Industry Profile: Interview with Bart Lauwers, CTO at SignaCert
By Patrick Savard
Today’s CIO is continuously challenged to dedicate more resources to innovation. At the same time, they are faced with the reality of limited budget growth. In this environment, optimization of ongoing operations is imperative. To further complicate matters, in most organizations, operations sucks up a significant portion of current IT spend. According to a recent report from Computer Economics, 74% of IT spending is dedicated to ongoing support.1 While cost is always a consideration, it is not the only concern for business leaders. A challenge for CIOs is balancing costs with providing quality service. From the same Computer Economics study, a majority of CIOs (51%) say the business wants an equal balance between service and cost.2
Cost Optimization and Revenue Growth
This requires a transformation from the traditional role of IT to “keeping the lights on,” to providing value-add services and contributing to the financial performance of the company through a balanced approach that delivers both cost optimization and revenue growth.
SignaCert, a technology provider based in Austin, TX, is an example of a company that has enabled clients to be transformational through advancing the way IT performs operations management. Their product, SignaCert Integrity™, enables both cost and service management, a balance that addresses the CIOs and CISOs biggest challenges. The company was recently named one of the top 50 start-ups in the Austin area.3
SignaCert works predominately through 3rd party partners as part of broad IT transformation initiatives, including government contractors and large system integrators.
In a recent interview with Bart Lauwers, CTO at SignaCert, he describes how this transformation occurs. “SignaCert Integrity™ enables organizations to achieve high IT maturity without significant manpower investments.” He continued to offer that SignaCert is revolutionizing IT compliance and change detection. The interview focused on how SignaCert has transformed the way businesses manage their IT infrastructure.
Bart joined the company in August 2015, bringing an extensive background in infrastructure management and security including eleven years at CISCO, where he first experienced development and use of advanced operations management technology. He said they could have used Integrity™ at that time instead of the custom solutions they developed. He realized then the value of advanced automation.
In his current role as the leader of design, development, and servicing of the product, Integrity™, he sees first-hand the power of this transformational technology.
Bart’s passion for business transformation through advanced automation; coupled with his experience in the trenches of IT, make him the ideal CTO at SignaCert. He fills a key role for the business, as it had recently spun off from ownership by Harris Corporation who had acquired the technology from the founder of Tripwire. As an independent business, Bart sees significant opportunity for growth of the Integrity™ product. “Integrity provides our customers with IT maturity in a box, allowing them to stop worrying about the fire drills, and giving them the bandwidth they need to deliver services that meet business needs.”
Whitelisting is Going Mainstream
Whitelisting is a core of this technology. Think of whitelisting as the reverse of blacklisting, the traditional method to identify malware. Whereas blacklisting identifies the “bad guys”, whitelisting identifies the “good guys”, through the development of a gold standard for files and executables. It defends endpoints by listing all the good stuff that is matched to what is deployed in the environment and constantly monitors for variances. It is effective in detecting malware not only through traditional penetration points such as email but also through other penetration points such as Internet access through a browser. It typically collects file name, publisher, size and digital signature, creating a repository for more quickly detecting future intrusions.
Gartner reports that 25% of enterprises are already deploying some form of whitelisting, and expects it to become mainstream by 2017. Gartner also predicts in three years, more than half of tablets, smartphones, desktops, and laptops will only be allowed to run pre-approved applications, with everything else locked out. This will provide challenges for companies who have given the freedom to their employees to manage their own devices, but as security becomes a bigger issue, it will be a priority over the convenience of the end-user.4
This method is the most effective way to significantly reduce the impact of malware in today’s environment according to Jim Beechy, in his article Application Whitelisting: Panacea or Propaganda?.5 SignaCert Integrity™ is designed to provide all of the benefits of whitelisting without the traditional operational friction that comes from allowing authorized changes. Both security and IT operations are enhanced rather than swaying one direction or the other.
SignaCert has pioneered known-provenance software measurements for use in addressing a broad range of IT challenges, including regulatory compliance, security, forensics, and overall IT life-cycle stability. Compliance is easily remedied by the ability to set compliance standards within the whitelist, and then identify variances to what is deployed and quickly bringing the environment back into compliance.
Of tremendous value to IT organizations is the ability to reduce “noise” in the environment by only alerting on deviations from correct states. Integrity™ automates problem identification, accelerates recovery and eliminates fire drills. It enables the proactive management of the infrastructure by identifying a variance from standard before it causes a failure in the environment.
The guts of the product is the Global Trust Repository (GTR™), the whitelist behind the product. Bart considers this the “Holy Grail” as he noted, “Every SignaCert customer can leverage our Global Trust Repository (GTR) which can recognize all major software released over the last 15 years. Therefore, our GTR drastically cuts down on the amount of effort required to identify your correct baseline.” The GTR™ is one of the only commercially available whitelist applications that provides this superior level of usable and actionable data. It contains the file DNA on millions of applications (over four and a half billion files).
The SignaCert approach is to deploy the tool alongside the development of ITIL processes.
“As part of deploying Integrity, we engage our customers to show them how to take advantage of highly mature ITIL processes for change, configuration, and release management. This combination of product and process delivers to customers the results they need to take control of their infrastructure.” – Bart Lauwers
Much like a CMDB and use of discovery tools, it is a compliance solution that measures, catalogs, and reports upon the reality of what’s running in the IT production environment against the expected configuration item (CI). It benefits the ITIL roles of Configuration Manager, Change Manager and Release Manager.
A good example of how this technology can transform IT operations, SignaCert worked with one of their Managed Security Service Providers (MSSPs) that coupled their tool and process together to deliver high maturity services that drastically improved their customers’ availability, stability, and performance. Results were an approximate 80% reduction in costs from repetitive operations tasks such as resolving the same or related incidents across their customer base.
This technology provider’s company vision is to continuously improve the Integrity™ product, from R&D efforts and client experience, to make it even more transformative for business to thrive in the digital era, by expanding penetration of the technology for different uses.
This transformative technology addresses the cost and service delivery challenges noted in the beginning. Operational resources can be reduced or redirected to innovative projects by automating more tasks and reducing the noise in the environment from a continuous flow of alerts, at the same time that operations management behind IT services delivery improves with the adoption of ITIL best practices alongside the use of the tool.
1 2015/2016 IT Spending & Staffing Benchmark, Chapter 3C-Large Organization Benchmarks, Computer Economics, pg. 17
2 2015/2016 IT Spending & Staffing Benchmark, Chapter 3C-Large Organization Benchmarks, Computer Economics, pg. 22
3 Austin Startups to watch in 2015, builtinaustin.com, February 10, 2015
4 Whitelisting: Why and How It Works, esecurityplanet.com, Drew Robb, September24, 2014
5 Application Whitelisting: Panacea or Propaganda?, SANS Institute whitepaper, Jim Beechy, December, 2010
The Institute for Digital Transformation was not compensated in any way for completing this Industry Profile. It is provided solely as a service to our members. Interview conducted January 21, 2016.
About the Author:
Patrick Savard is principal of Savard Solutions LLC. He has extensive experience in technology leadership, with strong capabilities in IT Program Management, Financial Management and IT Service Management. In addition, Patrick is highly capable of supporting and advising CIO leadership and has prepared Board of Director presentations and other high-level IT updates. Prior to launching his business, Patrick spent over 25 years working in information technology at McGraw-Hill and CIGNA. Along with his first hand experience, he stays current on industry trends through ongoing research of public and subscription based information.
Patrick has spoken at IT Financial Management Association (ITFMA) Conferences, as a panel speaker with the Info-Tech Research Group and with The Advisory Council’s (TAC) podcast series.
Leave a Reply