In a week that has seen a number of new releases on the GRC front, IBM has decided that the best way to deal with security is to build it into applications at the blueprint stage. Social media content is also being vetted for unstructured content that could end you up in e-Discovery hot water.

IBM’s Approach To Security

Maybe you thought building security into application design was a no-brainer, but if IBM’s (news, site) recent announcement is anything to go by it's not. Big Blue has just introduced software and services that will help organizations build security into their applications as they are being developed rather than as an afterthought.

Aimed at cutting risk -- and costs -- the new products include:

  • Access Management: Software for access to servers, applications and environments across service delivery platforms, including cloud computing.
  • Security Testing: Software that enables businesses to automatically test and identify potential security and compliance risks.
  • Source Code Assessment Services: Services that assess application security and identify vulnerabilities.
  • Engineering Framework: A blueprint for building and deploying secure software.

IBM says the new products are the result of a changing focus from securing assets to securing critical services. Called Secure By Design, the new initiative will build security into the services companies deliver.

Are You MAD Yet ?

If you’re not MAD yet then maybe you should be. Mobile Active Defense (M.A.D.) is announcing the first total Enterprise-class UTM security solution to provide BlackBerry level security for iPhones, iPads and other smartphones.

Smartphone non-compliance by employees means security non-compliance, the company says, and enforcing security policy across the enterprise is a requirement for audit, compliance and risk management.

The particular problem is that rogue iPhones, iPads and other smartphones are accessing enterprise networks with no thought for security or the ramifications of non-compliance.

A clean and streamlined user interface allows MAD UTM administrators to quickly configure the desired security profiles for smartphone employees that are highly granulated, allowing the Enterprise the level of control they choose to remain compliant.

SOA Takes Governance To The Clouds

SOA Software, a cloud services governance provider has upgraded its flagship Service Manager product to version 6.0, providing advanced virtualization, management, security and monitoring.

With it, users can share services between commercial SOA platforms like IBM WebSphere, Microsoft, SAP and Oracle, as well as Red Hat and other open source providers.

It does this by providing comprehensive standards-based security, routing, mediation, monitoring and management. Features include:

  • Policy-based Mediation for integration with multiple platforms
  • Extensible binding framework
  • Security Federation
  • OSGi-based architecture

Service Manager 6.0 enforces and implements policies through advanced service virtualization, allowing  enterprise service federation with SOA platforms


A new on-demand cloud-based pay-as-you-go GRC solution that would sit very well with SMBs, according to its developer California-based eGestalt, has just been made available in the US subject to patent.

Designed to help companies meet GRC requirements, it provides an combined security monitoring and IT-GRC solution that automates and integrates policy controls in a ready-to-use framework and includes context-based inference engines, alert processing, logging and monitoring. Features include:

  • Advanced business risk management -- by unifying risks through non-compliance and effective security monitoring
  • Customizable to enterprise-specific needs with built-in support for regulatory frameworks

In effect, what it does is to provide the aggregation of enterprise information so that a company can see, in near real-time, what its overall profile is and enables it to identify and focus on mitigating enterprise-wide issues.

Vetting Social Media Content

Social media is always going to provide e-Discovery problems, not least of which is identifying information that may be used in future cases. In order to help enterprises do that, Applied Discovery, which specializes in e-Discovery for law firms, has opened a new electronic discovery consulting service to help companies assess their social media risk.

This new Social Media–Assessment, Risks and Techniques (SM-ART) service is delivered in partnership with digital forensics leader Sensei Enterprises and provides clients with the understanding and expertise necessary to understand the nature of unstructured data generated from leading social media platforms.

The service enables clients to efficiently maximize their e-discovery capabilities from data identification to discovery production without having to increase the number of consultants or providers they hire.

Apart from the cost saving element, as Facebook now surpasses Google in terms of website visits, the amount of information that might trip a company up has grown proportionally.