{"id":20332,"date":"2016-02-05T16:55:12","date_gmt":"2016-02-05T16:55:12","guid":{"rendered":"http:\/\/www.businesscloudnews.com\/?p=244412"},"modified":"2016-02-05T16:55:12","modified_gmt":"2016-02-05T16:55:12","slug":"box-ibm-and-black-duck-announce-security-offerings-amid-open-source-vulnerabilities","status":"publish","type":"post","link":"https:\/\/icloud.pe\/blog\/box-ibm-and-black-duck-announce-security-offerings-amid-open-source-vulnerabilities\/","title":{"rendered":"Box, IBM and Black Duck announce security offerings amid open source vulnerabilities"},"content":{"rendered":"<p><a href=\"http:\/\/www.businesscloudnews.com\/files\/2015\/07\/Digital-Security1.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignright size-medium wp-image-230821\" src=\"http:\/\/www.businesscloudnews.com\/files\/2015\/07\/Digital-Security1-300x200.jpg\" alt=\"Security concept with padlock icon on digital screen\" width=\"300\" height=\"200\" \/><\/a>Two more services have been launched with the aim of\u00a0shoring up the security of the cloud, as its popularity sees it becoming increasingly targeted for attack.<\/p>\n<p>File sharing company Box has launched a customer-managed encryption service, KeySafe, in a bid to give clients more control over their encryption keys without sacrificing the ease of use and collaboration features of Box. Meanwhile UK-based open source security vendor Black Duck has been recognised under IBM PartnerWorld\u2019s \u2018Ready for IBM Security Intelligence\u2019 designation.<\/p>\n<p>Box\u2019s KeySafe aims to centralise sensitive content in the cloud, and promises new levels of productivity and faster business processes. Box Enterprise Key Management (EKM) uses Amazon Web Services (AWS) and a dedicated hardware storage module (HSM) to protect keys used to encrypt sensitive data. Box also has a service that integrates with AWS Key Management Service so customers can control their encryption keys. The service is intended to be simple and uses a software-based technology that doesn&#8217;t need dedicated HSMs.<\/p>\n<p>Box says it can never access a customer\u2019s encryption keys, which the customer owns. The main selling points of KeySafe, in addition to this independent key control, are unchangeable usage policies and audit logs and a \u2018frictionless end user experience\u2019 with simple data. Pricing is to be based on size.<\/p>\n<p>In another security announcement, Black Duck\u2019s new offering through IBM follows a research finding that 95% of mission critical apps now contain open source components, with 98% of companies using open source software they don\u2019t know about. With 4,000 new open source vulnerabilities reported every year, Black Duck claims that cloud computing is creating greater vulnerabilities.<\/p>\n<p>IBM has announced that Black Duck Hub has been validated to integrate with IBM Security AppScan in order to identify and manage application security risks in custom-developed and open source code. The hub now provides a clarified view within IBM Security AppScan which will help spot problems quicker. Black Duck Hub identifies and logs the open source in applications and containers and maps any known security vulnerabilities by comparing the inventory against data from the National Vulnerability Database (NVD) and VulnDB.<\/p>\n<p>\u201cIt\u2019s not uncommon for open source software to make up 50 per cent of a large organisation\u2019s code base. By integrating Black Duck Hub with AppScan, IBM customers will gain visibility into and control of the open source they&#8217;re using,\u201d said Black Duck CEO Louis Shipley.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Two more services have been launched with the aim of shoring up the security of the cloud, as its popularity sees it becoming increasingly targeted for attack.<\/p>\n","protected":false},"author":105,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3945,744,799,1976,337],"tags":[118],"class_list":["post-20332","post","type-post","status-publish","format-standard","hentry","category-black-duck","category-box","category-ibm","category-news-analysis","category-open-source","tag-security"],"_links":{"self":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/20332","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/users\/105"}],"replies":[{"embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/comments?post=20332"}],"version-history":[{"count":1,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/20332\/revisions"}],"predecessor-version":[{"id":20333,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/20332\/revisions\/20333"}],"wp:attachment":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/media?parent=20332"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/categories?post=20332"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/tags?post=20332"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}