Click me
Transcribed

Where's the Risk? Enterprise Software Security Management

Enterprise Software Security Management: Where's the Risk? SOFTWARE SUPPLY CHAINS THIRD PARTY SOFTWARE TECHNICAL DEBT KNOWN VULNERABLE COMPONENTS SOFTWARE OF UNKNOWN PROVENANCE OPEN SOURCE SOFTWARE Presented by VERACODE In 2012, companies spent $134 BILLION UNCLEAR AND PRESENT DANGER on outsourcing business processes such as finance, accounting, hr, and procurement. With an estimated: Feeling pressured by the need to grow faster, organizations are turning to outside vendors for their software needs, and providing them with unfettered access to large portions of their networks. $252 BILLION spent on IT outsourcing. vital to the The average enterprise outsources development for 65% of its functioning of an organization MISSION CRITICAL APPS Modern day enterprises face a huge security challenge with the explosive growth in outsourced, commercial, Saas, mobile, and open source software 63% of reported data breaches were the result of a security deficiency in third party code. Yet fewer than 1 in 5 enterprises conduct third party software security assessments Where Are Enterprise Software Risks? 76% of network intrusions exploited weak or stolen credentials LaunchKey provides multi-factor authentication through smartphones and tablets. VerAfied: July 2013 93% of workers have mobile devices connecting to their corporate networks 52% of large businesses report mobile incidents have cost $500,000+ in the past year Wickr enables anyone to send anonymous, private (Wickr and encrypted messages and media that self-destructs on their mobile device. i.BAVE ND TRACE VerAfied: January 2013 DDOS attacks cost companies approximately $3.5 million annually NSFOCUS' ADS defends and cleans traffic, enabling normal business operations even under the most NSFOCUS aggressive attack VerAfied: July 2012 wwwwwwww. The VerAfied mark signifies that an application has received an independent assessment from Veracode and the provider has remediated identified vulnerabilities. Through rigorous independent testing using Veracode's automated binary static and dynamic web vulnerability analysis, these organizations have utilized the most widely accepted and comprehensive methods available to secure their software. VERAFIED If your vendor supplied software has not demonstrated their software security through a VerAfied mark or other program, ask why not. If a breach occurs due to a vulnerability in an application your business purchased, it is still your reputation that suffers. If your software vendors are not showing you that their products are secure, then they aren't. - Chris Wysopal 3 STEPS TO SECURING YOUR ENTERPRISE 1 Define a security policy for your third party applications: Determine what level of risk is unacceptable. Work with your Procurement team to ensure that security is a required feature for all 2 Build security criteria into contracts: software purchases. By taking a programmatic approach to address the security of all third party applications, enterprises will see a quicker time to compliance and reduce the headaches associated with vulnerability mitigation and remediation. Set up a vendor application security testing program 3 to secure your existing third party applications: Presented by Learn how the largest financial intuitions, including Morgan Stanley, JP Morgan Chase, Goldman Sachs, and RBS Citizens recommend enterprises address third party software risk; VERACODE info.veracode.com/whitepaper-third-party-controls.html Sources: Verzion Data Breach Report 2013 Veracode VAST SoOSS November 2012 Trustwave 2013 Global Security Report www.gartner.com/newsroom/id/2108715 PWC Third Party Risk Management April 2012 TrustWave 2013Customer: Computershare Global Viewpoint http://www.techopedia.com/definition/23583/mission-critical-system Check Point, "The Impact of Mobile Devices on Information Security" June 2013 Cyber Security on the Offense: A Study of IT Security Experts Ponemon Institute, November 2012 Outsourcing Trends 2013: Increase Productivity with Business Process Outsourcing, Gartner 17 January, 2013, Ruby Jivan & Cathy Tornbohm Gartner, Living in a World Without Trust: When IT's Supply Chain Integrity and Online Infrastructure Get Pwned, Neil MacDonald and Ray Valdes, October 2012. DEVELOPED BY N NOWSOURCING

Where's the Risk? Enterprise Software Security Management

shared by Neostrategos on Dec 03
73 views
0 shares
0 comments
Businesses run on software; it gives us the features and functions needed to make our teams productive. However, this time-saving software introduces risk into the organization.

Publisher

Veracode

Category

Technology
Did you work on this visual? Claim credit!

Get a Quote

Embed Code

For hosted site:

Click the code to copy

For wordpress.com:

Click the code to copy
Customize size