11/17/2021 | News release | Distributed by Public on 11/17/2021 11:21
In the past year or so, supply chain attacks have become more prevalent than ever, making vendor security a top-of-mind concern for many organizations. Today, MSPs are in a position where they are faced with determining how secure their upstream suppliers are, in order to protect their business and downstream customers.
How does it happen? Many of these attacks are made possible due to weaknesses in software security development processes. Many applications these days are built for speed, performance and ease of use, prioritizing agility over security. Because of this, security is often an afterthought when it comes to application development, yet the application layer continues to be a soft target as evidenced by the majority of attacks targeted against it. According to a recently commissioned research report authored by the Cyentia Institute, "56% of the largest incidents of the last 5 years tie back to some form of web application security issue…" In fact, many high-profile breaches today are a direct result of the following web application attacks:
It is more clear than ever that software applications are critical to the operations of IT service providers today. The majority of applications have access to valuable data, therefore damage caused by the exploitation of an insecure web application has the potential to be enormous. Whether it's RMM or a Business Continuity solution, we cannot underestimate the importance of ensuring applications are built with security in mind.
Datto has always put security first. As part of our commitment to protecting MSPs and their customers, we set out on a mission to define the channel security gold standard for software supply chains. As such, we maintain a high level of security throughout the software development cycle and are constantly assessing and improving our application development processes to align with the highest security standards.
With supply chain security becoming more important than ever, we see application development security as a necessary and strategic component of our business and therefore have adopted the BSIMM framework to demonstrate our commitment to the channel community as a secure vendor and partner.
The Building Security In Maturity Model (BSIMM) is a study of current (point in time) software security initiatives that quantify application security (appsec) development. BSIMM helps organizations plan, implement and measure their security software initiatives. A BSIMM assessment provides an objective, point-in-time, data-driven evaluation so that developers can continuously improve the security of their applications.
BSIMM observations use a framework of 12 software security practices organized under four domains, Governance, Intelligence, SSDL Touchpoints, and Deployment, which currently embraces 122 unique activities across three levels of maturity. The Governance domain, for example, includes activities that fall under the organization, management, and measurement practices of a software security initiative.
Why did we select BSIMM and not other frameworks?
Knowing that secure application development is crucial to the overall security posture of any business, Datto committed to implementing the BSIMM software security benchmark tool and framework.
In conducting the first BSIMM assessment for Datto Remote Monitoring and Management (RMM), Datto came out with a stellar ranking, rivalling secure application processes and application development only achieved by 128 of the industry's most secure app developers used at leading IT, financial institutions and Fortune 500 enterprises.
Datto RMM Assessment Summary
Compared to the average high-water marks of all BSIMM12 participants, Datto stands above the average in Strategy & Metrics, Compliance & Policy, Training, Attack Models, Code Review, Security Testing, Penetration Testing, and Configuration Management & Vulnerability Management. Datto marks appear near the average in Standards & Requirements, and Software Environment. The results of this observation also convey that Datto's forward-looking plans and priorities are well aligned with the recommendation and guidance of BSIMM in pursuance of a well-rounded software security initiative.
"Datto is performing the single most important activity related to improving software security: it has a dedicated software security group that can get resources and drive organizational change."
This initial assessment is a proof point of Datto's continuous commitment to secure code development, and testament that Datto is the only IT vendor dedicated to the MSP community to not only attain BSIMM validation, but also achieve this level of BSIMM scoring.
Making informed decisions about security software has never been more important nor has shown to have such critical downstream consequences.
To learn more about Datto's BSIMM assessment, please contact your Datto sales representative.