The world runs on software. As our lives become more digital and companies like Enel create new software to adapt to the ever-changing needs of customers and industries 4.0, cybersecurity threats abound. Despite all the warnings and high-profile breaches, the state of readiness of companies’ cybersecurity is still dismal.
2020 and 2021 saw a tremendous surge in cyber-attacks and some of the main targets were Internet of things (IoT) devices. IoT devices store, transmit, and process so much essential data every day, becoming the perfect target for cyber-criminals. According to Cyber Magazine, IoT devices suffer an average of 5,200 cyber-attacks every month.
By 2025, the International Data Corporation (IDC) predicts that there will be 55.7 billion connected devices worldwide. How can we mitigate the risks of cyber threats in light of all this data and regulated software? At Enel, security and compliance go hand-in-hand with any digitalization effort; moreover, we are collaborating with the end-to-end DevOps platform JFrog and their Xray solution to ensure risks are mitigated.
Optimal product security
“If an organization suffers a data breach or violates a government regulation, consequences can include a costly and complex remediation process, loss of revenue, brand damage, legal liability, fines and more,” explains Netanel Davidi, Senior Vice President at JFrog Security. This is why security and compliance checks must be embedded and automated across the entire software distribution life cycle (SDLC), allowing development teams to act proactively and fix issues quickly. This way, software is not released with security flaws (like unpatched vulnerabilities) or other issues (such as application misconfigurations).
At Enel, driving the energy transition through digitalization is a top priority for our business; and security cannot be put aside.
JFrog acquired the startup Vdoo in mid-2021 to combine its leading SDLC management and automation platform with best-in-class software supply chain security. The acquired solution is being integrated into Xray under the umbrella of the JFrog services. Davidi mentions that “the technology was built to address the exponential growth of IoT and connected devices, and the complexity of managing and securing them;" it is additionally designed to adapt to "an ever-growing variety of regulations.”
Organizations often attach embedded systems like cameras, access control systems, industrial control systems, and others to their networks, without always understanding the security and compliance risks involved. At best, these companies do manual pen-tests, which fall short of providing comprehensive, continuous risk assessments. Driven by an innovative mindset, Enel realized these pen-tests were not optimal nor scalable for our business. “After a demo session in 2021, Enel decided to use JFrog Xray to automate security assessments for connected devices scheduled for 2022,” confirms Harry Zorn, VP of Sales at JFrog.
“To be digital champions, businesses must release software frequently, quickly, and securely.”
Netanel Davidi, Senior Vice President at JFrog