulo holds down our spot for GRC and it does that very well. With a large number of supported devices, an approach that applies a capability maturity model and a large collection of knowledge bases, Modulo defines GRC for many types of organizations. This year, Modulo continued its evolution with the introduction of the concept of a digital risk officer that combines the attributes of the CSO/CIO/CISO and the chief privacy officer.
Flagship product: Modulo Risk Manager
Cost: Depends on configuration.Innovation: Developing and supporting the concept of a digital risk officer.
Greatest strength: Forward-seeing and the ability to think beyond simple digital GRC to the overall concept of risk management regardless of the environment.
This new approach seems to us to be right on target given the complex nature of risk in today's organizations. Not all risk is strictly digital. Digital risk must comingle with physical, legal and privacy concerns. It makes a lot of sense to bring all of these under a single person. However, that person is seriously challenged by the general absence of robust tools that take all forms of risk into account, collect digital data in near real time and apply a wide variety of policies to discern possible risk issues.
Because today's organizations are complex – with the accompanying risk complexity – Modulo addresses the issue on multiple levels. Of course there is traditional GRC, and Modulo is well-experienced in that area. But additionally, there are the issues of social media, mobile devices, intelligence feeds, work flow management and incident management, just to scratch the surface. The use of an integration and reporting architecture brings all of the digital and non-digital pieces together so that the risk officer can see how these various areas impact each other. It's slick, effective and covers the bases.
Taking a quick look at the numbers, Modulo has really grown since last year. There now are more than 400 knowledge bases, 27,000 individual controls and 180 different frameworks available out of the box. Eighteen separate modules are supported by the platform – Modulo is platform-based for flexibility and performance – and along with digital support, physical and operational risk also are supported. All-in-all, it's a strong package and shows a depth of industry understanding and response that we find refreshing. If Modulo keeps up its winning ways we expect to welcome it into the Hall of Fame next year.
Vendor: Good Technology
Flagship product: Good Work
Cost: Starts at $5 per user per month.
Innovation: BYOD security and connectivity.
Greatest strength: Strong encryption that's easy to use and integrates seamlessly.
Good Technology caught our eyes for its fantastic mobile security solutions known as ‘Good Work,' a full suite of enterprise-grade security solutions designed to keep security at the forefront of the BYOD era. Even though the company is 16 years old, it launched its high security environment for mobile devices in 2009. Christy Wyatt has been leading that charge since she became CEO in January 2013.
BYOD is the way of the future and, for many organizations, the future is now. More companies are realizing that people tend to work better with the tools with which they are already comfortable. This, of course, can present a nightmare scenario for IT. How do you secure data on a user's own device? How do you secure that data while not being intrusive? Moreover, how do you increase the level of availability of information while not risking losing it? Good Work has stepped in to fill that void. It is one of the most complete suites we have seen in a long time. It allows for email, business events, contacts, messaging and the use of personal data, encrypted, in many apps that employ good security. The tool will secure apps with something the company calls containerization. Something the user does not notice, but in the background, Good Technology is encrypting the data at rest, on the network, and even between apps.
The suite focuses on security so users don't have to. This is what the company dubs Good Dynamics. The idea behind Good Dynamics is ease of use and enabling clients to use their devices without limiting them. It also provides enterprise availability, security and allows users to feel safe about what they are doing with their devices.
Good Technology also offers strong cloud ties to allow for powerful centralized controls and instant access to corporate data, securely and seamlessly. The industry-leading connectability, usefulness and ease of use make Good Technology an Innovator. – Ben Jones, SC Labs review team
If ever there was a time for Tempered Networks it is now. As we look at various attacks and malware that impact control systems, such as SCADA, we can't help but recognize that these critical infrastructure components are way to accessible on current network infrastructures. In days past, these networks were completely isolated from the corporate enterprise, but that no longer is the case.
Vendor: Tempered Networks
Flagship product: Conductor, HIPswitch, SimpleConnect
Cost: Starts at $9,995.
Innovation: Marriage of industrial control networks with business enterprises, safely, securely and efficiently.
Greatest strength: This company is pure vision. They see the problem and the solution. Then they implement in an elegant easy-to-manage manner.
Largely driven by convenience and cost, control systems now touch the business enterprise and, through it, the internet. Tempered Networks addresses this problem through a unique approach to network architecture coupled with products that enable separation where it is necessary and connectivity where it is needed. It does all of this safely and protects the control systems from encroachment by the business enterprise or the internet.
The product piece of the Tempered Networks offering includes the SimpleConnect management Platform (SCMP) and the Industrial Security Appliances (ISAs). The idea is that the architecture can be thought of as "networks as a service." Tempered calls them“overlay networks." The idea is that some things that should be managed by IT – such as authentication, asset management, change management and logging – still are. Those things, from the perspective of the operational groups, always are present by default, and folks who are not engaged in IT duties don't have to worry about them. Administration of the industrial network is delegated to those who need to manage it and the corporate enterprise is managed by IT. Simplicity of operation while paying homage to security and performance is the key.
To get the system up and running in an industrial environment is another challenge that Tempered Networks meets admirably. For the first time, perimeter VLANs can be applied securely to an industrial environment as well as a business enterprise. Network communications explicitly dictate which devices can communicate with each other and how that communication will occur.
This young company was born out of a long history of the founders' experience in large aerospace companies. The experience, research and complete understanding of both industrial and business networks shows in its approach to solving a very difficult problem.