why governments depend on open source for secure, private email
TRANSCRIPT
Why Governments Depend on Open Source for Secure, Private Email
Olivier Thierry CMO, Zimbra
Increased Need of Security & Privacy
October 22, 2014 2
October 22, 2014 3
We Need to Elevate Security & Privacy
October 22, 2014 4
Source: xkcd.com/538
① Transparency/Auditability
October 22, 2014 5
NO • “skeleton keys”• hidden components• embedded proprietary
software
Heartbleed patch on git.openssl.org
Worldwide Adoption of Open Source Software (OSS) by Public Sector
October 22, 2014 6
October 22, 2014 7
Community Code
Extensions
② Reduced Cost
October 22, 2014 8
Open Source Project Open Source Community
*Industry standard: ~$10 - $20 / line of code Source: Black Duck Software | Cost, Freedom and Control: The Dividends of Migrating to Open Source
Force Multiplier
Patches
Add-ons
Modules
Products
Support
Security
OS Core
OS Core
③ Product Customization & Flexibility
October 22, 2014 9
The core open source product +
Product extensions into your unique environment
The products you want to use & the solutions you need =
Community Code Extensions
OS Core
④ Advanced Interoperability
October 22, 2014 10
*Source: According to Black Duck’s Future of Open Source Survey, 2014 Quote: U.S. Digital Services Playbook | Play 8 “Choose a modern technology stack”
68% Believe Open APIs will reinforce
OSS growth/adoption*
“digital services teams should consider using open source, cloud based, and commodity solutions across the technology stack”
⑤ Improved Quality
October 22, 2014 11
given enough eyeballs, all bugs are shallow
*Source: According to Black Duck’s Future of Open Source Survey, 2014 Quote: Linus’ Law
8/10 choose open source based on quality*
US Government Adoption of OSS
October 22, 2014 12
US Government’s Embrace of OSS
October 22, 2014 13
“When we collaborate in the open and publish our data publicly
we can improve government together.”
“While the U.S. government has, to date not issued guidance requiring a preference for open source, it has clearly indicated that open source products are to be given at least as much preference as proprietary
products.”
Quote: U.S. Digital Services Playbook | Play 13 “Default to Open”
Quote: Opensource.com
October 22, 2014 14
US Government’s Embrace of OSS (http://gov-oss.org/)
⑥ Community Involvement
October 22, 2014 15
Top 10 US government organizations using open source
+400 repositories
Source: http://www.govcode.org/stats
⑦ Reusability
October 22, 2014 16
“…allow the public to easily provide fixes and contributions, and enable reuse by entrepreneurs, nonprofits, other agencies, & the public.”
= “GitGov” reusable platform for agencies to rapidly build government services
Government’s Need for Security & Compliance
October 22, 2014 17
October 22, 2014 18
DHS & the SWAMP = Quality
“…with hundreds of open source software packages and multiple software assurance tools, we will improve the community’s understanding of and access to state-of-the-art software assurance.”
Source: govtech.com Quote: continuousassurance.org, about us, “outputs”
⑧ Compliance
October 22, 2014 19
Source: PWC, State of Compliance: 2013 Survey
32% rated Data Privacy & Confidentiality
the #1 perceived risk
to compliance
Compliance requires… -> flexibility & customization -> transparency & auditability -> open standards & APIs -> robust security & privacy
Summary of Reasons to Use Open Source
① Transparency/Auditability
② Community Involvement
③ Reduced Cost
④ Product Customization & Flexibility
⑤ Advanced Interoperability
⑥ Improved Quality
⑦ Re-Usability
⑧ Compliance
October 22, 2014 20
Open Source Email
October 22, 2014 21
Government & Email Security
Federal Information Processing Standards (FIPS): consistent use of security & communication guidelines through open standards
• Data Privacy 1. At-rest & in-motion encryption 2. End-to-end encryption
• Identity 1. Digital signature 2. 2-factor authentication
Open source email leverages open standards to provide compliant cryptographic modules for data encryption
October 22, 2014 22
Tenets for Secure Collaboration
October 22, 2014 23
Ability to integrate 2FA & encryption
Ability to provide control over data & hosting location
Ability to provide transparency on code base
October 22, 2014 24
Over 1,000 government & financial institutions rely on Zimbra to protect the security & privacy of their collaboration data.
October 22, 2014 25
KEEP CALM
AND
STAY OPEN
©2014 Zimbra Systems, Inc. All rights reserved. Zimbra and its symbol are registered trademarks or trademarks of Zimbra, Inc. Other company and product names mentioned herein are property of their respective owners. The contents of this publication are subject to change without notification and are the property of and cannot be reproduced without the written permission of Zimbra. The contents of this publication are not a commitment by Zimbra to provide the features and benefits described.
www.zimbra.com
October 22, 2014 26