CISO Bulletin: Protecting the Enterprise File Fabric™ Against Third Party Software Vulnerabilities

In an  age where Cyber attacks are occurring daily, where even security focused companies are not immune, and in which third party embedded components can cause huge disruption we thought where  we thought it would be worthwhile to focus a blog post on what we do to protect the File Fabric from third party software vulnerabilities.

Many of our enterprise customers choose to deploy the Enterprise File Fabric™ in their own data centres or in a public cloud, and to administer it themselves. Storage Made Easy provides updates to the File Fabric software several time each year, and these customers install those upgrades by following simple instructions that are provided.

When the File Fabric software is updated, operating system updates and updates to other third party software on which the File Fabric depends are installed automatically at the same time. These updates come from repos that are maintained by Storage Made Easy for this purpose.

It is sometimes appropriate to upgrade these third party dependencies between File Fabric upgrades. This may be required as a matter of course by a customer’s cybersecurity policies. It may also be required when an important vulnerability is discovered in software that is used by the File Fabric.

To address the need for third party software updates between File Fabric upgrades, Storage Made Easy has created a monthly update process. Each month we begin testing the File Fabric with the latest available packages from their official sources. Our testing process lasts about a month. Around the final Wednesday of each month, the packages are made available to File Fabric customers through our repo and the cycle begins again.

This monthly cycle should meet the needs of our customers in most situations. From time to time, however, a vulnerability will demand a quicker response  (the recent log4j issue is a good example). When that happens, SME may provide out-of-cycle updates as soon as package updates addressing the  security vulnerability become available and have been tested by us with the File Fabric.

We have designed our third party software update processes to protect our customers’ systems and data, and to provide operational predictability. We  implemented these processes to ensure we were contributing to each  enterprise customer’s overall level of cybersecurity.

Facebooktwitterredditpinterestlinkedinmailby feather
The following two tabs change content below.
Dan is COO at Storage Made Easy. He has been working with the founders since the company was launched.