Ion Channel was founded because large public sector customers needed the speed of agile DevOps in a locked-down and highly regulated security context. Public sector and critical infrastructure customers are subject to continuous cyber-attack. They are also constrained by legacy processes, regulatory requirements and non-contiguous networks.
Unlike tech startups, public sector enterprises have policies that require code to be authoritatively sourced and vetted. In order to enable rapid adoption and updates to mission capabilities, security automation must accelerate audit, compliance and accreditation processes and legacy workflows for software approval and risk management.
Ion Channel provides continuous assurance that is compatible with one-way transfers to non-contiguous networks. This eliminates the need for manual uploads or batch “lift and shift” updates to code on networks that lack two-way connectivity to the Internet.
Ion Channel’s continuous automation of assurance and governance criteria can reduce time-to-approval from 6-12 months to days or weeks. Auditable processes ensure that governance and assurance are consistently applied regardless of whether code is delivered by in-house developers, contractors or vendors. Ion Channel is PKI-compliant and approved for government use.
Ion Channel uses public key encryption to validate Software Evidence Archives (SEVAs) and source code artifacts. Public key is available here