Year after year, studies such as the Verizon Data Breach Investigation Report show software vulnerabilities and misconfiguration among the main data breach causes. At EMC, we operate under the assumption that securing a product in a customer environment is a team sport between the product vendor and the customer deploying the product. The vendor plays a greater role upstream with a focus on adopting secure development practices and in properly handling and responding to vulnerabilities reported on the product. The customer takes the baton from the vendor and plays a larger role downstream by taking the necessary steps to securely deploy and maintain the product.
Having a baton to pass from the vendor to the customer is critical to facilitate the secure deployment of a product. For our products, the baton takes the shape of a security configuration guide. It is a document required by EMC’s Security Development Lifecycle for each product that centralizes in a single guide all information required to change and optimize the security settings of the products. If you are an EMC customer, you can find this information on our support website’s security configuration guide page.
I am also glad to announce that if you are attending EMC World starting on May 6th in Las Vegas, there will be several security sessions on security including one by Matt Coles from the Product Security Office on “How EMC Enables You to Secure Your Storage Infrastructure” which will explore guidelines for managing VMAX and VNX products securely. Make sure you attend!