Secure Product Deployment: A Team Sport

Year after year, studies such as the Verizon Data Breach Investigation Report show software vulnerabilities and misconfiguration among the main data breach causes. BatonAt EMC, we operate under the assumption that securing a product in a customer environment is a team sport between the product vendor and the customer deploying the product. The vendor plays a greater role upstream with a focus on adopting secure development practices and in properly handling and responding to vulnerabilities reported on the product. The customer takes the baton from the vendor and plays a larger role downstream by taking the necessary steps to securely deploy and maintain the product.

Having a baton to pass from the vendor to the customer is critical to facilitate the secure deployment of a product. For our products, the baton takes the shape of a security configuration guide. It is a document required by EMC’s Security Development Lifecycle for each product that centralizes in a single guide all information required to change and optimize the security settings of the products. If you are an EMC customer, you can find this information on our support website’s security configuration guide page.

I am also glad to announce that if you are attending EMC World starting on May 6th in Las Vegas, there will be several security sessions on security including one by Matt Coles from the Product Security Office on “How EMC Enables You to Secure Your Storage Infrastructure” which will explore guidelines for managing VMAX and VNX products securely. Make sure you attend!

About the Author: Eric Baize

Throughout his career, Eric Baize has been passionate about building security and privacy into systems and technology from design to deployment. He currently leads Dell EMC’s Product Security Office and serves as Chairman of SAFECode, an industry-led non-profit organization dedicated to advancing software and supply chain security best practices. At Dell EMC, Eric leads the team that sets the standards and practices for all aspects of product security for the product portfolio: Vulnerability response, secure development, consistent security architecture, and code integrity. Eric joined Dell through its combination with EMC where he built EMC’s highly successful product security program from the ground up and was a founding member of the leadership team that drove EMC’s acquisition of RSA Security in 2006. He later led RSA’s strategy for cloud and virtualization. Prior to joining EMC in 2002, Eric held various positions for Groupe Bull in Europe and in the US. Eric has been a member of the SAFECode Board of Directors since the organization was founded in 2007 and also serves on the BSIMM Board of Advisors. He holds multiple U.S. patents, has authored international security standards, is a regular speaker at industry conferences and has been quoted in leading print and online news media. Eric holds a Masters of Engineering degree in Computer Science from Ecole Nationale Supérieure des Télécommunications de Bretagne, France and is a Certified Information Security Manager. Follow Eric Baize on Twitter: @ericbaize