Industries: cloud security

PRESS RELEASE | October 17, 2023

IOActive Becomes a Founding Provider for New Framework from Open Compute Project Foundation to Improve Data Center and Cloud Security Posture

Newly launched Security Appraisal Framework and Enablement program elevates security standards for data center providers and device manufacturers

OCP solution providerOctober 17, 2023, SEATTLE, WA – IOActive, Inc., the worldwide leader in research-fueled security services, today announced its support of and participation in the newly launched Open Compute Project Foundation (OCP) Security Appraisal Framework and Enablement (S.A.F.E.) program. This framework is designed to improve the trustworthiness of devices across all data center IT infrastructure and reduce overhead cost and redundancy of device security audits.

A community-led security program, OCP S.A.F.E. was created to bring a consistency of methodology and elevated security standards to both data center providers and device manufacturers. With S.A.F.E., device manufacturers and purchasers will receive independent verification of security integrity of current and future devices, to build trust with a cost-effective approach.

S.A.F.E. is made up of a standardized device specific audit checklist, developed and open sourced by the OCP community, along with criteria for selecting third party device security review auditors, who if qualified, become designated OCP Security Review Providers (SRP). As an OCP recognized SRP, IOActive is one of the founding vendors qualified to conduct device security reviews based on the S.A.F.E. checklist.

IOActive has been involved with guiding and developing the S.A.F.E. framework from the start, and as the world’s top independent security consultancy and leader in hardware hacking, the company’s experience, and selection as an OCP SRP, enables device manufacturers to quickly and efficiently meet current and future standards – now required by the OCP community.

A consistent and mature appraisal framework will ensure that device security improves across the industry. New and specialized vendors that struggle to fund and elevate the security of their devices to meet the demands of the world’s largest cloud providers will now have one clear security standard to strive for and have clarity over which agencies to engage in validating or improving the security of their product.

“Supply chain threats are the number one threat to enterprise and cloud security,” said Gunter Ollman, CTO at IOActive. “Securing the next generation of cloud technologies against these threats, along with any other current and future attack vectors, is historically costly and fragmented. The development of S.A.F.E.., with the support of IOActive and other Security Review Providers, will make a significant impact, up-lifting product and device security across the industry.”

To learn more about S.A.F.E. and how the framework will advance the security posture of device hardware and firmware components across the supply chain, visit opencompute.org.

About the Open Compute Project Foundation

At the core of the open compute project (OCP) is its community of hyperscale data center operators, joined by telecom and colocation providers and enterprise IT users, working with vendors to develop open innovations that when embedded in products are deployed from the cloud to the edge. The OCP Foundation is responsible for fostering and serving the OCP community to meet the market and shape the future, taking hyperscale led innovations to everyone. Meeting the market is accomplished through open designs and best practices, and with data center facility and IT equipment embedding OCP community developed innovations for efficiency, at-scale operations, and sustainability. Shaping the future includes investing in strategic initiatives that prepare the IT ecosystem for major changes, such as Al & ML, optics, advanced cooling techniques, and composable silicon. Learn more at opencompute.org.

PRESS RELEASE | October 12, 2023

IOActive Names Gunter Ollmann as Chief Technology Officer

Experienced cybersecurity executive joins IOActive as they deliver next generation innovative security research and services

October 12, 2023, SEATTLE, WA– IOActive, Inc., the worldwide leader in research-fueled security services, today announced that Gunter Ollmann joined the organization as Chief Technology Officer (CTO). In this role, Ollmann will focus on incubating and launching IOActive’s next generation of strategic security services and technology, expanding the innovative and industry-defining research and services that the company has been trailblazing for the past 25 years.

Ollmann comes on board at an exciting time as IOActive builds upon ongoing year-over-year growth and continues its expansion in ensuring their services best prepare organizations to stay ahead of the ever-evolving threatscape, increasing security and business resiliency against even the most formidable attackers. As CTO, he will play a key role in incubating new research-driven services and enhancing existing ones. Ollmann’s early focus will be on IOActive’s recent expansion of Silicon Security Services, honing in on silicon-level attack techniques that complement the advanced expertise IOActive developed in identifying potential embedded device attacks, leveraging techniques such as reverse engineering, fault injection, and side-channel analysis.

“Gunter’s broad knowledge of technology and security provides us with key perspectives as we build new ways to secure our clients’ organizations, products, and infrastructures. Technological innovations across AI, machine learning (ML), silicon, cloud, etc., are all playing an increasingly important role in an organization’s ecosystem and we are excited to continue ensuring our teams are building the most sophisticated tools, techniques, and knowledge to help our clients stay as secure and resilient as possible,” said Jennifer Sunshine Steffens, CEO of IOActive. “We are thrilled to have him on board as we continue our plans to elevate and commercialize our research and innovation.”

Ollmann has spent his career building and leading global consulting and product solutions spanning the cybersecurity domain and being an expert security advisor to Global 1000 companies. Prior to IOActive, Ollmann served as Chief Security Officer for Microsoft’s Cloud & AI Security division and led AI-based product and strategy for the leading vendors in the XDR (Vectra AI) and autonomous SOC/SIEM (Devo) spaces, incubating and driving multiple commercial products and services while protecting the world’s largest cloud applications and infrastructure. He has been at the forefront of applying ML and AI to cybersecurity for over a decade, holds multiple cyberthreat detection and mitigation patents, and has guided the innovation and patent process of hundreds of core technologies.

“Today, in-house security teams are defending an ever-expanding attack surface against an increasingly sophisticated and well-funded adversary, whilst having to compete globally for proven security expertise from an expensive and shrinking talent pool,” said Ollmann. “As Chief Technology Officer, I’m excited about helping lead the next stage of IOActive’s growth and innovation- delivering new cutting-edge security services and AI-assisted solutions whilst helping our clients and partners defend against today’s and tomorrow’s threats.”

About IOActive

IOActive is a trusted partner for Global 1000 enterprises, providing research-fueled security services across all industries. Our cutting-edge security teams provide highly specialized technical and programmatic services including full stack penetration testing, program efficacy assessments, and hardware hacking. IOActive brings a unique attacker’s perspective to every client engagement to maximize security investments and improve the security posture and operational resiliency of our clients. Founded in 1998, IOActive is headquartered in Seattle, WA with global operations.