Two Companies, Both Alike in Dignity
April 18, 2013 •Walt Paley
... in fair Silicon Valley where we lay our scene ...
This week, SafeLogic posted our first two case studies. (You can download them here.) While I will leave the particulars as a treat for those who read them, here are four reflections that I'd like to share on the similarities between these use cases. Don't worry, I won't write them in iambic pentameter.
- Both customers have sparkling reputations for security, assurance, and reliability. Neither has any appetite for risk in that regard. SafeLogic is a new company, but the expertise of the founders soothed any hesitation and both chose to stake their credibility on the quality of our products.
- Both are extremely large companies that recognize the value in letting their engineering team specialize. Pulling people off of their core tasks in order to learn on the job and reinvent the wheel is something that established teams like to avoid whenever possible. This allows each developer to maximize their time on responsibilities for which they are best suited.
- In addition, in both cases, the client recognized the value proposition of offloading cryptography to SafeLogic. Both are large enough that they could reasonably invest in the R&D of an in-house solution, but both deemed it unnecessary and found the best ROI to be in this scenario. SafeLogic has already done the heavy lifting, and will aggressively maintain the product certification. This saves clients from a massive expense and continuing headache, and offers the immediacy of 'Drop In Compliance'.
- Each client seeks clear differentiation from the market. In the eyes of the federal government, using an unvalidated cryptographic solution is equal to using none at all. Unless you can rely on the independent validation of the module, you cannot rely on it at all. Both of these cases recognized that their end users come to them looking for the absolute best in class, and that meant being able to answer 'Yes' to the questions of compliance.
Although the title of this post references the most famous tragedy of all time, this story definitely has a happily ever after. Every one of these points apply to companies smaller, leaner, and with fewer resources than these two customers. In fact, they aren't just relevant, they take on even more importance. The costs associated with traditional paths to compliance are extremely high, and they represent a more significant investment by ratio to smaller companies. So if the ROI makes sense for companies who can afford to absorb long term costs, you better believe that it pencils out for everybody.

Walt Paley
Walter Paley is the VP of Communications for SafeLogic. He is responsible for strategy, content, marketing, and outreach. Walt has worked with a series of start-ups and companies in growth stages, including Nukona (acquired by Symantec), Qubole, Bitzer Mobile (acquired by Oracle), and TigerText, among others. An Alumnus of the psychology program at UC San Diego, Walt lives in Southern California with his wife, kids, and their black lab, Echo.
Popular Posts
Search for posts
Tags
- FIPS 140 (102)
- FIPS validation (83)
- Encryption (68)
- cryptography (63)
- NIST (60)
- CryptoComply (58)
- SafeLogic (58)
- Industry News (54)
- cryptographic module (51)
- Conversations (49)
- CMVP (48)
- RapidCert (46)
- compliance (39)
- Ray Potter (33)
- SafeLogic News (33)
- Event (27)
- federal (27)
- CAVP (23)
- Cybersecurity (22)
- algorithm (22)
- #LoveOurCustomers (15)
- OpenSSL (14)
- government (14)
- CryptoCompact (13)
- Cryptology (12)
- DoD (12)
- FedRAMP (12)
- RSA (12)
- compatible (12)
- partners (12)
- NSA (11)
- healthcare (11)
- AES (9)
- Apple (9)
- Cloud (9)
- FIPS 140-3 (9)
- Wearable (9)
- award (9)
- health (9)
- security (9)
- time (9)
- HIPAA (8)
- Homeland Security (8)
- IoT (8)
- Suite B (8)
- hack (8)
- testing (8)
- whitepaper (8)
- CMMC (7)
- agency (7)
- client (7)
- constrained devices (7)
- Advisories (6)
- Approved Products List (APL) (6)
- HITECH (6)
- holiday (6)
- lab (6)
- vulnerability (6)
- Acumen (5)
- CEO (5)
- Dual EC DRBG (5)
- Google (5)
- Google Glass (5)
- ICMC (5)
- Microsoft (5)
- NIST 800-171 (5)
- NIST 800-53 (5)
- OpenSSL 3.0 (5)
- Safe Harbor (5)
- Wes Higaki (5)
- Whit Diffie (5)
- ePHI (5)
- healthIT (5)
- heartbleed (5)
- mHealth (5)
- procurement (5)
- vulnerable (5)
- C3PAO (4)
- HHS (4)
- HITECH Act (4)
- Mark Minnoch (4)
- Samsung (4)
- Vegas (4)
- archive (4)
- attack (4)
- blog (4)
- breach (4)
- breaches (4)
- deadline (4)
- encrypt (4)
- health IT (4)
- innovation (4)
- military (4)
- procure (4)
- AFCEA (3)
- Air Force (3)
- BSAFE (3)
- BouncyCastle (3)
- CSE (3)
- Common Criteria (3)
- DFARS (3)
- DISA (3)
- EMM (3)
- FIPS 186 (3)
- FIPS-approved (3)
- HIMSS (3)
- HIPAA Safe Harbor (3)
- HITECH Safe Harbor (3)
- Heartbleed Bug (3)
- Implementation Guidance (3)
- Implementation Under Testing (3)
- InfoSec (3)
- NVLAP (3)
- National Institute of Standards and Technology (3)
- New Year (3)
- OCR (3)
- OpenSSL 1.1.1 (3)
- PHI (3)
- POA&M (3)
- Snowden (3)
- advisor (3)
- blackberry (3)
- budget (3)
- bug (3)
- competition (3)
- connected (3)
- constrained (3)
- data at rest (3)
- editorial (3)
- forum (3)
- goals (3)
- healthcare IT (3)
- iPhone (3)
- liberty (3)
- magazine (3)
- open source (3)
- patriotic (3)
- privacy (3)
- public sector (3)
- queue (3)
- revalidation (3)
- software (3)
- speaking (3)
- transition (3)
- vulnerabilities (3)
- 3PAO (2)
- ACVP (2)
- BA (2)
- BAA (2)
- CIO (2)
- CSEC (2)
- CSP (2)
- CoIT (2)
- Coalfire (2)
- Cyber Defense Magazine (2)
- Cyberattack (2)
- DIY (2)
- Defense Industrial Base (2)
- Diffie-Hellman (2)
- ECDH (2)
- EHR (2)
- FBI (2)
- FIPS 197 (2)
- FIPS 199 (2)
- FIPS ready (2)
- Facebook (2)
- FinalCode (2)
- Firefox (2)
- Forbes (2)
- HIPAA security controls (2)
- Historical (2)
- Historical Status (2)
- IPsec (2)
- IPsec VPN (2)
- Java (2)
- Jawbone (2)
- Jawbone Up (2)
- Level 1 (2)
- Level 2 (2)
- Level 3 (2)
- Level 4 (2)
- MFA (2)
- MSFT (2)
- Maribel Lopez (2)
- Marine Corps (2)
- Marines (2)
- Mark (2)
- Marquess (2)
- Module in Process (2)
- Mozilla (2)
- NIST 800-111 (2)
- NIST 800-38 (2)
- NSS (2)
- Naughty List (2)
- Navy (2)
- Nest (2)
- Nest thermostat (2)
- Network Security Services (2)
- OpenSSL 1.0.2 (2)
- Pentagon (2)
- Poodle (2)
- President (2)
- RNG (2)
- RSA BSAFE (2)
- RSA Security (2)
- SHA (2)
- SPRS (2)
- SSL (2)
- SSL VPN (2)
- Samsung Galaxy Gear (2)
- San Francisco (2)
- Securonix (2)
- Silicon Valley (2)
- Smart Fridge (2)
- Steve Marquess (2)
- Suite A (2)
- TLS (2)
- TLS 1.3 (2)
- U.S. (2)
- U.S. Armed Forces (2)
- UK (2)
- US (2)
- US Armed Forces (2)
- USA (2)
- Up (2)
- VPN (2)
- Walt Paley (2)
- Webinar (2)
- Wired (2)
- accelerate (2)
- achieving safe harbor (2)
- achieving safe harbor in healthcare (2)
- acquisition (2)
- archive list (2)
- armed forces (2)
- article (2)
- backdoor (2)
- benchmark (2)
- breach notification (2)
- business associate (2)
- business associate agreement (2)
- case study (2)
- checkmark (2)
- code (2)
- competitor (2)
- constrained device (2)
- consultant (2)
- consultants (2)
- consulting (2)
- cost (2)
- cyber terrorism (2)
- data in motion (2)
- developer (2)
- doctor (2)
- entropy (2)
- excellence (2)
- fast (2)
- federal acquisition (2)
- federal procurement (2)
- federal shutdown (2)
- finance (2)
- firmware (2)
- founder (2)
- freedom (2)
- goal (2)
- gold (2)
- guest (2)
- hardware (2)
- hurdle (2)
- hybrid (2)
- iOS 6 (2)
- key management (2)
- leader (2)
- legacy (2)
- mandate (2)
- maturity (2)
- medal (2)
- overlap (2)
- patch (2)
- patches (2)
- patient (2)
- penalties (2)
- pilot (2)
- post-quantum cryptography (2)
- re-validation (2)
- regulated industry (2)
- research (2)
- rival (2)
- security breach (2)
- session (2)
- shutdown (2)
- solution (2)
- speed (2)
- sponsors (2)
- startup (2)
- sunset (2)
- support (2)
- team (2)
- technology (2)
- terrorism (2)
- terrorist (2)
- use case (2)
- vendor (2)
- year (2)
- year end (2)
- (ISC)2 (1)
- 21st Century Cures Act (1)
- Active Status (1)
- Alliance for Digital Innovation (1)
- Amazon (1)
- Android (1)
- Army (1)
- BYOD (1)
- Boeing (1)
- Brent Cook (1)
- Bruce Schneier (1)
- CCEVS (1)
- CES (1)
- CIO Prime Views (1)
- CIO Story (1)
- CIOstory (1)
- CNET (1)
- CNN (1)
- CNSA (1)
- CNSS (1)
- COTS (1)
- CSF (1)
- CTR_DRBG (1)
- CUI (1)
- Cameron (1)
- Chris Conlon (1)
- Columbia University (1)
- Commercial Solutions for Classified (1)
- Cryptographic Technology Group (1)
- Cryptsoft (1)
- CsfC (1)
- Cupertino (1)
- Cyber Monday (1)
- D-FLIP (1)
- DEA (1)
- DES (1)
- DHS (1)
- DIU (1)
- DIUx (1)
- DNA (1)
- DOJ (1)
- Daniel Franke (1)
- David Cameron (1)
- David Hook (1)
- EPCS (1)
- Erlich Bachman (1)
- Extended Support (1)
- FCA (1)
- FF1 (1)
- FF3 (1)
- FIPS Compliance (1)
- FISMA (1)
- FITARA (1)
- FOM (1)
- FOM 2.0 (1)
- FPE (1)
- FUD (1)
- False Claims Act (1)
- Fear and Loathing (1)
- Fed (1)
- Federal IT Sales Summit (1)
- Fitbit (1)
- Florida (1)
- Forbes Magazine (1)
- Fourth of July (1)
- Frank McDonough (1)
- G.18 (1)
- GCHQ (1)
- GNU (1)
- GNU Project (1)
- GSA (1)
- Galaxy (1)
- Galaxy Gear (1)
- Gartner (1)
- Gartner Symposium (1)
- Gavin Belson (1)
- Globo (1)
- GnuPG (1)
- GoBe (1)
- Golden Globes (1)
- Govie (1)
- Govies (1)
- Grammy (1)
- Grammys (1)
- HASH_DRBG (1)
- HBO (1)
- HIIPA (1)
- HIPPA (1)
- HIT (1)
- HITRUST (1)
- HITRUST CSF (1)
- HMAC (1)
- HMAC_DRBG (1)
- HUD (1)
- Healbe (1)
- Heartbeat (1)
- Hebdo (1)
- Hooli (1)
- Hummer (1)
- Humvee (1)
- Hunter S. Thompson (1)
- IBM (1)
- ICMC 2013 (1)
- ICS (1)
- ICS-ISAC (1)
- IPB (1)
- ISO (1)
- ISO 19790 (1)
- ISO 24759 (1)
- ITexpo (1)
- ITexpo West (1)
- ITexpo West 2014 (1)
- Immix (1)
- In Progress (1)
- In Progress List (1)
- Inauguration (1)
- Industrial Control System (1)
- Infogard (1)
- Intel (1)
- Investigatory Powers Bill (1)
- Iron Mountain (1)
- JAR (1)
- JCE (1)
- JITC (1)
- JLTV (1)
- JSSE (1)
- Jack Barker (1)
- Jawbone Up24 (1)
- Joint Light Tactical Vehicles (1)
- KAS (1)
- KBKDF (1)
- Kamala Harris (1)
- Katie Arrington (1)
- Kestler (1)
- Kris van Riper (1)
- LRSB (1)
- Lee (1)
- Lee Kestler (1)
- Legacy List (1)
- Legacy Validation List (1)
- Legion (1)
- LibreSSL (1)
- LinkedIn (1)
- Linux (1)
- Lockheed (1)
- Lockheed Martin (1)
- Lopez Research (1)
- MDMPP (1)
- MDPP (1)
- MIT (1)
- MWC (1)
- Macintosh (1)
- Marissa Mayer (1)
- Mark Amtower (1)
- Matt Caswell (1)
- Matt Cornelius (1)
- Matthew Cornelius (1)
- Matthew Green (1)
- Maturity Model (1)
- Memorial Day (1)
- Michael Leonard (1)
- MicroStrategy (1)
- Microsoft Surface (1)
- Miramar (1)
- Multifactor (1)
- NCSL (1)
- NSA Suite B (1)
- Nevada (1)
- Nike+ (1)
- Nobel (1)
- North Korea (1)
- Northrup (1)
- Northrup Grumman (1)
- OCS (1)
- OMB (1)
- ONC (1)
- OSL (1)
- OSSL 1.1 (1)
- OSSL Foundation (1)
- OVS (1)
- Office 365 (1)
- Oracle (1)
- Orlando (1)
- Oscars (1)
- Osh Kosh (1)
- Oshkosh (1)
- Outlook (1)
- Oval Office (1)
- P-256 (1)
- P-384 (1)
- PC Mag (1)
- PCI (1)
- PCI-DSS (1)
- PIN (1)
- PIN code (1)
- PIN number (1)
- PM (1)
- PQC (1)
- PRISM (1)
- Padding Oracle On Downgraded Legacy Encryption (1)
- Palazzo (1)
- Palo Alto (1)
- Paris (1)
- Pence (1)
- Pied Piper (1)
- Pilgrims (1)
- Poison (1)
- Poodlebleed (1)
- Presidency (1)
- Prime Minister (1)
- Prius (1)
- Protection Profiles (1)
- Pulse Secure (1)
- Q4 (1)
- Quantum Dawn (1)
- Quest (1)
- RAR (1)
- REDCOM (1)
- RFP (1)
- Ralph C. Jensen (1)
- Ralph Jensen (1)
- Raytheon (1)
- Readiness Assessment Report (1)
- Rebranding (1)
- Redmond (1)
- Richard Hendricks (1)
- Rijndael (1)
- Rohit Sethi (1)
- Ryan Thomas (1)
- SC Magazine (1)
- SC-13 (1)
- SC-28 (1)
- SC-8 (1)
- SLED (1)
- SP (1)
- SP 800-113 (1)
- SP 800-56 (1)
- SP 800-77 (1)
- SP800-131A (1)
- SP800-90A (1)
- SSLv3 (1)
- Samsung Galaxy (1)
- Sands (1)
- Sands Expo (1)
- Satcom (1)
- Schneier (1)
- Sean Kerner (1)
- SecureAuth (1)
- Security B-Sides (1)
- Security Compass (1)
- SecurityToday (1)
- September 22 (1)
- Sergey Brin (1)
- Seth Rosenblatt (1)
- Sethi (1)
- Signal Magazine (1)
- Simon (1)
- Skipjack (1)
- Skunk Works (1)
- Skunkworks (1)
- Skydrive (1)
- Snooper's Charter (1)
- Softshell (1)
- Sony (1)
- Speck (1)
- Squanto (1)
- St Regis (1)
- StateRAMP (1)
- Steve Jobs (1)
- Surface (1)
- Susan McAndrew (1)
- Sweet32 (1)
- Symantec (1)
- TLS 1.1 (1)
- TLS 1.2 (1)
- TSMC (1)
- Taming the Transition (1)
- Taming the Transition: Marketing & Sales Tacti (1)
- Tanuj Gulati (1)
- Target (1)
- Target breach (1)
- Tesla (1)
- Theresa May (1)
- Thomas (1)
- Tim Hudson (1)
- Tisquantum (1)
- Tizen (1)
- Tom Cruise (1)
- Toyota (1)
- Toyota Prius (1)
- Triple DES (1)
- Trump (1)
- U.K. (1)
- U.S. Air Force (1)
- U.S. Army (1)
- U.S. Marines (1)
- U.S. Military (1)
- U.S. Navy (1)
- US Air Force (1)
- US Army (1)
- US Marines (1)
- US Military (1)
- US Navy (1)
- USMC (1)
- United Kingdom (1)
- United States (1)
- United States of America (1)
- Up24 (1)
- Vectra (1)
- Vectra Networks (1)
- Venetian (1)
- Verify (1)
- WEST (1)
- WEST 2020 (1)
- Wall Street (1)
- Weaved (1)
- Websense (1)
- WhatsApp (1)
- White House (1)
- Wiebe (1)
- Wired.co.uk (1)
- Wireless U (1)
- WolfSSL (1)
- Yahoo (1)
- Yier Jin (1)
- Yoics (1)
- You're fired! (1)
- Yubico (1)
- abbreviation (1)
- abbreviations (1)
- achieve (1)
- acronym (1)
- acronyms (1)
- administration (1)
- advantage (1)
- appointee (1)
- archival (1)
- assurance (1)
- authentication (1)
- autumn (1)
- aviation (1)
- background (1)
- ban (1)
- banish (1)
- banished (1)
- banishment (1)
- banned (1)
- batterygate (1)
- benchmarks (1)
- best (1)
- bid (1)
- blue angel (1)
- blue angels (1)
- bold (1)
- browser (1)
- bugs (1)
- calendar (1)
- capitol (1)
- certicom (1)
- challenge (1)
- champ (1)
- champion (1)
- channel (1)
- checklist (1)
- checkmarks (1)
- chief (1)
- chip (1)
- chipgate (1)
- choice (1)
- choose (1)
- chosen (1)
- cipher (1)
- citizen (1)
- citizenship (1)
- co-founder (1)
- codebase (1)
- codies (1)
- comment period (1)
- comparison (1)
- compete (1)
- competitive (1)
- competitive advantage (1)
- complaint (1)
- complaints (1)
- complete (1)
- concurrent (1)
- confusion (1)
- congress (1)
- contract (1)
- crime (1)
- criminal (1)
- critical infrastructure (1)
- cryptographer (1)
- cybertech (1)
- data (1)
- data center (1)
- data centers (1)
- data security (1)
- dates (1)
- david hume (1)
- debt ceiling (1)
- decryption (1)
- deploy (1)
- deployment (1)
- development (1)
- dictionary (1)
- differentiator (1)
- disambiguate (1)
- download (1)
- drones (1)
- eBay (1)
- eBay breach (1)
- eHealth (1)
- eWeek (1)
- editor (1)
- editor-in-chief (1)
- effort (1)
- elliptic curve cryptography (1)
- embedded (1)
- emerging (1)
- engineer (1)
- engineering (1)
- enterprise security (1)
- executive (1)
- exhibit (1)
- exhibit hall (1)
- expectations (1)
- expert (1)
- expertise (1)
- experts (1)
- expiration (1)
- expire (1)
- extended (1)
- fall (1)
- faq (1)
- finalist (1)
- finalists (1)
- financial (1)
- fines (1)
- fintech (1)
- fips inside (1)
- fiscal (1)
- fiscal year (1)
- fitness tracker (1)
- fitness trackers (1)
- fix (1)
- fixes (1)
- flight (1)
- forecast (1)
- format-preserving (1)
- format-preserving encryption (1)
- fraud (1)
- frempetitor (1)
- frempetitors (1)
- frenemies (1)
- frenemy (1)
- furlough (1)
- future (1)
- global (1)
- globee (1)
- glossary (1)
- goose (1)
- gotcha (1)
- gov (1)
- gov't (1)
- guest blog (1)
- guest post (1)
- hashed (1)
- head-to-head (1)
- heads up displays (1)
- hill (1)
- hiring freeze (1)
- history (1)
- home automation (1)
- homeland (1)
- honor (1)
- honored (1)
- hospital (1)
- human rights (1)
- hume (1)
- humor (1)
- hurdles (1)
- iMessage (1)
- iOS (1)
- iOS 7 (1)
- iPad (1)
- iToilet (1)
- industry (1)
- intellectual property (1)
- interim final rule (1)
- international (1)
- interview (1)
- issues (1)
- kratos (1)
- launch (1)
- law enforcement (1)
- libgcrypt (1)
- malicious (1)
- maverick (1)
- medals (1)
- medical (1)
- medicine (1)
- meek (1)
- milestone (1)
- mobile security (1)
- mobility (1)
- mocana (1)
- money (1)
- multi-factor (1)
- multi-factor authentication (1)
- musings (1)
- national cybersecurity strategy (1)
- naval aviator (1)
- need for speed (1)
- neglect (1)
- network (1)
- new (1)
- new OSSL (1)
- news (1)
- nominate (1)
- nominated (1)
- nominee (1)
- nominees (1)
- offload (1)
- opportunities (1)
- opportunity (1)
- outsource (1)
- panel (1)
- parallel (1)
- passwords (1)
- past (1)
- patient data (1)
- philosopher (1)
- philosophy (1)
- physician (1)
- piece (1)
- pilots (1)
- plane (1)
- plans (1)
- platinum (1)
- post (1)
- presentation (1)
- press release (1)
- priorities (1)
- priority (1)
- prize (1)
- profile (1)
- proposal (1)
- proposed (1)
- proud (1)
- provider (1)
- public (1)
- public comment (1)
- public comment period (1)
- public list (1)
- quant (1)
- quant self (1)
- quantified (1)
- quantified self (1)
- queue length (1)
- quinquennial (1)
- re-validate (1)
- reflection (1)
- regulations (1)
- representatives (1)
- required (1)
- requirement (1)
- researchers (1)
- reseller (1)
- revalidate (1)
- revenue (1)
- revoke (1)
- revoked (1)
- rights (1)
- rivals (1)
- roadblock (1)
- roadmap (1)
- rsa conference (1)
- sales (1)
- salted (1)
- savings (1)
- scalability (1)
- season (1)
- security software (1)
- select (1)
- selected (1)
- selection (1)
- self-driving (1)
- self-driving car (1)
- senate (1)
- senators (1)
- server (1)
- servers (1)
- silver (1)
- simplify (1)
- smart cars (1)
- smart home (1)
- smart toilet (1)
- smartwatch (1)
- sole source provider (1)
- sole-source (1)
- speak (1)
- speaking session (1)
- specialization (1)
- stand for (1)
- standards (1)
- start-up (1)
- state (1)
- stealth mode (1)
- stigma (1)
- story (1)
- strategy (1)
- success (1)
- summer (1)
- sunet (1)
- sunset date (1)
- sunsetted (1)
- symposium (1)
- talk (1)
- tech (1)
- technical (1)
- term (1)
- terminology (1)
- terms (1)
- threat detection (1)
- threats (1)
- toilet (1)
- top gun (1)
- training (1)
- trophy (1)
- unicorn (1)
- use cases (1)
- value (1)
- vendors (1)
- website (1)
- whining (1)
- whistleblower (1)
- whistleblowing (1)
- wifi (1)
- wrap (1)
- wrap-up (1)