Industry Leaders Band Together to Encourage Open Discussion about Security Products to Strengthen Cybersecurity Transparency and Innovation
LOS ANGELES – August 4, 2021 – Orca Security today announced the launch of TransparencyInCyber.org , a new initiative to elevate transparency and drive open discussion in the cybersecurity industry. Backed by industry leaders including BeyondTrust, Lucidum, IT Central Station, and Andy Ellis, the initiative shines a light on the 42 percent of cybersecurity companies that restrict their customers’ abilities to post reviews and benchmarks and challenges them to enable more open conversations about their products to support greater security for all.
With digital transformation rapidly accelerating across industries, the need for transparency is greater than ever. Cybersecurity is a critical anchor that keeps bad actors at bay and allows the world’s economies to flourish. Transparency in Cybersecurity’s mission is based on three core tenets to support this essential need:
These tenets will guide the efforts of the initiative to provide open conversations around the capabilities and best use cases of cybersecurity products and how best to advance the industry in a beneficial way for consumers and businesses alike.
“The need for transparency in cybersecurity is long overdue. Organizations hiding behind legal limitations and not allowing customers and third parties to review their products are gatekeeping the truth of their capabilities,” said Avi Shua, founding member of Transparency in Cybersecurity and co-founder & CEO of Orca Security. “No cybersecurity company or product is perfect but security by obscurity doesn’t work. We need to ask more cybersecurity companies to support honesty, and accessibility of product information to improve security for all.”
In conducting an independent survey of end-user license agreements (EULAs) from more than 200 private and public cybersecurity vendors, the initiative found that transparency is overwhelmingly lacking in some of the top companies’ agreements.
Key findings of the vendor scorecard research include:
The high number of companies restricting third-party benchmarks and reviews in their EULAs may lead to marketing messages that favor vendors’ business objectives instead of product users.
While these findings pose a clear signal for needed industry change, Transparency in Cybersecurity commends companies such as Akamai, Axonius, BeyondTrust, Duo Security, Kaspersky Labs, KnowBe4, and others who were found to allow third-party organizations and consumers to conduct honest reviews and examinations of their solutions.
QUOTES FROM FOUNDING MEMBERS
“Without cybersecurity transparency, the solutions organizations rely on for security, operations, management, marketing, development, and daily operations can be leveraged by threat actors against your environment. Identifying risks within them is critical to securing your organization and without cybersecurity transparency, vendors can obfuscate flaws that leave you unable to quantify the risks they represent. Remediating risks is a top priority for security professionals and cybersecurity transparency ensures they are identified, rated, and ultimately tracked through closure.” – Morey Haber, CIO | CISO of BeyondTrust
“Cyber security users seek transparency in an industry which is, by definition, sensitive about disclosing information. We are proud to take part in this important initiative, as product reviews provide an authentic perspective that can only come from a real customer. Neutral, structured reviews and analysis are critical to the validation and feedback sought by cyber security users and buyers.” – Russell Rothstein, CEO of IT Central Station
“It’s important that security teams understand the capabilities of their security solutions. Not just what works, but where they might need to bring in additional capabilities to complement the boundaries of their existing defenses. Without vendor transparency, companies might be surprised unpleasantly one day.” – Andy Ellis, CSO Hall of Fame 2021
“Many times restrictive clauses exist in EULA templates and vendors may not even be aware it’s in their agreement. This happened to Orca as well – we found out that some of our SaaS agreement variants had this clause (and of course we changed it immediately). We recommend talking to your vendor, and asking them to remove this clause before assuming that they really stand behind this restriction.” – Avi Shua, Co-Founder and CEO of Orca Security
“Imagine a world where automotive manufacturers can legally prohibit safety reviews, pharmaceutical lab testing is barred by force of civil lawsuit, and the health claims of food additives cannot be publicly assessed. To our industry’s shame, that is the world of cybersecurity software. It’s anti-competitive, blinds the market, hurts the customer, and reduces the credibility of security software creators. It’s time to end the practice of gagging consumers and create a free and transparent industry. The result will only be better products, informed consumers, and a more secure industry. – Joel Fulton, PhD – CEO & Co-Founder of Lucidum
Started in 2020, Transparency in Cybersecurity is an initiative founded by industry-leaders including Orca Security, BeyondTrust, Lucidum, IT Central Station, and Andy Ellis with a focus on equalizing cybersecurity products through greater openness, communication, and accountability into business operations. While no product or company is perfect, digital commerce is vital to the free world and the public should have access to all facts.
Through open conversations, events, and more, Transparency in Cybersecurity is committed to working with industry leaders to provide greater access to as much information as possible on security products as customers evaluate their options. This in turn creates more opportunities for cybersecurity innovation. Transparency is a win-win for all involved.
Orca Security, the cloud security innovation leader, provides instant-on security and compliance for AWS, Azure, and GCP – without the gaps in coverage, alert fatigue, and operational costs of agents or sidecars.
Give your team superpowers and simplify security operations with a single SaaS-based cloud security platform for workload and data protection, cloud security posture management, vulnerability management, and compliance management. Instead of disparate tools operating in silos, Orca Security builds a graph that encompasses all cloud assets, software, connectivity, and trust – then prioritizes risk based on the severity of the underlying security issue, its accessibility, and business impact. This eliminates thousands of meaningless security alerts and helps you focus on what matters most.
With Orca Security, no code runs within your cloud environment. Orca SideScanning™ reads your cloud configuration and workloads’ runtime block storage out-of-band, detecting vulnerabilities, malware, misconfigurations, lateral movement risk, weak and leaked passwords, and unsecured PII. There are no overlooked assets, no DevOps headaches, and no performance hits on live environments.
Orca Security is trusted by global innovators, including Databricks, Autodesk, Lemonade, Gannett, and Robinhood. Connect your first cloud account in minutes and see for yourself. Visit https://orca.security