Standard to our third-party support, Spinnaker Support delivers a Seven-Point Security Solution based around the core concepts of Discover, Harden, and Protect for your data and critical system security.

We treat every reported incident with the seriousness it deserves, and we respond to every ticket within minutes. Our global security team actively advises on security concerns and monitors and reports on actionable vulnerabilities. 

That’s why, in a recent Satisfaction Survey, 95% of customers who cited security as an issue reported that their security level was the same or improved after moving to Spinnaker Support.

Our Security Philosophy

We deliver a layered, Defense in Depth approach to security.

This means targeting the weakness category (CWE) rather than chasing individual historic threats or CVEs or trying to predict future CVEs. Addressing individual vulnerabilities is counterproductive. Many are active but not yet discovered, and others are still exposed because the patches did not work.

Our proactive approach future proofs the security of your environments.

We use hardening techniques and compensating controls to ensure your systems can pass penetration testing and audits. This comes standard with our third-party support. Using CIS & STIG Benchmarks, we guarantee you a more secure environment.

Spinnaker Support’s Seven-Point Security Solution

Vulnerabilities and exposures now arise from a variety of external and internal sources, and effective security must address the full technology stack. Download the Security Services Solution Brief.

From our initial risk review, our team of experienced engineers adhere to the Seven-Point Security Solution, shown below. An established framework that combines proven people, processes, and technology to resolve issues as they occur and deploy the necessary tools and techniques needed to proactively maintain a secure application environment.

  • Discover & Harden
  • Security Incident Response
  • Threat Intelligence

  • 1. Custom Risk Review

An audit and risk review for your systems, including reports with recommendations on configurations, encryptions, access management, and best practices and guidelines. This feeds into Attack Surface Reduction.

  • 2. Attack Surface Reduction

We advise on how to properly configure and harden applications, operating systems, servers, databases, and networks.

  • 3. Compliance Audit Support

Consultative services designed to adjust your audit controls in order to be in compliance with attestations such as SOC2, HIPAA, GDPR, and PCI. 

    • 4. Vulnerability Support

    Submit a ticket at any time for security-related activities and to address vulnerabilities. We use compensating controls (external to application code) to mitigate security risk.

    • 5. Security Resource Library

    Includes white papers and solution briefs on a wide range of topics related to security that we can share with any of our customers.

    • 6. Proactive Security Tooling

    A portfolio of security products designed to implement the Spinnaker Security Philosophy across a range of Oracle products.

    • 7. Risk Assessment Bulletin

    We monitor Oracle CVEs and publish periodic email bulletins for customers. These include CVE descriptions and offer best practice recommendations.

    Seven-Point Security vs. Software Publisher Patches

    We understand that some enterprises considering third-party support are concerned about the loss of quarterly software patches for critical vulnerabilities and exposures (CVEs). While SAP supplies its customers with most security patches even when not on SAP Support, Oracle does not offer customers access to security tools after they leave its support program. 

    While code patches do block vulnerabilities, the reality of the software patching process often does not meet its promise.

    Scroll Right »
     

    The Reality of Software Patching

    Our Response on Patching
    TIMINGPatches are not timely (can be months or years late).Virtual patching tools and proactive monitoring provide near-immediate protection.
    SPECIFICITYPatches are one-size-fits-all and may be problematic for customizations.You should only have to receive the fixes you need.
    VERSIONSPatches may not be available for older versions and applications.By addressing issues at the infrastructure level, you protect the entire stack, regardless of app versions.
    TESTINGPatches require valuable time to test and install.For CVEs, methods such as virtual patching save valuable time by cutting short testing and installation.
    APPLICATIONMany organizations do not patch or patch regularly due to operational constraints.Organizations must remain vigilant for CVEs and not rely on patches that may not actually solve the issue.

    Solution Brief

    Spinnaker Support Security Services

    Our Seven-Point Security Solution replaces a sole reliance on these patches with a stronger framework that covers a wider range of security issues. Through Security Incident Response, our global security professionals continue to work until the security issue is properly addressed. Spinnaker Support security services are responsive, on-demand, and multilayered.

    Download

    Proactive Security Tooling

    As a part of our Threat Intelligence, Spinnaker Support has partnered with commercial vendors to implement our security philosophy and offer protection to organizations that want or need these additional tools. We are responsible for all installation and training, some of which can take less than a day.

    Our current selection of products includes middleware protection (Waratek), database protection (McAfee), and operating system protection (Trend Micro Deep Security). For additional details on our Security Solutions, please contact us directly.

    Tech Stack

    Spinnaker Support takes your data and application security seriously

    Security is standard to all our operations. This philosophy is embedded in how we support our customers, and we deliver security solutions designed for your unique set of applications and systems. We invest in your security and compliance measures with the same exacting standards we apply to our own operations.

    Spinnaker Support was the first third-party support provider to achieve both ISO/IEC 27001:2013 certification for managing sensitive company information and ISO 9001:2015 certification for quality management principles. We are Privacy Shield-certified, GDPR compliant, certified for both the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, and Cyber Essentials certified.

    Also Included in Our Standard Support

    Support Service

    Break/Fix Services

    Rapid response times, ISO-certified processes, and focused attention help you maximize the performance of your applications.
    Support Service

    Global Tax & Regulatory Compliance

    Minimize risk by keeping pace with tax and regulatory tasks and changes. We provide timely GTRC information and updates for your applications and jurisdictions.
    Support Service

    Archiving Services

    Our meticulous onboarding process minimizes disruption and reduces the risk of loss as you transition away from publisher-provided support.
    Support Service

    Technical Advisory Services

    Tackle new or complex issues like interoperability planning, cloud migration, and more equipped with objective insight from seasoned experts.
    Support Service

    General Inquiry & Advisory

    Have questions about your existing (or anticipated) functionality or configurations? Our experts are happy to share their unbiased insight and advice.
    Back to Third-Party Support overview

    READY FOR A PHENOMENAL SUPPORT EXPERIENCE?

    Request a complimentary consultation to learn more about how we can deliver exceptionally personalized enterprise software support at a much lower cost.

    request a consultation