Aujas US

An IDG Ventures Company

Aujas Opens New Office in California to Focus on Global Growth

Sameer Shelke, Co-founder, CTO and COO moves to US

Aujas, a global provider of information risk management services, has opened a new office in California as part of the company’s continued geographic expansion. The new office will increase Aujas’ presence in key growth markets and support its global growth strategy. The expanded U.S. presence will allow Aujas to offer its information risk management services to companies across the West Coast.

As a part of this initiative, Sameer Shelke, co-founder, COO and CTO of Aujas has moved to California to work closely with key clients in the region. His focus will be on developing and creating more focused information risk solutions to help companies globally. Sameer will also explore new areas of partnerships and business opportunities across country.

“With an increase in the need for information risk  management services globally, Aujas has been considering ways to serve, partner and engage with local communities to provide solutions. We are very confident  that with our presence in California, we will be able to open up new opportunities and strategic partnerships in the U.S.,” said Sameer.

Joining Sameer in the California office is Ms. Annmarie Papp, who recently joined Aujas as Business Development Manager. She has more than 25 years experience in sales and consulting for technology organizations, and was previously with RSA as the Senior Director of Professional Services. Annmarie has worked with companies such as Symantec Corporation, EMC Corporation, Hitachi Computer Products and has considerable experience in sales,  results-oriented sales management and business development strategies.

“We’re getting a good response from the market and have already signed up many clients on the East Coast. The new California office plus our existing presence in New Jersey will help us work with new clients and partners and establish a higher level support and commitment. We’re delighted that our efforts to expand and reach out to companies seeking help on information security are showing results,” added Karl Kispert, VP of Sales and Business Development.

In an independent survey conducted at CIO & IT Security Forum 2011, companies chose Aujas amongst the top 5 most requested information risk management service providers. With the new office and team, Aujas will be able to reach out to such companies and focus on their information security needs.

About Aujas

Aujas ( is a global Information Risk Management services company and an IDG Ventures company, part of International Data Group (IDG).  The company’s consultants work with the client’s management teams to align information risk with business initiatives, so that security becomes a business driver and competitive advantage.

Aujas helps clients manage emerging technologies – mobile devices, social media, cloud computing – that are transforming the business environment and posing increasing security challenges.

The company offers global clients:

  • Information risk advisory services
  • Secure development lifecycle services
  • Identity and access management services
  • Managed information risk services
  • Vulnerability management services
  • Mobile, social media and cloud security services

For more information about Aujas services, contact Karl Kispert at or visit

June 30, 2011 Posted by | Enterprise Security, information risk management services | , , , , | Leave a comment

Secure Software Development by Design

software securityNew innovations and complex software features are a part of the evolving world of software development. Secure software, however, is still a dream when compared to robust, usable and rich functional software, and software security issues have grown manifold.

Security is often considered complex by software development professionals, who have the misconception that it hinders software performance and usability. On the contrary, a secure system is far more robust and usable, allowing the user to utilize the system efficiently and providing one way to do an activity.

With security being given short shrift by professionals, it would require a change in attitude to move security from being viewed as a hindrance to being viewed as a benefit. Such an attitude change would bring much needed innovation to the task of mitigating software risks and vulnerabilities.

Having profound knowledge about software vulnerabilities is not needed to address the basic security risks encountered by applications. Basic vulnerabilities like the Open Web Application Security Project (OWASP) are easily mitigated by using a framework or reusable codes.

Frameworks like Java Spring, ASP .Net view state, C# cryptography and security, Hibernate etc. are reusable modules that mitigate the most commonly known risks. However, the fundamental problem is the awareness and change in focus to look at security as an enabler rather than a hindrance to usability or performance.

For example, in security the best way to generate a random number is to seed the random generator with a random value. But this method would hit the performance of the system as the seeding logic is mostly done by a file in the Unix/Linux machines and it’s not a multithreaded operation due to the file I/O. So it is essential for a developer to understand and mitigate this as a performance issue, rather than giving up and thinking that security is hindering the performance. The reason for using a random number should be evaluated with the following few questions:
• What is the purpose to use a random number? And what would happen if the random number is predictable?
• Cannot the UUID alone be used to achieve the goal?

If the random number can be predictable and we do not have an issue with it, then seed it once and not each time. If the random number must be unpredictable, then UUID is not a good idea. It would be better to create a simple random and encrypt the random with a secret key. The key will ensure that a performance bottleneck is avoided while still creating a random number that is not predictable unless someone knows both the seed and the secret key, which is not likely.

Every problem we encounter today is unique for each company, though the solutions remain same. The final implementation and design should be owned by the development team. In access controls, the role-based access control (RBAC) model is considered as one of the best, but still we see software engineers re-engineering and reinventing the cycle. The same software engineers do not reinvent Hybernate or Linq. Here again, an attitude change would help mitigate these issues, and awareness of designs and frameworks would eliminate basic security issues.

It’s time we wake up with a new attitude towards security. Awareness, Attitude and Innovations are essential to drive security within organizations. Statistical tools will aid in detecting language level vulnerabilities and misuse of methods and functions. It is high time that requirements, architecture and design are influenced by security performance and usability.

June 21, 2011 Posted by | Secure code development | , | Leave a comment

Aujas among the Most-Requested Information Risk / IT Security Firms at 2011 CIO & IT Security Forum

For Immediate Release

Jersey City, New Jersey, USA – Senior IT decision makers knew who they wanted to talk to at the May 24-26, 2011 CIO & IT Security Forum – and they wanted to talk to Aujas. The global information risk management company was among the top five most requested suppliers at the Jacksonville, FL, forum. Sameer Shelke, Aujas cofounder and Chief Operations and Technology Officer, and Karl Kispert, Vice President of Sales and Business Development, met one-on-one with close to 50 Chief Information Security Officers (CISOs) and Chief Information Officers (CIOs) who specifically requested a meeting with Aujas.

“The forum gave us the opportunity to meet with IT security executives and discuss the security issues that were keeping them up at night,” says Karl Kispert. “Phishing and application security are critical issues, and we were able to share with the execs how Aujas can help them manage risk in these areas as well as others.”

The forum, hosted by Richmond Events, is invitation-only for 100 senior IT executives with budget authority. It offers a unique experience for these individuals to get together, debate the big issues and explore collaborative opportunities. “From our perspective, the forum gave us the opportunity to meet and develop relationships with those we are most able to help,” says Kispert.

About Aujas
Aujas is a global Information Risk Management services company and an IDG Ventures funded company. It is headquartered in Bangalore, India, with its US headquarters in Jersey City, New Jersey.

Aujas consultants work with the client’s management teams to align information risk with business initiatives, so that security becomes a business driver and competitive advantage. The firm helps clients manage emerging technologies – mobile devices, social media, cloud computing – that are transforming the business environment and posing increasing security challenges.

Aujas offer global clients:
• Information Risk advisory services
• Secure Development Life-cycle services
• Identity and Access Management services
• Managed Information Risk services
• Vulnerability Management services
• Mobile, social media and cloud security services
For more information about Aujas services, contact Karl Kispert at or visit

June 20, 2011 Posted by | Enterprise Security, IT security, Phishing, Risk management, Secure code development | , , , , | 1 Comment