Calcom Makes Hardening Automation a Smooth Process for IT Professionals
Established in 2001, CalCom provides solutions for configuration hardening automation, helping IT teams to enforce and manage security baselines for large server environments in a cost-effective fashion. In this blog post we've interviewed CalCom's business development manager Roy Ludmir to hear what CalCom is all about. Share
CalCom started developing released a first version of its’ hardening automation platform in 2008, based on our experience as security integrators, and following our customers' requirements. Back then and up to this day, it's been a big challenge to perform server hardening, mainly due to the ongoing conflict between security and IT operation teams.
The requirement to harden and secure a server usually comes from the security team, but the actual work is done by the IT operations team, and their interests often contradict. While the security's objective is to make the system as secure as possible, IT's main interest is that everything runs smoothly.
We've recognized this as a repeated challenge in every enterprise we've worked with, so we decided to develop a fully automated tool that helps these teams to harden their security while maintaining all system operations up and running. Our philosophy says: secure as much as possible but don’t break anything.
What makes CalCom unique?
We're unique in that we solve the biggest challenge, helping the IT guys understand what will be the impact of a future change in policy on the production environment.
Let's say you need to harden 10,000 servers. In that case, before you enforce policies to your servers (harden), you would need to go into a lab environment that simulates the production, and start testing everything. That's a labor intensive task that requires thousands of hours. We developed an analytics engine that can predict the impact of the change, before it actually gets done. The idea is to provide an understating of what might break during the hardening, and highlighting the areas that could be damaged as a result of the hardening process.
What are the key elements necessary for creating a secure working environment?
From the security aspect, hardening is a fundamental requirement, and a very basic best practice in the market.
Regulatory requirements such as PCI-DSS, HIPAA, etc. and standards such as NIST cyber security framework require organizations to perform configuration hardening of their systems in order to manage a secure environment. This is standard requirement that every security professional is familiar with.
In your opinion, how is GDPR going to affect the way we do business?
GDPR is all about making sure that data of organizations is managed securely. Enterprises will need to go into the next level of securing their systems. Hardening and encryption technologies will obviously be on the rise, but its early to say how exactly it's going to impact the entire market. I assume it will become clearer in about 1 year from now.
Can you tell us a bit about Calcom's future plans?
So far our main business was around Microsoft windows hardening automation. These days, we are preparing to launch a solution for the Linux open source world, which will take us further into the DevOps environment.
We are currently seeing the rise of new development and operation platforms which are heavily dependent on Linux, I believe this shift will be adopted by many enterprises.