We are extremely pleased with your work. We have been under a lot of scanning scrutiny the past year and no one brought up that these confidential documents were exposed to the public. It's pretty incredible. I see you guys ARE passionate about this (network security assessments)."

Fortune 100 Company

Healthcare - HIPAA/HITECH Banking and Finance - FFIEC/GLBA Retail and eCommerce - PCI Energy - NERC

Technology

Request more information

Call us at 1-800-721-9177

Chat (we're super friendly) Email us Read our blog

Enterprise-Wide Virtualization Technology

The technology industry is a diverse marketplace for security services. Hardware manufacturers, software developers and service providers may have very different security needs and requirements. Many technology companies have thousands of customers using their products or services, and need to ensure that the product itself does not contain security vulnerabilities that could be exploited. Other tech firms are focused on the security of their internal infrastructure to protect against data leakage or pirating of confidential technical and financial data.

What You Need to Do	How Redspin Can Help
You've never performed internal testing before or perhaps you are new to the organization and need help prioritizing high risk issues. You have multiple types of sensitive information to protect: employee personal information, financials, intellectual property, etc. You need to establish a baseline and a develop a practical plan for the future.	Technical Internal Security Assessment
Your business relies exclusively on the security of your virtualized environment. You have recently deployed or significantly changed your virtualized infrastructure and documented policies and procedures are still in development. You are looking for guidance on what best practices should be implemented in your environment.	Virtualization Internal Security Assessment
You want to simulate a real-world attack on Internet-accessible critical infrastructure and understand the level of risk that exists at this exact moment. You are looking for a manual testing approach to complement your existing automated scanning processes to better identify and validate all security vulnerabilities and their impact to your environment.	External Network Security Assessment
Your web application stores sensitive information that, if breached, would significantly damage your business. Time-to-market deadlines, multi-location developers, and limited resources may have resulted in insufficient security testing during the development lifecycle. Your web application has just gone live and you need to know for sure it is safe from malicious attackers on the Internet.	Web Application Security Assessment
Employees are the weakest link. How do you make them the strongest link? Periodic testing has shown to significantly improve employee information security awareness and reduce the risk of sensitive data compromise.	Social Engineering Security Assessment

Technology companies have also been among the first industries to deploy enterprise-wide virtualization. By distributing internal computing services and resources while centralizing IT administrative tasks, these companies have improved scalability, balanced workloads and ultimately lowered costs. From a network security standpoint, virtualization presents new challenges as the execution of software tasks can be completely or partially separated from the underlying hardware. Redspin's virtualization service is specifically designed to test company's policies and controls in the context of this environment.

An even further evolution of virtualization is cloud computing. In this model, companies utilize a third-party service provider's global infrastructure to optimize computing tasks, distribute data storage, improve response times, and take advantage of built-in redundancies. Typically, these deployments are implemented under service level agreements (SLA's) with quality of service (QoS) guarantees.

Major cloud service providers include Amazon, Google, Microsoft, Rackspace Cloud, and Salesforce.com. Although gaining in popularity, concern over security issues continues to constrain wider adoption of cloud computing. The most important issues cited are: poor configuration or bugs in the cloud service software; the theft of information by hackers; employees negligent with confidential information.

As yet, the technology industry is unregulated by the Federal government in terms of security compliance. However this may change in the near future. In a recent Department of Homeland Security's (DHS) initiative, the agency sets out the goal of improving cyber security as a matter of national interest. The government's proposal included a provision to penalize "certain" IT firms and high technology companies $100,000 per day unless they comply with strict directives imposed by DHS. Non-compliant companies that were deemed "critical to the national interest" could include web hosting companies, ISP's, broadband providers, software companies and even search engines.

Redspin is well-prepared to meet the diverse needs of technology companies and have some of the largest tech firms in the world as clients. We have also proven our ability to react quickly to new legislative compliance issues, no matter what the industry.