Aujas US

An IDG Ventures Company

Aujas Opens New Office in California to Focus on Global Growth

Sameer Shelke, Co-founder, CTO and COO moves to US

Aujas, a global provider of information risk management services, has opened a new office in California as part of the company’s continued geographic expansion. The new office will increase Aujas’ presence in key growth markets and support its global growth strategy. The expanded U.S. presence will allow Aujas to offer its information risk management services to companies across the West Coast.

As a part of this initiative, Sameer Shelke, co-founder, COO and CTO of Aujas has moved to California to work closely with key clients in the region. His focus will be on developing and creating more focused information risk solutions to help companies globally. Sameer will also explore new areas of partnerships and business opportunities across country.

“With an increase in the need for information risk  management services globally, Aujas has been considering ways to serve, partner and engage with local communities to provide solutions. We are very confident  that with our presence in California, we will be able to open up new opportunities and strategic partnerships in the U.S.,” said Sameer.

Joining Sameer in the California office is Ms. Annmarie Papp, who recently joined Aujas as Business Development Manager. She has more than 25 years experience in sales and consulting for technology organizations, and was previously with RSA as the Senior Director of Professional Services. Annmarie has worked with companies such as Symantec Corporation, EMC Corporation, Hitachi Computer Products and has considerable experience in sales,  results-oriented sales management and business development strategies.

“We’re getting a good response from the market and have already signed up many clients on the East Coast. The new California office plus our existing presence in New Jersey will help us work with new clients and partners and establish a higher level support and commitment. We’re delighted that our efforts to expand and reach out to companies seeking help on information security are showing results,” added Karl Kispert, VP of Sales and Business Development.

In an independent survey conducted at CIO & IT Security Forum 2011, companies chose Aujas amongst the top 5 most requested information risk management service providers. With the new office and team, Aujas will be able to reach out to such companies and focus on their information security needs.

About Aujas

Aujas (www.aujas.com) is a global Information Risk Management services company and an IDG Ventures company, part of International Data Group (IDG).  The company’s consultants work with the client’s management teams to align information risk with business initiatives, so that security becomes a business driver and competitive advantage.

Aujas helps clients manage emerging technologies – mobile devices, social media, cloud computing – that are transforming the business environment and posing increasing security challenges.

The company offers global clients:

  • Information risk advisory services
  • Secure development lifecycle services
  • Identity and access management services
  • Managed information risk services
  • Vulnerability management services
  • Mobile, social media and cloud security services

For more information about Aujas services, contact Karl Kispert at karl.kispert@aujas.com or visit http://www.aujas.com.

Advertisements

June 30, 2011 Posted by | Enterprise Security, information risk management services | , , , , | Leave a comment

Aujas among the Most-Requested Information Risk / IT Security Firms at 2011 CIO & IT Security Forum

For Immediate Release

Jersey City, New Jersey, USA – Senior IT decision makers knew who they wanted to talk to at the May 24-26, 2011 CIO & IT Security Forum – and they wanted to talk to Aujas. The global information risk management company was among the top five most requested suppliers at the Jacksonville, FL, forum. Sameer Shelke, Aujas cofounder and Chief Operations and Technology Officer, and Karl Kispert, Vice President of Sales and Business Development, met one-on-one with close to 50 Chief Information Security Officers (CISOs) and Chief Information Officers (CIOs) who specifically requested a meeting with Aujas.

“The forum gave us the opportunity to meet with IT security executives and discuss the security issues that were keeping them up at night,” says Karl Kispert. “Phishing and application security are critical issues, and we were able to share with the execs how Aujas can help them manage risk in these areas as well as others.”

The forum, hosted by Richmond Events, is invitation-only for 100 senior IT executives with budget authority. It offers a unique experience for these individuals to get together, debate the big issues and explore collaborative opportunities. “From our perspective, the forum gave us the opportunity to meet and develop relationships with those we are most able to help,” says Kispert.

About Aujas
Aujas is a global Information Risk Management services company and an IDG Ventures funded company. It is headquartered in Bangalore, India, with its US headquarters in Jersey City, New Jersey.

Aujas consultants work with the client’s management teams to align information risk with business initiatives, so that security becomes a business driver and competitive advantage. The firm helps clients manage emerging technologies – mobile devices, social media, cloud computing – that are transforming the business environment and posing increasing security challenges.

Aujas offer global clients:
• Information Risk advisory services
• Secure Development Life-cycle services
• Identity and Access Management services
• Managed Information Risk services
• Vulnerability Management services
• Mobile, social media and cloud security services
For more information about Aujas services, contact Karl Kispert at karl.kispert@aujas.com or visit http://www.aujasus.com.

June 20, 2011 Posted by | Enterprise Security, IT security, Phishing, Risk management, Secure code development | , , , , | 1 Comment

The Business Case for Secure Development Lifecycle

Vulnerability ManagementSoftware is integral to business operations for most organizations. Unfortunately, the increasingly indispensable nature of software-based systems has also made them high-value targets for cyber crime.

Today, most of vulnerabilities targeted by cyber criminals are at the applications level rather than at the operating system or network levels. The cost involved in fixing these vulnerabilities is very high due to:

·         Incident response

·         Customer compensation

·         Penalties for compliance violations

·         Short-term fixes

·         Cost to remediate the problem

When a cyber attack is successful, fixing vulnerabilities can grow even more costly.

Although recognition of the importance of secure systems is growing, software security must still compete for a place in an increasingly tight enterprise budget. However, a well-optimized security program can reduce the overall cost of developing an application and the business process it enables. The program can integrate security at various layers to mitigate risks that the company or software can face.

One proven and time-tested model is to incorporate security into every stage of the software development lifecycle. The Microsoft Security Development Lifecycle (SDL) is one such comprehensive process that offers an industry-leading software security methodology. The Microsoft SDL embeds security and privacy throughout the software development process.

The SDL delivers real cost savings:

·         When software development processes include security practices as early as possible, the cost to fix many vulnerabilities can decrease dramatically.

·         A structured approach to security makes the process more predictable, can significantly improve its efficiency, and allows the security team to deploy its resources in a heavily leveraged, top-down manner.

·         It is cheaper to plan early and have a security requirement rather than performing a final verification.

·         A combination of high-level analysis, low-level review, metrics-based risk management, and tools can provide an optimal, measureable ROI.

By following a defined process like the SDL, vulnerabilities are more likely to be found and fixed prior to application deployment. This helps reduce the total cost of software development.

Improving the security of a system makes it more reliable and less expensive to operate in multiple ways. While software security efforts require some resource commitment, a significant ROI can often be achieved with a small initial expense. Careful use of metrics allows tracking of the effects of the investment, and those same metrics allow long-term improvement of security ROI and overall effectiveness.

Understanding software security problems is a foundational part of building better software. A recent survey conducted by Forrester Consulting noted that 0 out of 7 company executives who responded selected “lack of time to perform security tasks” as a challenge for implementing a secure development program. Rather, they cited “lack of security expertise”… as a top challenge. So it’s essential to know what talent is available in-house and where to look for expert advice.

Aujas is a member of the Microsoft SDL Pro Network, a group of security consultants, training companies, and tool providers that specialize in application security and have substantial experience and expertise with the methodology and technologies of the SDL. We can help you make security and privacy an integral part of how software is developed for your company.

 

For more information about Aujas and the Microsoft SDL Pro Network, contact Karl Kispert at karl.kispert@aujas.com.

April 11, 2011 Posted by | Cyber Crime, Enterprise Security, SDL, Secure Development Lifecycle | , , , , , | 4 Comments

Right to Internet Use

social networkingThe United Nations advocates making “Right to Internet Access” a human right, one which countries such as Estonia, France, Finland, Greece and Spain have already implemented. This got me thinking about how we would look at “Right to Internet Use”, e.g., social networking.

We all know the power of social networking, its adaption and growth. According to Facebook, more than 500 million users spend over 700 billion minutes per month on the site. However, not many of us could have imagined its impact on reshaping the political landscape of countries. Perhaps the most talked about example is that of a 26-year-old woman, worried about the state of her country, who wrote on Facebook, “People, I am going to Tahrir Square”. The message soon snowballed into a movement to oust Egyptian President Hosni Mubarak. As another example, China’s reaction to what is called the “Jasmine Revolution” was swift, with filtering and monitoring on popular social media websites and services.

The buzz is about the CSM (Cloud, Social Media, Mobile) phenomenon which is reshaping the Internet world. It’s already established that social networking has overtaken search as the primary reason for users to access the Internet. Facebook has more than 200 million active users who use mobile for access, and these users are twice as active as non-mobile users.

Consumerization of the Enterprise, combined with the CSM phenomenon and recent political events, make me feel that this is not just about adaption of new technologies but more about changes and impact on the history of mankind. It’s not just about using new technologies and models to provide better services at lower cost to a larger user base. It’s about a medium to communicate, participate and influence changes in the world.

One can think of several positive and negative uses of this phenomenon. If used well, it can bring about necessary changes and revolutions. But it can also be used to spread panic and lead to concepts like “social networking terrorism”.

The CSM phenomenon is too strong and important to be ignored. Would censoring of this medium be possible? Like the Internet, CSM could be considered as a human right, leading to positions on “Right to Internet Use”.

At an Enterprise level, blocking and not adopting CSM is a risk management control which is not sustainable. Users and business would not accept this posture. We need to find answers for the two main reasons why some Enterprises are staying away from adoption of CSM, which are “Confusion and Fear”.

February 23, 2011 Posted by | Cloud Security, Enterprise Security, Social networking | , , , , , , , | Leave a comment

What Is Needed for Data Protection?

Data protectionA more holistic approach is needed for protecting data that goes beyond individual tools and addresses data at its source: the business. The principles of data governance, data classification and the DLP tool need to work as one solution to effectively protect data in an organization.

Approach

  • Develop a strategy – Start by developing an organization-wide data protection strategy
  • Set up a data classification policy and a program – Individual business processes should identify and document all forms of data, its classification and its authorized movement.
  • Create a governance program – Establish accountability, roles and responsibilities for data protection and data ownership.
  • Create and ensure awareness and training for business users – To ensure that the data protection remains a strong focus within the organization, management should ensure users are made aware of their roles and responsibilities around data protection.

The Aujas Data Protection Service helps organizations extract maximum value from their investment in security technology and solutions. We build the governance framework, data protection strategy and data protection program. Then we assist organizations with data flow analysis to identify data movement within and between processes, the forms data takes, and user awareness levels. Our data flow analysis results in effective DLP policies while the governance framework and strategy translates into continuous data protection for the organization.

To learn more about the Aujas Data Protection Service, and our complete portfolio of services, please contact Karl Kispert, our VP of Sales at karl.kispert@aujas.com or at 201.633.4745.

January 24, 2011 Posted by | Data Leak Prevention, Enterprise Security, IT security, Risk management | , , , | 1 Comment

Aujas and RSA 2011 – Come by Our Booth

Visit Aujas at RSA

Aujas is exhibiting at the upcoming RSA Conference on February 14 – 18, 2011 in San Francisco. This is an opportunity for Aujas to expand its knowledge and increase its network of industry peers and influencers. 

Please stop by booth number 343 to say hello and discuss Information Risk Management topics with Aujas co-founder Sameer Shelke and Vice President of Sales Karl Kispert.

January 24, 2011 Posted by | Enterprise Security, IT security, Risk management | , | Leave a comment

Operating in the Cloud – Sunny with a Chance of RISK!

Cloud computing riskHere is a list of some of the most important risks of operating in the cloud today: 

  • Loss of governance
  • Data protection
  • Service provider lock-in
  • Compliance risks
  • e-Discovery and litigation support
  • Management interface compromise
  • Network management failure
  • Isolation Failure
  • Insecure/incomplete data deletion
  • Malicious insider

A risk-based approach is the only way to assess a cloud computing deployment decision.

Establish detective and preventive controls specific to each cloud deployment model:

  • SaaS – Browser patching, endpoint security, access reports
  • PaaS – Browser patching, hardening, endpoint security, access reports and vulnerability scanning
  • IaaS – VPN, configuration and patch management, host IDS/IPS, VirtSec appliance, access reports, vulnerability scanning, logging & event management

Identity management is a key area of preventive control focus for all service models.For more information on how Team Aujas is assisting clients with Security Risks in the Cloud please email me at karl.kispert@aujas.com

January 4, 2011 Posted by | Cloud Security, Data Losss Prevention, Enterprise Security, IT security | , , | Leave a comment

Wikileaks Fallout: DLP Helps But Doesn’t Solve, Analysts Say

by George V. Hulme, Contributing Writer
WikiLeaks and DLPData leak prevention technologies have a limited but important role in protecting enterprise data, analysts say. But can the technology prevent another WikiLeaks-like fiasco?

In the aftermath of the Wikileaks fiasco, enterprises are wondering what the breach of so many sensitive documents means, and if such an event could ever happen to them. One of the technologies vendors and solution providers are feverishly pushing as the answer is Data Leak Prevention (DLP) technology.

According to IDC, while sensitive information leaks were seen as the second greatest threat to enterprise security, only 31.4 percent of organizations had adopted DLP. At the time of the study, which was December 2009, only 14.5 percent of organizations had plans to purchase DLP. It’s probably a good hunch, considering what has become public on the Operation Aurora attacks and the more recent Wikileaks phenomenon, that many enterprises are giving DLP a much closer look today.

DLP is widely marketed as the way to stop confidential information from sliding out the door on notebooks, smartphones, iPods, portable storage, and many other devices. Or, as US Army intelligence analyst Private First Class Bradley Manning is alleged to have done: copy and walk away with reportedly 250,000 files designated (at the least) as classified — on a writable CD labeled as Lady Gaga music — from the Secret Internet Protocol Router Network (SIPRNet). SIPRNet is run by the US Department of Defense and the U.S. Department of State.

Would having DLP in place had prevented that leak? Analysts are doubtful. DLP technology is very good at protecting specific types of information, but not protecting all of the information generated and managed by an organization. “In this case, the content taken appears to have been a mass amount of information that Manning had legitimate access to,” says Rich Mogull, founder and analyst at the research firm Securosis. “DLP is not good at stopping this sort of incident, where a broad amount of data is taken.”

Experts also agreed that while DLP has its place in the enterprise, it would provide no definitive protection against similar attacks from trusted insiders. “There is no 100 percent solution to stop a motivated insider from stealing information,” says Mike Rothman, president and analyst at Securosis.

It’s useful to pause and define what we mean by DLP. According to Mogull, DLP, at a minimum, identifies, monitors and protects data in motion, at rest and in use through deep content analysis. The tools identify the content, monitor its usage and builds defenses around it. “There’s also an emerging class of DLP that I call DLP Lite. These are single channel solutions that only look at either the end point, or the network,” he says.

For the most part, experts agree, whether considering full-blown DLP or DLP Lite, the technology excels at stopping specific kinds of data from leaking when it shouldn’t — credit card data, engineering plans and details, health care forms. “For enterprises, compared to a government situation like Manning’s case, you can certainly do more to protect more data,” says Mogull.

But, experts caution, DLP can’t prevent many types of attacks on data from being successful. “There is a rumor that WikiLeaks has a trove of information on one of the major US banks. While we’re not sure what type of information it is, or how it is stored, if that information is reams of e-mails with free flowing conversations, DLP is not necessarily going to pick up on and stop that kind of breach,” Mogull explains.

That’s why it remains important that enterprises, in their own efforts to protect data leaks, not place too large an emphasis on DLP technology, and that DLP be used as an additional layer of defense to supplement other important defenses such as access control, encryption, segmentation, security event monitoring, among others. Most importantly, enterprises need to understand what information it is they want to most protect, and how that information normally flows throughout their organization.

“They need to understand the context of the data they use and want to protect – the why and how it traverses their network – as part of the normal course of using that data,” says Nick Selby managing director at security consultancy Trident Risk Management. “For DLP to work in the limited way it’s intended, organizations must know what normal looks like before they have any hope at stopping abnormal activity.”

Read more about data protection and governance by clicking on this site for the Aujas whitepaper http://www.aujas.com/whitepapers.html

December 20, 2010 Posted by | Data Leak Prevention, Enterprise Security | , , , | Leave a comment