The partnership will drive hybrid cloud transformation in software by enabling security as a continuous service.
Automated threat modelling company, IriusRisk, has partnered with Methods, a leading public sector Digital Transformation consultant, to deliver embedded threat modelling to improve the security of public sector services. The partnership has already seen two out of the five top public sector bodies incorporating IriusRisk threat modelling capabilities into their service offerings.
The partnership allows Methods to offer threat modelling and DevOps for UK government and public sector applications. Continuous threat modelling of applications and cloud services means that security is upheld as a continuous service, vastly reducing the risk of software vulnerabilities that could be exploited. This includes architectural design, analysis and threat modelling consulting service capabilities based around the IriusRisk Threat Modeling Platform. With IriusRisk, public sector organisations are also able to investigate and quantify inherent legacy risks in existing software through automated threat modelling, driving and informing remedial security programs to update key public sector services.
Methods will also use IriusRisk as a basis for education and awareness programmes on cybersecurity threats, assisting public sector organisations in building their own threat modelling capabilities – including tools, training and ongoing access to key threat intelligence.
Methods will be making its threat modelling ‘portfolio’ available via the Crown Commercial Service – Tech Services 3 framework – enabling UK public sector organisations to procure through the approved government frameworks – thereby qualifying IriusRisk as a UK Government approved supplier.
Commenting on the partnership, CEO and Co-founder of IriusRisk, Stephen De Vries, said: “We are delighted to be partnering with Methods, a leader in public sector Digital Transformation. The public sector is acutely vulnerable to security risks and this partnership with Methods will mean that these organisations are able to feel confident not only in the security of their software products from the offset, but throughout their life cycles. We are excited to see our threat modelling services rolled out throughout the public sector, allowing threat modelling to become embedded in software design from the earliest stages.”
“Threat modelling has become an increasingly important part of our S-SDLC process as it is recognised as one of the most effective approaches to reduce cyberattacks and costly redevelopment,” said Gareth Jones, Chief Information Security Officer at Methods. “Our approach is tailored to each customer, supported by national and international standards that address systemic risks. The evolution of threat modelling has moved from being a manual time-consuming process to adopting automated tools which speeds up secure application development and release software faster.”
“Using IriusRisk helps enable the implementation of security into software design, without requiring DevOps engineers to completely retrain as security professionals. In practice, threat modelling has the potential to change the relationship between developers and security professionals and create the ultimate goal of DevSecOps, a truly cross-functional team.”