Eating your own dog food - how a Security Software company uses Security

Thursday, February 04, 2010

Larry Ketchersid


Remember the gentleman in the commercial for Hair Club for men who said “I'm not only the President, but I'm a customer”? While there are days when the hair club tempts me, it is security solutions that my company, Media Sourcery, provides. And, like many of Infosec Island's members, the information, data and documents that we exchange with our customers are proprietary, confidential and, in many cases, time critical.

As an example, we have a current partnership with Geo ComputingGroup (GCG), a product and services group based in Houston, Texas, specializing in supporting the exploration and production computing environments in the energy sector.  We are combining our Secure Replicator solution (our automated event-and-trigger version of the technology that makes up IslandPKI) with GCG's Automated Deployment System (which is a dynamic template based system for deploying operating system builds, updates and applications).

Similar to security assessments, network architecture designs and other projects, a development project, such as this one involves the exchange of confidential data, including in this case, intellectual property designs, requirements documents, test plans, code fragments and roadmaps.

We could have chose to exchange these documents over email, or printed them out and sent them next day parcel post.

Instead, we “ate our own dogfood” and utilized IslandPKI. This gave us and our partners several advantages and efficiencies:

  • the timeliness of email, with notification of new content; (the notifications aided our workflow allowing the requirements, design and development process to proceed apace)
  • encrypted content; (no loss of IP, protected by our built-in PKI system);
  • digital signing; (for non-repudiation);
  • tracking;
  • confirmation of receipt;
  • little to no training for our partners; (so the bringing new members to the team did not impede the process).

In addition to the confidential data exchanged, we utilized IslandPKI for more mundane documents as well. By sending quotes and invoices (both direct and resale) this way, we had a timestamped audit trail of send and receipt. Unlike some companies, we had an auditable trail and no disagreement on timing, and days outstanding.

Possibly Related Articles:
Cloud Security General Privacy Webappsec->General
PKI Privacy
Post Rating I Like this!
Anthony M. Freed I have been using IslandPKI for a few months now, and it blows SSL based encryption out of the water - there is no comparison.

Island PKI encrypts the data at rest and in motion, for maximum security.

SSL only encrypts the transmission - so if the message is intercepted and compromised, the data is no longer protected.

With the data fully encrypted, the transmission does not have to be secure, allowing me to safely work and communicate from anywhere, with any machine.

I can't wait for the encrypted storage option the Island will be releasing soon - then all of my important docs can be stored or backed up in one secure location I can access safely from anywhere.

Thanks Infosec Island and Media Sourcery!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.