The Secure-by-Design Pledge: A Commitment to Creating a Safer Digital Future
The exciting benefits of digital transformation and automation — global interconnectedness, efficient operations, greater business outcomes — have come with an equal measure of concern over digital safety. It has become clear that to safely realize the benefits of digital acceleration, as an industry we must take bold steps toward securing the digital landscape and mitigating cybersecurity threats.
At Ivanti this evolution is already under way — and we are committed to being at the very front of the movement. As a company, we have always believed that our customers’ interests – including security – should be a cornerstone of software development. With the threat landscape rapidly evolving, and tactics becoming increasingly aggressive and sophisticated, the imperative to put security first has never been greater.
That is why last month I outlined a bold plan for Ivanti to meet the new reality we are all facing. Our efforts are rooted in Secure by Design principles, weaving security into every stage of our software development lifecycles. Given this commitment, it makes sense that we’re among the first to sign the Cybersecurity and Infrastructure Security Agency’s (CISA) Secure by Design pledge, which they unveiled on May 7, 2024 at the RSA Conference in San Francisco.
The concept of Secure by Design is not new, but it has never been more relevant. It ensures that products are built with security embedded from the ground up, reducing the risk of vulnerabilities and making it more difficult for malicious actors to exploit them. That is why this pledge is so meaningful at this moment in time, and why companies like Ivanti are answering the call. We see this as a meaningful step forward in the industry’s commitment and collaboration around security, and we look forward to setting a new standard for the broader ecosystem.
A bold new level of security
By signing the Secure by Design pledge, we are committing to a set of principles, standards, and actions that will help us further elevate the security of our products and better protect our customers. This includes implementing multi-factor authentication, reducing the use of default passwords, mitigating entire classes of vulnerabilities, increasing the adoption of security patches, establishing a vulnerability disclosure policy and improving our customers' ability to gather evidence of cybersecurity intrusions. I’m pleased that our products and our organization already meet many of these Secure by Design principles, and we are looking closely at opportunities to enhance and accelerate our efforts and practices throughout our organization and product development lifecycle.
For Ivanti, these commitments are far from simply words on paper or empty promises. By signing this pledge, we are making a public commitment to raise the bar and that we will be accountable for delivering. We will work diligently over the coming year to make measurable progress toward each of these goals, and we will update our customers and the wider security community on our progress. We believe that transparency is essential in building trust and fostering a broader culture of security.
Stronger together
We’ve taken a big step by acting as early signers to this pledge. Still, we recognize that we cannot achieve a safer digital future alone. It is crucial that other vendors in the industry also embrace the principles of Secure by Design and take similar steps to prioritize security in their products. We strongly encourage our peers to join us in signing the CISA Secure by Design pledge and to work collaboratively toward our shared goal of protecting our customers and the broader digital ecosystem.
It's good business, and it’s the right thing to do for employees, partners, customers and the communities we serve.
Our recent experience at RSA has only reinforced our belief in the importance of the security community coming together to tackle the challenges we collectively face. Our conversations with customers and partners were invaluable, and they highlighted the need for a collective effort around software security. By sharing knowledge and best practices and holding each other accountable, we can make significant strides toward a stronger and more secure future.
Ivanti is committed to being a leader in this effort, and we look forward to engaging with our customers and the wider community to make Secure by Design the new reality.