Lenovo Joins CISA’s Secure By Design Pledge


Lenovo takes a bold step towards fortifying cybersecurity by joining the Secure by Design pledge, initiated by the US Cybersecurity and Infrastructure Security Agency (CISA).

This collaborative endeavor, announced on May 8th, unites industry giants in a concerted effort to raise security standards across diverse tech sectors.

With a comprehensive approach encompassing multi-factor authentication, vulnerability reduction, and robust supply chain security, Lenovo stands at the forefront of this initiative, highlighting the initiative of Secure by Design.

Lenovo Joins CISA’s Secure by Design Pledge

The Secure by Design pledge targets key facets of enterprise technology, including software products and services, on-premises solutions, cloud services, and SaaS features. Participating companies, including Lenovo, pledge to make tangible strides across seven core focus areas. 

These encompass critical aspects such as multi-factor authentication (MFA), default password protocols, vulnerability reduction, security patching, vulnerability disclosure policies, common vulnerabilities and exposures (CVE), and intrusion evidence. Doug Fisher, Lenovo’s Chief Security Officer, expressed profound support for the pledge, emphasizing the critical of industry-wide collaboration in fortifying cybersecurity frameworks. 

“We commend CISA’s initiative to drive an industry-wide ‘secure by design’ pledge and welcome the opportunity to align our own well-established security by design approach with other industry best practices,” stated Fisher. “It’s good for the industry that global technology leaders are able to share best practices, driving meaningful progress and accountability in security.”

Lenovo’s commitment to the Secure by Design pledge dovetails seamlessly with its existing security protocols. The company boasts a robust security infrastructure encompassing best-in-class practices across product development, supply chain management, and privacy initiatives. These include the implementation of the Security Development Lifecycle, a vigilant Product Security Incident Response Team (PSIRT), and stringent global supply chain security measures.

“Our pledge transcends geographies and benefits all our global customers who face the same industry-wide security challenges US CISA seeks to address, including continued alignment with emerging security regulations around the world,” remarked Fisher, underlining Lenovo’s global outlook towards cybersecurity enhancement.

Global Cybersecurity Initiative

Lenovo’s proactive stance positions it as a pioneer among the initial group of 68 companies committing to the Secure by Design pledge. These companies, range from tech titans like Amazon Web Services, Cisco, Google, IBM, Microsoft, Palo Alto Networks, and Trend Micro to cybersecurity specialists such as Claroty, CrowdStrike, Cybeats, Finite State, Forescout, Fortinet, Rapid7, SentinelOne, Sophos, Tenable, Trend Micro, and Zscaler, have all endorsed the Secure by Design pledge. 

The Secure by Design pledge highlights a voluntary commitment to advancing security measures within enterprise software realms, aligning with CISA’s overarching principles. While physical products like IoT devices and consumer goods fall outside the pledge’s scope, participating companies pledge to diligently pursue the outlined goals over the ensuing year.

Furthermore, the pledge encourages radical transparency, urging manufacturers to publicly document their progress and challenges encountered. This fosters a culture of accountability and knowledge sharing within the cybersecurity domain.

In acknowledging the diversity of approaches, the pledge empowers software manufacturers to devise bespoke strategies tailored to their product portfolios. Companies exceeding the outlined goals are encouraged to share their methodologies, fostering an environment of continuous improvement and innovation.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.



Source link