Veritas Cyber Strategy—Secure by Design


Some things never change. For more than 30 years, Veritas has been committed to tackling the world's most complex data challenges for large enterprises. We excel at giving you the control you need to secure your data. We have helped organizations manage, protect, and recover their data while designing security protection to navigate every IT transformation.

We help you to protect, access, and utilize your data, when and where you need it, on nearly any platform. And we do it at scale for the largest and most complex environments around the globe. And that is not me boasting about our daily efforts to deliver innovative data management technology. We are recognized as a leader for the 18th consecutive time in the Gartner Magic Quadrant for Enterprise Backup and Recovery Software Solutions report.

One thing has changed. The threats to data. They’ve evolved beyond physical disasters like weather events, sprinkler systems, failed hardware, or human error. While we stand ready for traditional threats, we also guard against the new generation—malicious insiders, stolen credentials, and external attackers from criminal gangs and rogue states. That pivot affects the features we offer as well as the design principles and processes we use to create our software.

As threats increase, we have focused on transforming cyber resilience. As we started, the phrase “Secure by Default” kept bubbling to the top. We started with a naïve definition focused on how we could simplify security and make it inherent to both the design and outcome. We measured progress by the number of steps required to achieve an outcome. But we didn’t have a rigorous definition. It was a step forward, but our thinking needed maturity. 

That’s why when it emerged, we passed a publication from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) around the company like hot cookies fresh from the oven. This document was issued by 7 countries and 11 agencies. (Imagine getting that many governments and agencies to agree on anything!) It pointed to a framework that allowed us to measure our ambitions more rigorously for both “Secure by Default” and “Secure by Design.”

CISA Definitions 

  • Secure-by-Default means products are resilient against prevalent exploitation techniques out of the box without additional charge. These products protect against the most prevalent threats and vulnerabilities without end-users having to take additional steps to secure them.
  • Secure-by-Design means that technology products are built in a way that reasonably protects against malicious cyber actors successfully gaining access to devices, data, and connected infrastructure.

A Deeper Dive on Secure by Design

These definitions affect everything from how we develop our code to the features we deliver. Well before the CISA publication, we used the National Institute of Standards and Technology (NIST) Secure Software Development Framework (SSDF or NIST SP 800-218) to measure ourselves and ensure we were constantly increasing our security posture. The SSDF assesses the end-to-end process, including how we: 

  • Train developers
  • Test and review code before compiling and shipping it
  • Secure our internal development systems
  • Prioritize features 
  • Manage the software supply chain
  • Manage vulnerabilities 
  • Procure online services
  • Test our solutions using both internal red teams and external pen testers 

We're currently working with a Third-Party Assessment Organization (3PAO) for external attestation of our secure development practices. 

If all that seems confusing, look at it this way: Secure by Design is to a software company what a farm-to-table strategy is to a great restaurant, using fresh, local ingredients and handling in a food safe fashion, all using a repeatable process. 

Secure Future

Data is changing the world. Every company is now a data company. You need agility to optimize your business or maximize the value of your data with AI data-efficiency tools like Veritas Autonomous Data Management. You need the flexibility to securely protect all data. You need it to implement sustainability strategies to reduce data center footprint and CO2 emissions across your enterprise. 

Veritas is well positioned to enable you to do more with less. Designing products with security in mind ensures that you can adapt to evolving security and challenges. With Veritas addressing potential risks and vulnerabilities as we design security features, you can implement flexible security measures that you can update and upgrade as needed. This future-proofing approach helps maintain the integrity and security of our offerings — and your business.

Learn more about how Veritas is committed to safeguarding your data at our Veritas Trust Center: Security | Veritas

Tim Burlowski
Global Lead Cyber Resilience and Data Protection Strategy