As a company of software security veterans, Ion Channel recognizes that the business model of enterprise security solutions thwarts security. Vendor incentives to maximize revenue with seat licensing, IP restriction and lock-in are not aligned with the customers’ best interests. To deliver security continuously and secure supplier deliverables, customers need:
- A business model that lets them leverage security capabilities across the enterprise
- A scalable way to assure supplier deliverables without giving suppliers access to customer infrastructure or requiring customer access to suppliers’ networks or IP.
- Solutions must deliver value in an API-driven workflow.
- Customers and their suppliers need an affordable price point. If security is a luxury good that only the Fortune 500 can afford, suppliers will never meet the mandate.
- Security solutions need to be technically accessible to non-developers: risk and compliance people, security and procurement should be able to set rules and see them enforced without command-line skills. UI should provide actionable insight for real-world decisions that involve trade-offs and constrained resources – people, money and time. They call it risk management for a reason.
- Minimal vendor lock-in.
For these reasons, Ion Channel’s platform capabilities are delivered with:
- NO SEAT LICENSING. The seat-licensing business model breaks security. If only twenty-five or fifty people are allowed to access security capability, that bottlenecks the value of that capability to just developers, or just a few security people, or just internal staff, because no-one wants to blow the cap and force an expensive true-up by granting access to all stakeholders, much less external stakeholders or teams-of-teams. Ion Channel has no seat licensing restrictions. You can invite your entire enterprise to view the supply chain assurance data for a software project and we won’t charge you a penny more. For the first time, financial considerations don’t prevent security approvers from reconciling their criteria or accepting each other’s findings.
- Portable, open, machine-readable data. Supply chain analysis of customer software components and applications can be queried and exported and can be ingested by automated processes and third party platforms. Assurance data can be freely shared with suppliers, partners, regulators and insurers, and leveraged across an entire organization. This is not a roach motel that your data goes into and can’t get back out.
- A robust API: Modern engineering requires API-driven workflows, which means a well-formed API for security automation and machine-to-machine processes. To restrict access to their data, many security solutions have bare-bones APIs that only provide access to a small subset of the data that’s viewable in the UI dashboard. Ion Channel’s API is comprehensive, well-documented and provides access to more data than the UI displays.
Ion Channel’s core platform is available as either SaaS or as a VPC deployment of the entire platform to customer-administered infrastructure.
Ion Channel SaaS
Ion Channel’s core platform, including continuous monitoring and
software logistics, is available as metered SaaS, priced per
analysis. This is the most affordable way for a medium-sized
enterprise or a single division or program within a large
enterprise to assure a software component inventory or a suite
of applications. Analysis can be run on-commit or on a scheduled
(e.g.) daily basis, and is priced at $1/analysis with volume
discounts for over a thousand analyses per month.
An analysis can be triggered via API (on-commit to a repo or within a pipeline build, or on a scheduled basis), run manually or scheduled via the UI. Price per-analysis is below:
|Number of Analysis||Price per Analysis|
|1-1000 analyses per month||$1.00|
|1001-2000 analyses per month||$0.90|
|2001-3000 analyses per month||$0.80|
|3001-4000 analyses per month||$0.70|
|4001-5000 analyses per month||$0.60|
|5001+ analyses per month||$0.50|
Example: A company developing advanced AI/ML capabilities maintains twenty-five repositories, to which Ion Channel has deploy-key access and runs daily assurance on every component of every capability and supply chain risks associated with those components, including maintenance and supplier risk for every component. At $1/analysis, this works out to $9125 per year, with no seat licensing restrictions. Ion Channel provides third party analysis and certifies continuous supply chain assurance that can be used for security approval by customers in finance, healthcare and defense, who may also request secure chain of custody, tamper-proofing and assured delivery to customer-designated endpoints.
Example: A software program manager wants to make sure that contractor deliverables meet and maintain continuing authorization, and that security updates are prioritized and delivered in a timely fashion. The manager doesn’t have access to the integrator’s corporate software pipeline, but each milestone update is delivered with a software bill of materials (SBOM) in Excel. Based on a 500-item SBOM that Ion Channel ingests and resolves, the manager and her security/compliance lead can identify which vulnerable components are the most prevalent in the system and whether software deliverables meet security criteria for acceptance on an ongoing basis. Deliverables that don’t meet criteria are expected to remediate and update within two weeks, and Ion Channel’s compliance data and UI show which deliverables have met this expectation over the contract’s period of performance. For large programs that aren’t running full-tilt CI/CD, the program might run weekly analysis at an annual cost of $24,400. For agile teams using modern engineering methods with continuous delivery, daily analysis of 30 repos with ten commits per day would cost $39,960
Implementation time for Ion Channel SaaS usually clocks in between 45 and 90 minutes. It is the fastest and most affordable way to get third party certified assurance results, if you’re a software supplier, or to assure contractor deliverables, if you’re an enterprise customer.
Ion Channel SaaS can be procured directly from Ion Channel or on AWS Marketplace.
Ion Channel VPC Deployment
For customers with high utilization of Ion Channel, whose enterprise portfolios may be tens of thousands of components and hundreds of applications built multiple times per day, or who want to leverage the platform on a network that is not connected to the Internet, Ion Channel has a single-tenant VPC deployment with an enterprise subscription license for all the analysis a customer can consume, with no seat licensing. This deployment can be on commercial cloud infrastructure or AWS GovCloud. For customers whose security requirements preclude single-tenant SaaS, Ion Channel can deploy to customer-administered cloud infrastructure on an annual enterprise subscription basis, with a maintenance package to ensure smooth implementation.
For more information on Ion Channel’s commercial software capabilities, contact firstname.lastname@example.org