Holistic Program Detects, Corrects and Prevents Application Vulnerabilities for Multi-Industry Fortune 10 Conglomerate
Fortune 10 company; a highly diversified global infrastructure, finance and media industries conglomerate, the company serves customers in over 100 countries and employs over 320,000 people.
The company was looking to implement a strong application security program, spanning across its multiple businesses and industries worldwide. It aimed to standardize policies, procedures and guidelines while also ensuring that the solution remained cost-effective. Realizing that it is 30 times more economical to detect errors in early stages , and correct them from the get-go, the company looked for a solution that focused on the application lifecycle, and allowed them to reach the following:
- Establish metrics and Service Level Agreements
- Train and equip development teams with coding standards and security policies
- Save money through early identification of the security problem
- Replicate the model across the many business units in a wide variety of industries, which in many cases encompassed customer facing applications and complex supply chains.
The Solution by Softtek
Since Softtek had been providing code review and application security assessments for the company since the year 2000, by 2004 the model had evolved into a centralized team of security auditors that supported all business units across the company, providing Grey, Black and White box security assessments. In 2006, the service had evolved as a complete cost-effective security program, which includes not only assessments but a comprehensive security program that minimizes risks throughout the software lifecycle by:
- Detecting problems through application security assessments
- Correcting identified problems, generating metrics, acknowledging tendencies and enhancing policies
- Preventing vulnerabilities through awareness & training programs about safe coding standards during software lifecycle; conducting research and providing knowledge management.
By applying a metrics-driven approach, Softtek helped the company obtain more visibility regarding the reduction of critical vulnerabilities.
The company evolved from a detection-oriented model into a prevention model, through finding the root cause of the problem, establishing audited tollgates during the software development lifecycle, and addressing training needs. Overall, the program provided the client with the ability to achieve the following:
- Full-cycle visibility and measurable performance
- Early detection, leading to less exposure, and a lower cost per defect
- Increased overall quality of code development; Reduce Time-to-Market
- Significantly reduced costs; increase productivity and global reach.
Among the benefits, the client obtained:
- 30% reduction of high vulnerabilities over 3 years
- Knowledge base with more than 10,000 entries, translating into faster resolution times, more effective services, and further lowered costs
- Process improvement by using a custom-made application to automate assessment reporting process
- Visibility of program’s performance through SLA management and business dashboards
- 95% of assessments delivered on-time.
Distinctive features of the solution:
- Six Sigma-based quality and process governance; adherence to industry standards.
- Dashboard with meaningful metrics, key performance indicators
- Instant access to expert resources 24/7; fast response team in security breaches and emergencies
- Over 17 million lines of code in over 2,000 applications assessed
- 17 different coding languages and proprietary products
- Impartial expert for assessing appropriate software tools or third-party products for external audits (Softtek does not profit from software sales nor niche security services)
- Cost-effectiveness through leveraging Near Shore® security auditors
- Contributors to the OWASP program.
The Voice of the Customer
“Softtek’s nearshore model and focus upon operational excellence and metrics was a natural fit for our Application Security Program needs.” --Application Security Leader
“Softtek has consistently delivered best-in-class, cost-effective application security services helping the company to fix the root case of application security vulnerabilities” --CISO
Founded in 1982, Softtek is a global provider of IT and business process solutions with over 6,000 associates across 30 offices in North America, Latin America, Europe and Asia. With eight Global Delivery Centers in Mexico, Brazil, Argentina, Spain and China, Softtek provides in-depth, high-quality and cost-effective solutions to top-tier corporations in over 20 countries through on-site, on-shore and its trademarked
Near Shore® service delivery models. Creator and leader of the Near Shore® Industry, Softtek is the largest private IT service provider in Latin America. For more information, visit the Company’s Web site at www.softtek.com. Copyright Softtek Integration Systems, Inc. 2001-2009. All Rights Reserved. Softtek, the Softtek logo, Near Shore® and other Softtek products and services mentioned herein are registered trademarks of Softtek Integration Systems, Inc. in USA, Mexico and several other countries. Global Nearshore™: Trademark Registration Pending.