The usage of open source technologies has grown significantly in the public sector. In fact, according to a published memo , open source technologies allow the Department of Defense to “develop and update its software-based capabilities faster than ever, to anticipate new threats and respond to continuously changing requirements”. Cybersecurity threats are on the rise and organizations need to ensure that the software they use in their environments is safe. IT teams need the ability to quickly identify and mitigate breaches. They also need to deploy preventative measures and ensure that all stakeholders are protected.
Continuous SecurityIn a world with no perimeters, it is more imperative than ever to maintain security and regulatory compliance. While security fundamentals still apply, the security mindset is changing; security must be a continuous process. To combat cybersecurity, we recommend that organizations include security in every step of the application and infrastructure lifecycle by following the below guidelines:
DesignDesign your infrastructure and applications with security in mind. An active and current security guidance needs to be in place. This guidance should detail instructions that must be followed in case of an attack without a prior plan, recovery is long and difficult.
BuildBuild in security features by integrating and automating security testing. Develop standard configurations and automate them so that new deployments conform to your security guidelines.
RunRun your infrastructure on trusted, tested, and supported platforms with capabilities that minimize attack vectors. Maintain an up-to-date catalog of assets. This catalog simplifies the process of mitigating the consequences of a possible attack.
ManageDeploy a centralized management system. Admins need to be able to perform a security audit on multiple remote systems from a single and centralized environment. This approach minimizes silos that make it difficult to track and prevent threats.
AdaptEnsure that the IT environment is continuously monitored throughout the lifecycle and kept up to date with the latest patches and security fixes.
The Red Hat Security StoryAs a leader in open source infrastructure and application development solutions for the enterprise, Red Hat is uniquely positioned to enable IT organizations to leverage the innovation of open source with security, regulatory, and compliance confidence. Red Hat develops, curates, tests, and delivers certified open source infrastructure software and application platforms through a thoroughly documented supply chain. Security is something we have in mind from the beginning. There are no add-ons, security is a part of all Red Hat products. Red Hat Enterprise linux, the underlying secure operating system, is the lynchpin that unifies all of our products. At Red Hat, we partner with open source communities, industry leaders, and government agencies to provide automated and standardized lockdown tools. Additionally, the open source software process enables Red Hat to deliver safer software that has been tried and tested through many channels.
Red Hat has deep roots in the security space. Red Hat developed SELinux in conjunction with United States National Security Agency (NSA) and the United States Department of Defense. SELinux provides mandatory access controls for every user, application, process, and file. SELinux enables a system to defend itself and protect applications against tampering and unauthorized access. Red Hat also developedsVirt, a technology that delivers secure virtualization through SELinux.
Moreover, security is baked into the Red Hat’s subscription model in 5 ways:
Technical support Red Hat offers multi-channel, multi-lingual, and unlimited incidents support on a 24/7 schedule. Security Advisories, Patches, and Stability Red Hat offers stability with a product lifecycle for up to 10 years. The Red Hat Product Security team analyzes threats and vulnerabilities against all of our products and provides relevant advice and updates through the Red Hat Customer portal. In 2015, 96% of Red Hat Enterprise Linux critical issues had updates available the same or next day after public knowledge. Red Hat backports fixes for security flaws from the most recent version of an upstream software package and applies that fix to older package versions. This process minimizes disruption and provides IT organizations with the flexibility to continue to safely work with their currently deployed versions and upgrade to newer versions at the time of their choosing. Deep expertise Red Hat values knowledge sharing and facilitates conversations through the customer portal and forums. Our customers have access to knowledgebase articles, access labs and we offer a training lab. Red Hat maintains close relationships with component communities that benefit our customers and the open source communities. Red Hat gives back by sharing code and results of quality and secure testing. Commitment Red Hat provides hardware and software certification as well as software assurance. Red Hat Insights Red Hat Insights helps you proactively identify, prioritize, and resolve critical issues in your infrastructure before they impact your business operations. The provided intelligence is specific, clear, and actionable with tailored resolution steps presented based on unparalleled Red Hat technical knowledge and expertise. Virtualization and SecurityVirtualization allows organizations to run multiple virtual machines on one host, thus speeding up delivery of services and significantly reducing costs. However, if not properly mitigated, this convenient technology can introduce threats. Virtualization threats include:
Denial of Service (DoS) through the termination of the guest. This threat activity occurs when there is activity within an individual guest or host that impacts the ability for the host to effectively run virtual machines. Memory corruption and leakage. This is the ability to corrupt or access guest memory from outside the constraints of the virtual machine. Guest to host escape . This vulnerability occurs when code is executed directly on the hypervisor outside the constraints of a guest virtual machine.