57NETWORK
  • About
    • VALUES & MISSION >
      • Integrity Declaration
      • PDPA
      • PDPA - Job Applicant
  • SMARTSHEET
    • Try Smartsheet For Free
    • BrandFolder >
      • BrandFolder + SMAR
    • Services >
      • Training For Success
      • Solution Building
      • Add-on Premium App >
        • Microsoft + Smartsheet
        • Docusign + Smartsheet
        • Dynamic View
    • Solutions >
      • Smartsheet For PMO >
        • Control Center
        • WorkApps
        • JIRA + Smartsheet
      • Smartsheet For Accounting Finance
      • Smartsheet For Legal Firm
      • Smartsheet For Marketing
      • Smartsheet For IT Operations
      • Smartsheet For Education
      • Smartsheet For Construction
      • Smartsheet For Healthcare
      • Smartsheet For Government
      • Smartsheet For Non-profit
      • Smartsheet For Software Development
      • Smartsheet For Sales
      • Smartsheet For IT PMO
      • Smartsheet For Professional Services
      • Smartsheet For Media Entertainment
      • Smartsheet For Telco
      • Smartsheet For SME
      • Smartsheet For Retail
      • Smartsheet For Energy and Utilities
      • Smartsheet For HR
      • Smartsheet For Tech Company
      • Smartsheet For Manufacturing
    • Customers Stories
    • Smartsheet Enquiry
  • Blog
  • CYBERSECURITY
    • Ransomware Mitigation
    • Prevent Email Fraud | Email Security
    • Installation Guide | Bitdefender Gravityzone
    • Patch Management
    • Nutanix Integration with Bitdefender Gravityzone
  • CONTACT US

SaaS Security Ain't Easy

1/22/2018

 
by Chris Magill on January 25, 2017
Picture
I recently participated in a customer security review to give an overview of Smartsheet's security architecture and how we utilize Security Enhanced (or SE) Linux. "SELinux in Enforcing mode is definitely secure," the customer responded, "... provided you were actually able to get it to work."

The customer’s skepticism was understandable… in fact, I’ve heard this same reaction many times over. 

When I review Smartsheet’s security architecture with customers, one of the main topics that I discuss is the fact that our application is built on Security Enhanced Linux operating in Enforcing mode. In Information Security circles, it’s a well-known secure operating system. 
​

So Why the Skepticism?

However, SELinux is also notoriously difficult to manage. 

Things that would be simple in a normal operating system, like copying a file or starting a service, require explicit permission. Nearly every action triggers some form of alert which must be investigated and a new configuration rule implemented. 
​
When I asked our Security Operations Team what the most important thing was to keeping SELinux in Enforce mode running effectively, their response was immediate: “Patience.” Getting the service to function securely at scale takes around 400,000 lines of configuration code and a Swiss watchmaker’s level of attention to detail. 

Many organizations who have tried to deploy SELinux ultimately give up and turn it off.

SELinux was originally developed by the National Security Agency as a way to implement Mandatory Access Control. That means every action and object has to have an approved context. If something attempts to run outside of that expected context, the action is blocked by the operating system and sends an alert to our Security Operations Center for investigation. Malware, intrusion, and unauthorized actions by a malicious insider can all be detected and blocked before an adversary can gain a foothold in the environment. 
​

So Why Go Through the Trouble?

Effective security isn’t easy. It takes a deep understanding of how your service functions to keep things running smoothly. 
The reward, however, is a robust, secure infrastructure which blocks malware and intrusion effectively without depending on traditional malware signatures or heuristics.

Modern Information Security demands layered defenses managed by a skilled Security Operations team to be successful. In addition to SELinux in Enforcing mode, Smartsheet deploys a broad range of security controls including state-of-the-art application firewalls, Distributed Denial-of-Service (DDoS) mitigation capabilities, vulnerability detection, network segmentation and strong encryption of customer data in transit and at rest.  

Smartsheet was truly built with protection of your critical data in mind so you can rest at ease and focus on developing workflows that let you Work Better. Learn more about our security practices here.
​
Source: Smartsheet Blog
​

    Author

    Writers and Bloggers from Smartsheet.

    Categories

    All
    2019
    360 Reviews
    Abacus
    Accelerate
    Accountability
    Accountabillity
    Administrative Control
    Adoption
    Agile
    Agility
    AI
    Alert
    Artificial Intelligence
    Asset Management
    Authentication
    Automation
    Automation In Workplace
    Autopsies
    AWS
    Barcode Inventory
    Better Communication
    Better Decision
    Borderless Team
    Bottom-Up
    Brainstorm
    Business
    Business Leaders
    Business Moves Fast
    Business Software
    Card View
    Chat
    Chatbot
    Chatflow
    CIO
    Clear Vision
    Cloud
    Collaboration
    Collaborative Work Management
    Comfort Zone
    Competitive Advantage
    Compliance
    Construction
    Converse.ai
    Creativity
    Critical Path
    Cross-functional
    Csuite
    CTO
    Customer Experience
    CWM
    Dashboard
    Data Control
    Data Privacy
    Data Security
    Data Visibility
    Decision Making
    Delegation
    Digital Technology
    Digital Transformation
    Direction
    Efficiency
    Email
    Employees
    Employee Spotlight
    Empower
    Engage
    Enterprise
    EVENT
    Flexible
    Future Of Work
    Gantt Chart
    GDPR
    Google
    Google Hangouts
    Google Maps
    Google Sheets
    Grow
    Hacker
    High Value Work
    Hours Saved
    HP
    Information Access
    Innovation
    Issue Tracker
    IT
    IT Team
    Kevin Carroll
    Killer App
    Location Capture
    Location Sharing
    Logged Locations
    Luca Pacioli
    Machine Learning
    Make Better Decisions
    Maximise Productivity
    Maximum Value
    Meeting Management
    Meetings
    Meltdown
    Messaging Integration
    Microsoft
    Microsoft 365 Tips
    Microsoft Excel
    Microsoft Teams
    Mobile
    Navigation
    New Interface
    Old Systems
    Onboarding
    Permissions
    Phishing
    Portals
    Portfolio Reporting
    Post-mortem
    Praerit Garg
    Productive
    Productivity
    Project Management
    Project Managers
    Project Tracking
    Quality
    Quantum
    Real Time Information
    Real-time Information
    Request Management
    Risk
    SAAS
    SaaS Adoption
    Scalable
    Scam
    SECURITY
    Security Control
    Silo
    Skype For Business
    Slack
    Smart Meeting
    Smartsheet
    Smartsheet Dashboard
    Smartsheet Mobile
    Smartsheet Portals
    SMARTSHEET TECHNICAL
    Spectre
    Speed
    Spoofing
    Spreadsheet
    Stay Connected
    Streamlined Processes
    Successful
    Teamwork
    Team Work
    Technology
    Time Saved
    Top-Down
    Track Submissions
    Transform
    Transparency
    Trust
    Upgrading
    Visibility
    Waterfall
    William Oughtred
    Work Anywhere
    Work Better
    Work Collaboration Platform
    Work Communications
    Work Execution Platform
    Workflows
    Workplace
    Workplace By Facebook
    Workplace Messaging
    Work Smart

    Archives

    December 2022
    November 2022
    October 2022
    February 2022
    October 2021
    September 2021
    July 2021
    May 2021
    December 2020
    October 2020
    July 2020
    November 2019
    September 2019
    July 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    January 2018
    December 2017
    November 2017
    October 2017
    August 2017

    RSS Feed

Malaysian accounting firm CKP improves both sales and productivity 30% by digitizing and automating with Smartsheet


Care line: +603-9212 0157

Leave us your inquiry

Contact us
Picture
Reach us via Whatsapp

Picture
Picture
57Network has been helping global companies in digitizing work management for greater transformation.
Copyright © 2022 57Network Consultancy Sdn. Bhd.
Company Registration number : 202001020346 (1376666-K) 
​(Formerly FIFTY SEVEN NETWORK since May 2015). All rights reserved.
 Privacy Policy ​ | ​Integrity Pledge | Site Map
Designed by 57 Web
  • About
    • VALUES & MISSION >
      • Integrity Declaration
      • PDPA
      • PDPA - Job Applicant
  • SMARTSHEET
    • Try Smartsheet For Free
    • BrandFolder >
      • BrandFolder + SMAR
    • Services >
      • Training For Success
      • Solution Building
      • Add-on Premium App >
        • Microsoft + Smartsheet
        • Docusign + Smartsheet
        • Dynamic View
    • Solutions >
      • Smartsheet For PMO >
        • Control Center
        • WorkApps
        • JIRA + Smartsheet
      • Smartsheet For Accounting Finance
      • Smartsheet For Legal Firm
      • Smartsheet For Marketing
      • Smartsheet For IT Operations
      • Smartsheet For Education
      • Smartsheet For Construction
      • Smartsheet For Healthcare
      • Smartsheet For Government
      • Smartsheet For Non-profit
      • Smartsheet For Software Development
      • Smartsheet For Sales
      • Smartsheet For IT PMO
      • Smartsheet For Professional Services
      • Smartsheet For Media Entertainment
      • Smartsheet For Telco
      • Smartsheet For SME
      • Smartsheet For Retail
      • Smartsheet For Energy and Utilities
      • Smartsheet For HR
      • Smartsheet For Tech Company
      • Smartsheet For Manufacturing
    • Customers Stories
    • Smartsheet Enquiry
  • Blog
  • CYBERSECURITY
    • Ransomware Mitigation
    • Prevent Email Fraud | Email Security
    • Installation Guide | Bitdefender Gravityzone
    • Patch Management
    • Nutanix Integration with Bitdefender Gravityzone
  • CONTACT US