This is a guest post written and contributed by Ed Bellis, co-founder and CEO of HoneyApps, Inc., a Rackspace Cloud Tools Partner. Risk I/O consolidates all of your security, vulnerability information, reporting and management into a single place.
Security applications are often used to monitor a company’s network, applications and servers: they detect and send alerts of vulnerabilities when they are present, allowing for reaction and maintenance of IT security. But the sheer number of security applications needed is immense and managing these applications is difficult and time-consuming. Think about the number of vulnerability scanning solutions a company needs to use–from applications, networks, servers, and databases–to keep its data secure. It’s really difficult to get a complete picture of the state of your security when you’re using many different tools, which are only loosely connected.
The Spreadsheet Problem
While serving as the CISO for a large e-commerce company, I began to run into a data management nightmare within our vulnerability management program. We had taken a “best of breed” approach when selecting various tools to assess our applications, networks, servers and databases, and had other sources of vulnerability data These vulnerability sources introduced many complexities such as describing and scoring vulnerabilities differently, as well as overlapping coverage of the same vulnerabilities multiple times.
In short, our team was in the midst of spreadsheet hell.
The security team often spent weeks and months on vulnerability management, manually correlating, sorting, and ranking our security vulnerabilities via a mess of Excel spreadsheets. This made the “window of exposure” very LONG, decreasing our security as a result. We still then had to get the data into the appropriate teams’ hands in order to fix the underlying issues and defects through bug tracking and patch deploying, which added more manual labor and workflow.
To resolve these problems, I went to the marketplace to see what was available for purchase. To my surprise I found NOTHING. Next up, I sought out my peers at other companies to see how they were handling this only to hear them complain about the same “spreadsheet hell” we were in.
That was enough for me. At that point I reached out to some friends to brainstorm on how to fix this serious problem plaguing many organizations. From those conversations, a new product was born; founded by myself and Jeff Heuer.
The whole idea behind this product was to plug into the vulnerability scanners and the remediation management tools already in use and allow for the easy management of vulnerabilities. This saved hours of work by automating the process; large and complicated spreadsheets were replaced by a clean and insightful dashboard.
Now it’s time to take our product to the next level by bringing these security tools and resources into a single application with an easy-to-use interface. Our product becomes a complete vulnerability management solution for your cloud. This is what our Risk I/O SaaS delivers.
Security is a growing concern when companies move to the cloud. Our objective is to give you more control over and insight into your data security, so you are able to detect and react to vulnerability risks even quicker. With Risk I/O, you have a complete vulnerability management solution.
The wave of moving applications to the cloud is just getting started. It is popular for everything from CRM, storage, document management, and much more. This is why Risk I/O is so excited to be joining the Rackspace Cloud Tools program. Cloud security management is going to become more and more important over the coming years and Risk I/O will be there to help.
Interested in our full enterprise plan? Click here to test drive our product.
Have questions? Join us for a live webinar:
When: August 16, 2011 @ 2PM CDT
Topic: Reinventing Vulnerability Management
Cameron Nouri, from the Rackspace Business Development team, is your connection to the Rackspace Cloud Tools Partner Ecosystem. If you have developed solutions or services that makes life easier for people to take advantage of the cloud he would like to talk to you! You can contact Cameron any time to learn more about this unique program and the benefits for your business.