2015 SIIA CODiE Awards for Best Security Solutions: Who Stacks Up?

On Thursday, May 7th, The Software and Information Industry Association (SIIA) announced the winners of the 2015 CODiE Awards across over 75 categories, including best security solution.

The SIIA is a US based software and IT trade association, founded in 1984 to lobby US policy makers and to conduct surveys and business research. For 29 years, since 1986, the SIIA has held the CODiE awards as a way to evaluate and honor the information industry’s leading products and services.

“SIIA’s 2015 Software CODiE Award winners are some of the most innovative, high-impact software products in the market,” said Rhianna Collier, VP & General Manager for the Software & Services Division at SIIA, in a speech at the awards ceremony Thursday.

Here are the finalists in the best security solutions category:

CloudLock Security Fabric – CloudLock

“CloudLock — the world’s only cloud-to-cloud security provider — enables the business transformations that cloud applications provide in a secure and people-centric way, giving organizations confidence to securely execute business strategies. All other cloud security solution providers conduct some kind of man-in-the-middle-attack with in-line gateway encryption or proxy servers to see what is happening. The CloudLock approach is to allow organizations to protect data in the cloud, not from the cloud, using appropriate security measures aligned with unique data classification strategies.

CloudLock�s solutions give organizations control over their data in their public cloud applications (e.g. Google Apps, Salesforce, Dropbox, Box), without requiring invasive in-band technology, complicated overhead, or unanswered regulatory risk. Many of the world’s largest companies and institutions trust CloudLock’s approach of directly integrating with their SaaS applications, which makes robust security controls immediately available at a fraction of the cost and complexity of other alternatives.”

Fortify on Demand – Hewlett Packard 

“HP Fortify on Demand is a managed application security testing service that allows any organization to test the security of software quickly, accurately and affordably, without upfront investment of technology and resources. Not only does Fortify on Demand offer the fastest turnaround times for results, we back them with SLAs with contractual penalties.
It’s easy to get up and running and, with no software to buy or install, you can begin an assessment right away and quickly scale to hundreds of apps. Our flexible solution can assess them all; web, mobile and client whether developed in-house or by a third-party. Leverage Fortify on Demand with your build server to make uploads more frequent and automated for all applications.
Manage risk across your entire application security portfolio. A centralized portal with multiple levels of user permissions allows you to follow remediation projects and collaborate across teams. Our dashboards offer a working view of all your apps, allowing you to filter and categorize the view to prioritize action, and quickly drill down to fix prioritized issues. View your data by region, by business unit or any other criteria that you specify. Reporting is just as easy; share results via dashboard or customizable, drag-and-drop reports.”

Note: Fortify on Demand was also a finalist in the best mobile development solution category

www.nativeflow.com – Nativeflow

“Nativeflow provides a comprehensive mobility platform with a truly native user experience allowing users to work with native email and native market apps, all without compromising on compliance, productivity or security. The lightweight Nativeflow solution solves multiple mobile use cases including secure web access, enterprise app protection, email security and mobile data leakage prevention.”

Winner: www.synack.com – Synack

“Synack is a security startup that has created a unique Crowd Security Intelligence platform that delivers the most secure, continuous and scalable security assessment on the market. Synack launched in May 2013 by security experts and former National Security Agency analysts, Jay Kaplan, CEO, and Dr. Mark Kuhr, CTO.

The Synack platform leverages the best combination of humans and technology to create a uniquely powerful solution that provides ongoing and on-demand vulnerability intelligence. Synack’s security-as-a-service offering redefines the traditional static, signature-based model of security testing by providing a proactive, adversarial perspective of the enterprise IT environment.

Through Synack’s innovative model, customers safely engage a private community of the most sought-after and trusted security hackers in the world. The resulting actionable vulnerability intelligence augments internal security teams with unparalleled scale and diversity and enables business leaders to make better and faster risk management decisions to better protect their customers and brand.” 

Judging Criteria

The CODiE awards are judged in two phases: a first round review in which each nominated product is assigned to judges for evaluation, and a second round of SIIA member voting on finalists selected in the first round.

According to SIIA rules, judges must have proven experience in their category, must disclose any conflicts of interests, and may not review any products from companies that they’ve worked for in the past three years. Judges may not accept fees, gifts or personal benefits from vendors.

Nomination Process

Though judges aren’t allowed gifts or fees, the CODiEs are still, in the strictest sense of the term, a pay-to-play awards program. In order to nominate their products for selection in the awards, vendors must pay a fee to the SIIA— around $400 for SIIA members and non-profit organizations, and roughly $1000 for non-members.

That said, fees are simply for consideration in the awards program and there is no indication that they affect judging or voting decisions.

For detailed information on Identity and Access Management security solutions, check out Solutions Review’s free 2015 IAM Buyer’s Guide.