In 2015, Ion Channel’s founding team was challenged to solve a critical problem for large government entities running thousands of software applications, all bottlenecked by a static, discontinuous, months-long security approval process. By the time software was approved for deployment, new vulnerabilities had emerged. Our customers needed a way to continuously monitor software through its life cycle, to automate governance of software coming in and to automatically take action – such as stopping a build and alerting security personnel – when new vulnerabilities were discovered. The mission was to secure and assure agile DevOps for customers with a heightened security posture.
This is not just a security problem – it is also a human resource problem. It is not possible to continuously secure a 21st century codebase with humans in the loop. Effective risk management of software coming into an organization must be automated at speed and scale, and must accelerate the deployment of new capabilities, not slow it down.
This isn’t just a challenge for three-letter agencies. Commercial enterprises see the application attack surface expanding by billions of lines of code – and millions of new dependencies and vulnerabilities – each year, with no way to keep up using traditional approaches. Multiple programming languages and their software ecosystems have become core capabilities. Even companies with the money to hire squadrons of security engineers can’t fill their open reqs. CISOs face escalating requirements. Existing staff are stretched thin, and the drumbeat of market pressure gets louder with each passing month.
Ion Channel is solving these problems for some of the toughest customers in the world. In 2017, capabilities originally developed for the intelligence community have become commercially available. Ion Channel’s continuous automated security prevents vulnerable code from moving into your organization and applies governance and compliance criteria to software as it is built. Automated actions – such as stop the build and send an alert – occur based upon customer-defined rules.
Ion Channel has a clear and compelling ROI. The ability to address vulnerabilities earlier in development speeds time to market. Instant awareness of new risky dependencies rolling into approved applications allows engineering leads to deliberately migrate away from risky components within planned sprints, instead of battling technical debt in a fire drill. Automated compliance records allow you to confidently represent your software infrastructure to regulators, customers, executive management and cyber insurers because auditable evidence of code provenance and integrity can be generated in seconds.
With security baked into the development workflow, you have a more robust and resilient infrastructure with far less human effort. You can move beyond the firehose of threat intelligence to operationalize security and close the loop, at speed and scale.
For more information about how Ion Channel has reduced software supply chain and third-party risk while accelerating security reviews by an order of magnitude, e-mail firstname.lastname@example.org