Why Governments Depend on Open Source for Secure, Private Email

Olivier Thierry CMO, Zimbra

Increased Need of Security & Privacy

October 22, 2014 2

October 22, 2014 3

We Need to Elevate Security & Privacy

October 22, 2014 4

Source: xkcd.com/538

① Transparency/Auditability

October 22, 2014 5

NO • “skeleton keys”• hidden components• embedded proprietary

software

Heartbleed patch on git.openssl.org

Worldwide Adoption of Open Source Software (OSS) by Public Sector

October 22, 2014 6

October 22, 2014 7

Community Code

Extensions

②  Reduced Cost

October 22, 2014 8

Open Source Project Open Source Community

*Industry standard: ~$10 - $20 / line of code Source: Black Duck Software | Cost, Freedom and Control: The Dividends of Migrating to Open Source

Force Multiplier

Patches

Add-ons

Modules

Products

Support

Security

OS Core

③  Product Customization & Flexibility

October 22, 2014 9

The core open source product +

Product extensions into your unique environment

The products you want to use & the solutions you need =

Community Code Extensions

OS Core

④  Advanced Interoperability

October 22, 2014 10

*Source: According to Black Duck’s Future of Open Source Survey, 2014 Quote: U.S. Digital Services Playbook | Play 8 “Choose a modern technology stack”

68% Believe Open APIs will reinforce

OSS growth/adoption*

“digital services teams should consider using open source, cloud based, and commodity solutions across the technology stack”

⑤  Improved Quality

October 22, 2014 11

given enough eyeballs, all bugs are shallow

*Source: According to Black Duck’s Future of Open Source Survey, 2014 Quote: Linus’ Law

8/10 choose open source based on quality*

US Government Adoption of OSS

October 22, 2014 12

US Government’s Embrace of OSS

October 22, 2014 13

“When we collaborate in the open and publish our data publicly

we can improve government together.”

“While the U.S. government has, to date not issued guidance requiring a preference for open source, it has clearly indicated that open source products are to be given at least as much preference as proprietary

products.”

Quote: U.S. Digital Services Playbook | Play 13 “Default to Open”

Quote: Opensource.com

October 22, 2014 14

US Government’s Embrace of OSS (http://gov-oss.org/)

⑥  Community Involvement

October 22, 2014 15

Top 10 US government organizations using open source

+400 repositories

Source: http://www.govcode.org/stats

⑦  Reusability

October 22, 2014 16

“…allow the public to easily provide fixes and contributions, and enable reuse by entrepreneurs, nonprofits, other agencies, & the public.”

= “GitGov” reusable platform for agencies to rapidly build government services

Government’s Need for Security & Compliance

October 22, 2014 17

October 22, 2014 18

DHS & the SWAMP = Quality

“…with hundreds of open source software packages and multiple software assurance tools, we will improve the community’s understanding of and access to state-of-the-art software assurance.”

Source: govtech.com Quote: continuousassurance.org, about us, “outputs”

⑧  Compliance

October 22, 2014 19

Source: PWC, State of Compliance: 2013 Survey

32% rated Data Privacy & Confidentiality

the #1 perceived risk

to compliance

Compliance requires… -> flexibility & customization -> transparency & auditability -> open standards & APIs -> robust security & privacy

Summary of Reasons to Use Open Source

①  Transparency/Auditability

②  Community Involvement

③  Reduced Cost

④  Product Customization & Flexibility

⑤  Advanced Interoperability

⑥  Improved Quality

⑦  Re-Usability

⑧  Compliance

October 22, 2014 20

Open Source Email

October 22, 2014 21

Government & Email Security

Federal Information Processing Standards (FIPS): consistent use of security & communication guidelines through open standards

•  Data Privacy 1.  At-rest & in-motion encryption 2.  End-to-end encryption

•  Identity 1.  Digital signature 2.  2-factor authentication

Open source email leverages open standards to provide compliant cryptographic modules for data encryption

October 22, 2014 22

Tenets for Secure Collaboration

October 22, 2014 23

Ability to integrate 2FA & encryption

Ability to provide control over data & hosting location

Ability to provide transparency on code base

October 22, 2014 24

Over 1,000 government & financial institutions rely on Zimbra to protect the security & privacy of their collaboration data.

October 22, 2014 25

KEEP CALM

STAY OPEN

©2014 Zimbra Systems, Inc. All rights reserved. Zimbra and its symbol are registered trademarks or trademarks of Zimbra, Inc. Other company and product names mentioned herein are property of their respective owners. The contents of this publication are subject to change without notification and are the property of and cannot be reproduced without the written permission of Zimbra. The contents of this publication are not a commitment by Zimbra to provide the features and benefits described.

www.zimbra.com

October 22, 2014 26

Why Governments Depend on Open Source for Secure, Private Email

Technology

Secure Communications Built or the uture - BlackBerry · Secure Communications Built or the uture Brochure How BlackBerry’s SecuSUITE Changes the Way Governments and Enterprises

Criteria | Governments | U.S. Public Finance: U.S. Local Governments … Reports/Credit... · 2013. 9. 13. · 1. Local Governments Globally 9. Local governments exist to provide

SECURE SYSTEMS, NETWORKS AND DEVICES …packet data network is the trusted platform that public safety, government agencies, the U.S. military and thousands more entities depend on

FAIRTRADE AND COcoa/media/fairtradeuk/farmers...FAIRTRADE AND COcoa Around 50 million people globally depend on cocoa for their livelihoods, while governments in producing countries

Problems in the New Nation. Declaration of Independence …to secure these rights, governments are instituted among men, deriving their just powers from

InCLUDE Data Exchange - National Environmental … · · 2012-08-28A secure web application allowing local governments to upload and ... Is a flexible framework for building rich

N depend & cql

Depend catalog

Public Business - nec.com · Public Business — SWOT Analysis In the Public Business, we provide safe, secure and efficient social solutions for governments, governmental agencies,

Desider July 2019 - assets.publishing.service.gov.uk › government › uploads › syst… · as cybersecurity, geointelligence and secure communications we’ve been serving governments

Dairy Export Certification - Agricultural Marketing Service · Exchange System (eTDE). eTDE provides a secure environment for sharing trade documentation with governments and businesses

Pacific Internet Governance Forum (IGF) Report 17 18 May ... · multistakeholder open process welcoming inputs from governments, the business sector, ... secure and safe Internet

Middle East Governments. How do governments distribute power?

DEMOCRATIC GOVERNMENTS vs. AUTHORITARIAN GOVERNMENTS

Open Government Partnership - … · 2019. 12. 17. · The Open Government Partnership (OGP) is a voluntary international initiative that aims to secure commitments from governments

Reliable, Secure Communications Networks Are Critical For ...communications, depend on a reliable and secure energy grid, and electric companies need interference-free wireless spectrum

UNECE’s role in the promotion of Intelligent …...23 Background document T he world’s citizens depend on safe, efficient and secure transport systems. Whether we travel by road,

Constant-Round Maliciously Secure Two-Party Computation in ... · cess to a large memory since in the circuits-based approach, dynamic memory accesses, which depend on the secret

August 2018 Newsbriefs - cdn.ymaws.com€¦ · so you can stay smart, strategic and secure. secure adj. 1. A situation that you can depend on because it is not likely to change. 2

Securing Cyberspace Through Public-Private Partnership€¦ · responsibility for ensuring a secure, reliable infrastructure upon which businesses and government services depend.”