Advisory Retail Client Story

Developed a Framework to Address Global Secure SDLC Activities

A Fortune 100 retail, media and entertainment conglomerate turned to Security Compass to help build a new framework for addressing secure SDLC activities across hundreds of applications.

Global
Retail, Entertainment

Practice Areas
  • Security Champion and Centre of Excellence (CoE) Program
  • Secure Development Standards
  • Security Program Management and Execution
  • Application Security Baseline and Framework Development


Our Client’s Challenge:

  • Our client had hundreds of in-house and vendor applications across their business without a scalable process to manage the intake, prioritization and standardization of software security across business teams.
  • They had a desire to educate and raise security awareness across development teams that operated independently across the world. They did not have a mature secure SDLC framework or the appropriate tools to consistently address developer security.
  • They turned to Security Compass in search of a centralized, scalable process that could help promote secure application development in a standardized manner that could be replicated across various business units.

Our Approach:

  • Given the small scale of our Client’s security team, Security Compass recommended developing an application security framework focused on nominating security champions. These “champions” would be developers who could help promote our Client’s security mandate and provide valuable assets to support the internal security team. Champions would gain security knowledge and assist corporate security with onboarding their applications into a secure SDLC framework.
  • A secure SDLC framework was developed to leverage existing tools in our Client’s environment that could help automate secure SDLC security activities across hundreds of applications.
  • Security Compass worked with each security champion to train, onboard, and execute security activities for their responsible application. This included identifying security requirements through SD Elements, performing static application security testing (SAST), dynamic application security testing (DAST), triaging results, and providing recommendations and action plans for remediation.

The Result:

  • The new security champion program helped our Client improve communication between business units and the security team. We increased awareness through training to security champions and strengthening our Client’s ability to consistently address security across a global organization through a secure SDLC framework.
  • Each security champion became a valuable partner in promoting the security message enterprise-wide and were responsible individuals who could assist the small corporate security team in performing regular, automated security activities (SD Elements, DAST, SAST).
  • This allowed the security team to focus on risk management and remediation activities with application teams.
Security Compass was able to help improve the Client’s overall security culture through security champions by delivering training, standardizing best practices for software security, and helping our Client develop a framework that scales secure SDLC activities across the enterprise.

Back to Client Stories

Contact Us

You’re different, and we know it.

We are your guide to planning, assessing, and helping you build secure information systems to keep your business productive.

Contact us to find out how we can help you.

 
Mostly
Some of
 
(Choose One)
(All that apply)
Web Search
Online Ad
White Paper
Analyst Report
Trade Show
Worked With Us Elsewhere
Referral
Other