The Enemy Of Security Is Complexity

Guest: Arthur Tyde (LinkedIn)
Company: CIQ (Twitter)

CIQ builds next-generation software infrastructure for companies running data-intensive workloads on top of Rocky Linux enterprise Linux distribution. In this episode of TFiR: T3M, Swapnil Bhartiya sits down with Arthur Tyde, SVP, Business Development at CIQ Inc., to share his insights on the current trends in the market, particularly in terms of security and compliance.

Major security concerns:

Security patching and updates (not that many companies are really on top of it)
Unsupported OS
Software from dodgy sources
Unsigned packages, scenarios where package verification isn’t done, or users go to unsigned, unauthorized or unvetted package repositories to fill out some blank spaces on a server

Current trends in the market:

Enterprises, for the most part, have very comprehensive and well-thought-out security strategies because they are driven by compliance and regulatory issues. They’ve got data privacy and protection stuff to deal with, record-keeping and cybersecurity regulations that are often required because they have a fiduciary responsibility to protect money, intellectual property, and others.
Most non-IT users in organizations these days are now thinking of security.
Rocky Linux is at nearly 40% penetration in the government. Government users want it simple: they want what they are running on prem, they want that on the cloud, and they want a very strict set of controls. They want consistency across environments because the enemy of security is complexity.
There is an evolution towards simplicity and elegance. This makes our lives easier, and it makes our data safer.

CIQ helps companies by:

Sponsoring Federal Information Processing Standards Publication FIPS 140-3 certification for Rocky Linux. If CIQ certifies a piece of hardware for Rocky Linux, all of that certification data can contribute to the company’s positive score on a compliance audit.
Building out a portfolio of high-performance tuning options that are container-driven, highly secure, policy-driven, with no root access from within the containers.
Doing support not just for Rocky Linux, but also the Rocky Enterprise Software Foundation (RESF). CIQ can tremendously cut a company’s support budget.

Advice for companies looking to cut costs:

Be aware of the compliance and regulatory obligations that you have and then make your budgeting decisions accordingly.
If you are paying a huge licensing fee for a bunch of Enterprise Linux machines, shop around and find a better deal.

Advice for companies looking to improve their security posture:

Follow patching and maintenance best practices.
Invest in your people. Set money aside to make sure everybody has certifications, they’re trained, and their skills are up to date. The better your people, the better your security.

This summary was written by Camille Gregory.

You may also like

Open Platform for Enterprise AI (OPEA) aims to foster collaboration in Enterprise AI

Why AWS backs Valkey, an open source alternative to Redis | David Nalley

LF Energy leads digitalization efforts to tackle decarbonization challenges

Carbon Data Specification Consortium helps drive climate solutions with carbon data standardization

Tackle data complexity with Hasura v3

Acorn Labs’ GPTScript aims to redefine coding for AI applications