JFrog Xray: Securing Enel’s software supply chain at DevOps speed
The world runs on software. As our lives become more digital and companies like Enel create new software to adapt to the ever-changing needs of customers and industries 4.0, cybersecurity threats abound. Despite all the warnings and high-profile breaches, the state of readiness of companies’ cybersecurity is still dismal.
2020 and 2021 saw a tremendous surge in cyber-attacks and some of the main targets were Internet of things (IoT) devices. IoT devices store, transmit, and process so much essential data every day, becoming the perfect target for cyber-criminals. According to Cyber Magazine, IoT devices suffer an average of 5,200 cyber-attacks every month.
By 2025, the International Data Corporation (IDC) predicts that there will be 55.7 billion connected devices worldwide. How can we mitigate the risks of cyber threats in light of all this data and regulated software? At Enel, security and compliance go hand-in-hand with any digitalization effort; moreover, we are collaborating with the end-to-end DevOps platform JFrog and their Xray solution to ensure risks are mitigated.
Optimal product security
“If an organization suffers a data breach or violates a government regulation, consequences can include a costly and complex remediation process, loss of revenue, brand damage, legal liability, fines and more,” explains Netanel Davidi, Senior Vice President at JFrog Security. This is why security and compliance checks must be embedded and automated across the entire software distribution life cycle (SDLC), allowing development teams to act proactively and fix issues quickly. This way, software is not released with security flaws (like unpatched vulnerabilities) or other issues (such as application misconfigurations).
At Enel, driving the energy transition through digitalization is a top priority for our business; and security cannot be put aside.
JFrog acquired the startup Vdoo in mid-2021 to combine its leading SDLC management and automation platform with best-in-class software supply chain security. The acquired solution is being integrated into Xray under the umbrella of the JFrog services. Davidi mentions that “the technology was built to address the exponential growth of IoT and connected devices, and the complexity of managing and securing them;" it is additionally designed to adapt to "an ever-growing variety of regulations.”
Organizations often attach embedded systems like cameras, access control systems, industrial control systems, and others to their networks, without always understanding the security and compliance risks involved. At best, these companies do manual pen-tests, which fall short of providing comprehensive, continuous risk assessments. Driven by an innovative mindset, Enel realized these pen-tests were not optimal nor scalable for our business. “After a demo session in 2021, Enel decided to use JFrog Xray to automate security assessments for connected devices scheduled for 2022,” confirms Harry Zorn, VP of Sales at JFrog.
“To be digital champions, businesses must release software frequently, quickly, and securely.”
Netanel Davidi, Senior Vice President at JFrog
Security and sustainable contribution
Through digitalization, Enel is able to conserve resources by automating and optimizing business processes, and by improving our overall efficiency and productivity. We are co-creating solutions ranging from integrated artificial intelligence for electric vehicles or monitors for wind turbine health, to new ways to enhance the customer experience through API.
As Zorn states, “IoT sensors, for example, can help a company monitor the performance of industrial machinery so that it operates efficiently and receives proper maintenance.” He continues by admitting that “if business processes and data are digitized without taking appropriate security and compliance measures, the results can be catastrophic.”
As the proliferation of IoT and embedded devices creates new risks, governments continue to adopt more regulations for data privacy and security across all industries, but especially impacting industries such as healthcare, finance, automotive, and manufacturing. “The Xray technology performs real contextual analysis, dramatically reducing false-positive rates, pinpointing the most critical issues that should be prioritized, and reducing blind spots, such as misconfigurations that can create security and compliance gaps,” affirms Zorn.
Globally reliable software
“At JFrog, we will remain focused on providing the best technology to make software release processes highly scalable, automated, and secure, thus empowering our customers to innovate and stay ahead of their competitors,” says Senior Vice President Davidi.
JFrog has become a valuable asset to our business and future vision by offering development, security, and operations teams a single solution for comprehensive testing and analysis of software security and compliance needs. Together with solvers, Enel will continuously create solutions that are customer-centric, reliable, timely, and, most of all, secure.