SlideShare a Scribd company logo

Selling Your Organization on Application Security

Veracode
Veracode

You’ve studied the best practices, charted out your course and are ready to embark on your application security journey. But there is still one roadblock that could derail your entire program if you ignore it – getting buy-in from the rest of your company. You see, application security is unlike other forms of security in that it directly impacts the productivity of multiple teams outside the IT and security teams. Who are the groups you need to work with? At what point in the planning and execution stages should you engage with these teams? And why are they so concerned with your application security strategy? The answer to these questions can be found in this short, yet informative presentation. You'll learn about the teams you need to work with, and how to best communicate and work with them to ensure the success of your application security program.

Software
1 of 11
Download to read offline
SELLING YOUR ORGANIZATION ON APPLICATION SECURITY Navigating a new era of cyberthreats
It's no secret that cyberattacks place organizations large and small at risk. Although these events are an inescapable piece of today's business puzzle, many breaches and breakdowns are avoidable. An often-overlooked aspect is reducing risk in application security. By securing applications and creating a framework that supports consistent software and coding standards, an enterprise is better equipped to shield its data, information and intellectual property. Selling Your Organization on Application Security | 01
Cyber risk is no small problem: Losses from breaches exceed US $400 million annually.1 But using a best-practices approach requires more than great tools and technologies. There's a need to achieve strong buy-in from five key groups and functions within the enterprise: Executive team Contract management specialists Development teams Legal department Marketing and communications What’s the Real World Cost of a Breach?2* Selling Your Organization on Application Security | 02 Business Disruption 39% Information Loss 35% Revenue Loss 21% Equipment Damages 4% Other Costs 2% TWEET THIS * Note that percentages add up to 101% due to study sponsor's use of rounding.
Gaining support for your application security initiative among your board of directors, C-Suite and other key players means leaving the bits and bytes discussion behind and establishing a business case — along with quantifiable data — that focuses on value, cost and risk. It's also imperative that your enterprise achieves strategic alignment across groups, sponsorship across the organization, essential budgeting support, the human resources necessary to achieve results, and an environment that promotes communication and collaboration. This approach, which includes a CISO overseeing the task and serving as the liaison among groups, allows the organization to deploy effective program teams and create strong and consistent alignment. THE EXECUTIVE TEAM Selling Your Organization on Application Security | 03 OVER THE NEXT THREE YEARS, THE TIME CSOs WILL SPEND ADVISING BUSINESS EXECUTIVES IS ANTICIPATED TO INCREASE BY 79%.3 CSO TWEET THIS
Terms and agreements are the foundation of a strong application security framework and total organizational buy-in. As a result, it's vital to get your contract management specialists on board so there are overarching controls in place along with provisions that prevent groups from redlining critical terms and conditions. When contract managers effectively support application management and application security, the task becomes a strategic function that's tightly integrated across the enterprise. This leads to broader and deeper software controls and fewer gaps and vulnerabilities. Security Risks Exist Across the Enterprise4 On average, almost two-thirds of all internally developed enterprise applications remain untested for security vulnerabilities. This category is composed of four key groups: Mobile Applications not tested for security vulnerabilities Web Applications not tested for security vulnerabilities Client/Server Applications not tested for security vulnerabilities Terminal Applications not tested for security vulnerabilities Selling Your Organization on Application Security | 04 CONTRACT MANAGEMENT SPECIALISTS 62% 63% 67%62%
The success of today's digital enterprise revolves heavily around software and coding. As a result, achieving buy-in among development teams is critical. These groups must tie together diverse groups of applications, APIs and other open-source libraries, public and private clouds, and more. Without consistent standards and a strong commitment to application security, the task is next to impossible. The upshot? Development teams must have quick and easy access to guidelines, policies and procedures. The result is more consistent coding and far more integrated software lifecycles that ultimately lead to better application security. 95% OF BREACHES INVOLVE HARVESTING CREDENTIALS STOLEN FROM CUSTOMER DEVICES AND THEN LOGGING INTO WEB APPLICATIONS WITH THEM.6 Selling Your Organization on Application Security | 05 A TYPICAL U.S. $500 MILLION-PLUS ENTERPRISE RELIES ON MORE THAN 3,079 APPLICATIONS THAT IT HAS DEVELOPED INTERNALLY.5 DEVELOPMENT TEAMS TWEET THIS
Over the past decade, software procurement and development have become incredibly complex tasks. It's essential to build in mechanisms that boost compliance internally, within an industry and for government mandates and regulations. A legal department is at the center of all this, making their buy-in essential to your application security program. The legal team will help your enterprise — and your vendors — establish workable conditions and ensure that all parties abide by contractual obligations. They must also protect the organization from unnecessary legal exposure. INTERNALLY DEVELOPED APPLICATION PORTFOLIOS ARE GROWING AT A RAPID 12% ANNUAL RATE. THIS TRANSLATES INTO AN AVERAGE OF 371 NEW APPLICATIONS FOR A TYPICAL ENTERPRISE WITHIN THE NEXT YEAR.7 THE LEGAL DEPARTMENT Selling Your Organization on Application Security | 06 TWEET THIS
Capturing the hearts and minds of key players doesn't happen on its own. Even the best tools, most efficient processes and strongest executive support aren't enough to guarantee success. Consider this: A Project Management Institute (PMI) study found that 56 percent of unsuccessful projects fail to meet their goals due to ineffective communication.8 This points directly to the need for support from internal marketing and communications teams, who will help oversee your initiative and keep news and information flowing both upstream to senior executives and downstream to the enterprise. They must also tap surveys and metrics to understand whether the message is getting across and buy-in is taking place. MARKETING AND COMMUNICATIONS SPECIALISTS Selling Your Organization on Application Security | 07 AN ENTERPRISE MUST DEVELOP A STRATEGIC PLAN ALONG WITH THE TECHNOLOGY, PROCESSES AND COMMUNICATION NEEDED TO FULLY SUPPORT AN APPLICATION SECURITY INITIATIVE. TWEET THIS
Having your key stakeholders recognize that application security is a business imperative is a key step in building a cybersecurity framework for the present and the future. Your enterprise must develop a strategic plan along with the technology and processes to fully support application security. Your leaders must connect and integrate key groups while establishing robust communication channels that keep everyone informed and engaged. With this foundation in place, it's possible to achieve total buy-in and tackle application security in a holistic and highly effective way. The result is a business that's fully equipped to deal with today's opportunities and challenges. PUTTING IT ALL TO WORK Selling Your Organization on Application Security | 08 24% OF ORGANIZATIONS SUFFERING A BREACH REPORT FINANCIAL LOSSES OF $100,000 OR MORE, AND 7% REPORT LOSSES OF MORE THAN $10 MILLION.9 MORE THAN HALF OF ALL RESPONDENTS IN A RECENT SURVEY EXPECT SPENDING ON APPLICATION SECURITY TO INCREASE OVER THE NEXT YEAR. WITH SO MUCH ON THE LINE, GETTING STAKEHOLDER BUY-IN IS NOTHING LESS THAN CRITICAL TO THE SUCCESS OF YOUR INITIATIVE.10
To learn more about why you need your enterprise’s teams on board when implementing an application security program, download our informative guide, “Joining Forces: Why Your Application Security Initiative Needs Stakeholder Buy-In.” DOWNLOAD LOVE TO LEARN MORE ABOUT APPLICATION SECURITY? Get all the latest news, tips and articles delivered right to your inbox by subscribing to our blog. Subscribe Now Selling Your Organization on Application Security | 09
Veracode is a leader in securing web, mobile and third-party applications for the world’s largest global enterprises. By enabling organizations to rapidly identify and remediate application-layer threats before cyberattackers can exploit them, Veracode helps enterprises speed their innovations to market — without compromising security. Veracode’s powerful cloud-based platform, deep security expertise and systematic, policy-based approach provide enterprises with a simpler and more scalable way to reduce application-layer risk across their global software infrastructures. Veracode serves hundreds of customers across a wide range of industries, including nearly one-third of the Fortune 100, three of the top four U.S. commercial banks and more than 20 of Forbes’ 100 Most Valuable Brands. Learn more at www.veracode.com, on the Veracode blog and on Twitter. ABOUT VERACODE 1 2015 Data Breach Investigations Report, Verizon, April 2015. 2 2015 Cost of Cyber Crime Study: Global, Ponemon Institute, October 2015. 3 State of the CSO 2014, CSO Magazine, 2014. 4 The Application Enterprise Landscape, IDG Research, May-Aug 2014. 5 lbid. 6 Ibid. 7 lbid. 8 Executive Sponsor Engagement: Top Driver of Project and Program Success, Project Management Institute, October, 2014. 9 2014 Global State of Information Security Survey, PriceWaterhouse Coopers, CIO Magazine CSO Magazine, September 2013. 10 2015 State of Application Security: Closing the Gap, Sans Institute, May 2015. Selling Your Organization on Application Security | 10

Recommended

The Four(ish) Appsec Metrics You Can’t Ignore
The Four(ish) Appsec Metrics You Can’t IgnoreThe Four(ish) Appsec Metrics You Can’t Ignore
The Four(ish) Appsec Metrics You Can’t Ignore
Veracode
 
Mobile Security: Apps are our digital lives.
Mobile Security: Apps are our digital lives.Mobile Security: Apps are our digital lives.
Mobile Security: Apps are our digital lives.
Veracode
 
The Seven Kinds of Security
The Seven Kinds of SecurityThe Seven Kinds of Security
The Seven Kinds of Security
Veracode
 
Retail Industry Application Security Survey Insights
Retail Industry Application Security Survey InsightsRetail Industry Application Security Survey Insights
Retail Industry Application Security Survey Insights
Veracode
 
application-security-fallacies-and-realities-veracode
application-security-fallacies-and-realities-veracodeapplication-security-fallacies-and-realities-veracode
application-security-fallacies-and-realities-veracodesciccone
 
Whitepaper - CISO Guide_6pp
Whitepaper - CISO Guide_6ppWhitepaper - CISO Guide_6pp
Whitepaper - CISO Guide_6ppEric Zhuo
 
Infosecurity Europe - Infographic
Infosecurity Europe - InfographicInfosecurity Europe - Infographic
Infosecurity Europe - Infographic
Synopsys Software Integrity Group
 
What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020
TestingXperts
 

Recommended

The Four(ish) Appsec Metrics You Can’t Ignore
The Four(ish) Appsec Metrics You Can’t IgnoreThe Four(ish) Appsec Metrics You Can’t Ignore
The Four(ish) Appsec Metrics You Can’t Ignore
Veracode
 
Mobile Security: Apps are our digital lives.
Mobile Security: Apps are our digital lives.Mobile Security: Apps are our digital lives.
Mobile Security: Apps are our digital lives.
Veracode
 
The Seven Kinds of Security
The Seven Kinds of SecurityThe Seven Kinds of Security
The Seven Kinds of Security
Veracode
 
Retail Industry Application Security Survey Insights
Retail Industry Application Security Survey InsightsRetail Industry Application Security Survey Insights
Retail Industry Application Security Survey Insights
Veracode
 
application-security-fallacies-and-realities-veracode
application-security-fallacies-and-realities-veracodeapplication-security-fallacies-and-realities-veracode
application-security-fallacies-and-realities-veracodesciccone
 
Whitepaper - CISO Guide_6pp
Whitepaper - CISO Guide_6ppWhitepaper - CISO Guide_6pp
Whitepaper - CISO Guide_6ppEric Zhuo
 
Infosecurity Europe - Infographic
Infosecurity Europe - InfographicInfosecurity Europe - Infographic
Infosecurity Europe - Infographic
Synopsys Software Integrity Group
 
What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020
TestingXperts
 
How to Gather Global Mobile Threat Intelligence
How to Gather Global Mobile Threat IntelligenceHow to Gather Global Mobile Threat Intelligence
How to Gather Global Mobile Threat Intelligence
Zimperium
 
State of Application Security Vol. 4
State of Application Security Vol. 4State of Application Security Vol. 4
State of Application Security Vol. 4
IBM Security
 
Next Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers GuideNext Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers Guide
Jeremiah Grossman
 
2016 Trends in Security
2016 Trends in Security 2016 Trends in Security
2016 Trends in Security
Ioannis Aligizakis, M.Sc.
 
Mobile Protect Pro - Powered by Zimperium
Mobile Protect Pro - Powered by ZimperiumMobile Protect Pro - Powered by Zimperium
Mobile Protect Pro - Powered by Zimperium
Zimperium
 
Research Paper
Research PaperResearch Paper
Research PaperDavid Chaponniere
 
Mobile Security: Perceptions vs Device-harvested Reality
Mobile Security: Perceptions vs Device-harvested RealityMobile Security: Perceptions vs Device-harvested Reality
Mobile Security: Perceptions vs Device-harvested Reality
Zimperium
 
Ey giss-under-cyber-attack
Ey giss-under-cyber-attackEy giss-under-cyber-attack
Ey giss-under-cyber-attack
Комсс Файквэе
 
Infographic network protection security
Infographic network protection securityInfographic network protection security
Infographic network protection security
IBM Security
 
Infographic: Mobile is growing and so are security threats
Infographic: Mobile is growing and so are security threatsInfographic: Mobile is growing and so are security threats
Infographic: Mobile is growing and so are security threats
IBM Security
 
Five Reasons to Look Beyond Math-based Next-Gen Antivirus
Five Reasons to Look Beyond Math-based Next-Gen AntivirusFive Reasons to Look Beyond Math-based Next-Gen Antivirus
Five Reasons to Look Beyond Math-based Next-Gen Antivirus
Sarah Vanier
 
Next-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approachNext-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approach
NowSecure
 
Infographic: 5 Tips for Cloud Success
Infographic: 5 Tips for Cloud SuccessInfographic: 5 Tips for Cloud Success
Infographic: 5 Tips for Cloud Success
IBM Security
 
Deutsche Telekom Partnering Operating Alliance Summit - Zimperium
Deutsche Telekom Partnering Operating Alliance Summit - ZimperiumDeutsche Telekom Partnering Operating Alliance Summit - Zimperium
Deutsche Telekom Partnering Operating Alliance Summit - Zimperium
Zimperium
 
Healthcare Cybersecurity Survey 2018 - Sirius
Healthcare Cybersecurity Survey 2018 - SiriusHealthcare Cybersecurity Survey 2018 - Sirius
Healthcare Cybersecurity Survey 2018 - Sirius
Sirius
 
Non-profit Tech Needs in North Macedonia
Non-profit Tech Needs in North MacedoniaNon-profit Tech Needs in North Macedonia
Non-profit Tech Needs in North Macedonia
Catalyst Balkans
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec Technology and Consulting
 
Veracode State of Software Security vol 4
Veracode State of Software Security vol 4Veracode State of Software Security vol 4
Veracode State of Software Security vol 4stemkat
 
What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?
Samvel Gevorgyan
 
Nonprofit Tech Needs - Western Balkans
Nonprofit Tech Needs - Western BalkansNonprofit Tech Needs - Western Balkans
Nonprofit Tech Needs - Western Balkans
Catalyst Balkans
 
Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...
Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...
Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...
Veracode
 
Veracode CISO Round Table
Veracode CISO Round TableVeracode CISO Round Table
Veracode CISO Round Table
Salil Kumar Subramony
 

More Related Content

What's hot

How to Gather Global Mobile Threat Intelligence
How to Gather Global Mobile Threat IntelligenceHow to Gather Global Mobile Threat Intelligence
How to Gather Global Mobile Threat Intelligence
Zimperium
 
State of Application Security Vol. 4
State of Application Security Vol. 4State of Application Security Vol. 4
State of Application Security Vol. 4
IBM Security
 
Next Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers GuideNext Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers Guide
Jeremiah Grossman
 
2016 Trends in Security
2016 Trends in Security 2016 Trends in Security
2016 Trends in Security
Ioannis Aligizakis, M.Sc.
 
Mobile Protect Pro - Powered by Zimperium
Mobile Protect Pro - Powered by ZimperiumMobile Protect Pro - Powered by Zimperium
Mobile Protect Pro - Powered by Zimperium
Zimperium
 
Mobile Security: Perceptions vs Device-harvested Reality
Mobile Security: Perceptions vs Device-harvested RealityMobile Security: Perceptions vs Device-harvested Reality
Mobile Security: Perceptions vs Device-harvested Reality
Zimperium
 
Ey giss-under-cyber-attack
Ey giss-under-cyber-attackEy giss-under-cyber-attack
Ey giss-under-cyber-attack
Комсс Файквэе
 
Infographic network protection security
Infographic network protection securityInfographic network protection security
Infographic network protection security
IBM Security
 
Infographic: Mobile is growing and so are security threats
Infographic: Mobile is growing and so are security threatsInfographic: Mobile is growing and so are security threats
Infographic: Mobile is growing and so are security threats
IBM Security
 
Five Reasons to Look Beyond Math-based Next-Gen Antivirus
Five Reasons to Look Beyond Math-based Next-Gen AntivirusFive Reasons to Look Beyond Math-based Next-Gen Antivirus
Five Reasons to Look Beyond Math-based Next-Gen Antivirus
Sarah Vanier
 
Next-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approachNext-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approach
NowSecure
 
Infographic: 5 Tips for Cloud Success
Infographic: 5 Tips for Cloud SuccessInfographic: 5 Tips for Cloud Success
Infographic: 5 Tips for Cloud Success
IBM Security
 
Deutsche Telekom Partnering Operating Alliance Summit - Zimperium
Deutsche Telekom Partnering Operating Alliance Summit - ZimperiumDeutsche Telekom Partnering Operating Alliance Summit - Zimperium
Deutsche Telekom Partnering Operating Alliance Summit - Zimperium
Zimperium
 
Healthcare Cybersecurity Survey 2018 - Sirius
Healthcare Cybersecurity Survey 2018 - SiriusHealthcare Cybersecurity Survey 2018 - Sirius
Healthcare Cybersecurity Survey 2018 - Sirius
Sirius
 
Non-profit Tech Needs in North Macedonia
Non-profit Tech Needs in North MacedoniaNon-profit Tech Needs in North Macedonia
Non-profit Tech Needs in North Macedonia
Catalyst Balkans
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec Technology and Consulting
 
Veracode State of Software Security vol 4
Veracode State of Software Security vol 4Veracode State of Software Security vol 4
Veracode State of Software Security vol 4stemkat
 
What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?
Samvel Gevorgyan
 
Nonprofit Tech Needs - Western Balkans
Nonprofit Tech Needs - Western BalkansNonprofit Tech Needs - Western Balkans
Nonprofit Tech Needs - Western Balkans
Catalyst Balkans
 

What's hot (20)

How to Gather Global Mobile Threat Intelligence
How to Gather Global Mobile Threat IntelligenceHow to Gather Global Mobile Threat Intelligence
How to Gather Global Mobile Threat Intelligence
 
State of Application Security Vol. 4
State of Application Security Vol. 4State of Application Security Vol. 4
State of Application Security Vol. 4
 
Next Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers GuideNext Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers Guide
 
2016 Trends in Security
2016 Trends in Security 2016 Trends in Security
2016 Trends in Security
 
Mobile Protect Pro - Powered by Zimperium
Mobile Protect Pro - Powered by ZimperiumMobile Protect Pro - Powered by Zimperium
Mobile Protect Pro - Powered by Zimperium
 
Research Paper
Research PaperResearch Paper
Research Paper
 
Mobile Security: Perceptions vs Device-harvested Reality
Mobile Security: Perceptions vs Device-harvested RealityMobile Security: Perceptions vs Device-harvested Reality
Mobile Security: Perceptions vs Device-harvested Reality
 
Ey giss-under-cyber-attack
Ey giss-under-cyber-attackEy giss-under-cyber-attack
Ey giss-under-cyber-attack
 
Infographic network protection security
Infographic network protection securityInfographic network protection security
Infographic network protection security
 
Infographic: Mobile is growing and so are security threats
Infographic: Mobile is growing and so are security threatsInfographic: Mobile is growing and so are security threats
Infographic: Mobile is growing and so are security threats
 
Five Reasons to Look Beyond Math-based Next-Gen Antivirus
Five Reasons to Look Beyond Math-based Next-Gen AntivirusFive Reasons to Look Beyond Math-based Next-Gen Antivirus
Five Reasons to Look Beyond Math-based Next-Gen Antivirus
 
Next-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approachNext-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approach
 
Infographic: 5 Tips for Cloud Success
Infographic: 5 Tips for Cloud SuccessInfographic: 5 Tips for Cloud Success
Infographic: 5 Tips for Cloud Success
 
Deutsche Telekom Partnering Operating Alliance Summit - Zimperium
Deutsche Telekom Partnering Operating Alliance Summit - ZimperiumDeutsche Telekom Partnering Operating Alliance Summit - Zimperium
Deutsche Telekom Partnering Operating Alliance Summit - Zimperium
 
Healthcare Cybersecurity Survey 2018 - Sirius
Healthcare Cybersecurity Survey 2018 - SiriusHealthcare Cybersecurity Survey 2018 - Sirius
Healthcare Cybersecurity Survey 2018 - Sirius
 
Non-profit Tech Needs in North Macedonia
Non-profit Tech Needs in North MacedoniaNon-profit Tech Needs in North Macedonia
Non-profit Tech Needs in North Macedonia
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
 
Veracode State of Software Security vol 4
Veracode State of Software Security vol 4Veracode State of Software Security vol 4
Veracode State of Software Security vol 4
 
What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?
 
Nonprofit Tech Needs - Western Balkans
Nonprofit Tech Needs - Western BalkansNonprofit Tech Needs - Western Balkans
Nonprofit Tech Needs - Western Balkans
 

Viewers also liked

Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...
Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...
Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...
Veracode
 
Veracode CISO Round Table
Veracode CISO Round TableVeracode CISO Round Table
Veracode CISO Round Table
Salil Kumar Subramony
 
The Security Industry: How to Survive Becoming Management BSIDESLV 2013 Keynote
The Security Industry: How to Survive Becoming Management BSIDESLV 2013 KeynoteThe Security Industry: How to Survive Becoming Management BSIDESLV 2013 Keynote
The Security Industry: How to Survive Becoming Management BSIDESLV 2013 Keynote
Veracode
 
Why Benchmark Application Security - Veracode
Why Benchmark Application Security - VeracodeWhy Benchmark Application Security - Veracode
Why Benchmark Application Security - Veracode
Veracode
 
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
Threat Stack
 
Android and android phones
Android and android phonesAndroid and android phones
Android and android phonesRona Obillo
 
CERT - CLAREDON PARKER - EXECUTIVE SECRETARY
CERT - CLAREDON PARKER - EXECUTIVE SECRETARYCERT - CLAREDON PARKER - EXECUTIVE SECRETARY
CERT - CLAREDON PARKER - EXECUTIVE SECRETARYMaria Raju
 
poster Roma CNIS_2014
poster Roma CNIS_2014poster Roma CNIS_2014
poster Roma CNIS_2014
MIUR
 
Assertion And Holistic Health Dr. Shriniwas Kashalikar
Assertion And Holistic Health Dr. Shriniwas KashalikarAssertion And Holistic Health Dr. Shriniwas Kashalikar
Assertion And Holistic Health Dr. Shriniwas Kashalikardrsolapurkar
 
Healthcare application-security-practices-survey-veracode
Healthcare application-security-practices-survey-veracodeHealthcare application-security-practices-survey-veracode
Healthcare application-security-practices-survey-veracode
Veracode
 
Secure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSecure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green Method
Salil Kumar Subramony
 
Google per Bed and Breakfast - BTO 2015
Google per Bed and Breakfast - BTO 2015Google per Bed and Breakfast - BTO 2015
Google per Bed and Breakfast - BTO 2015
Marcello Cosa
 

Viewers also liked (15)

Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...
Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...
Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...
 
Veracode CISO Round Table
Veracode CISO Round TableVeracode CISO Round Table
Veracode CISO Round Table
 
The Security Industry: How to Survive Becoming Management BSIDESLV 2013 Keynote
The Security Industry: How to Survive Becoming Management BSIDESLV 2013 KeynoteThe Security Industry: How to Survive Becoming Management BSIDESLV 2013 Keynote
The Security Industry: How to Survive Becoming Management BSIDESLV 2013 Keynote
 
Veracode - Overview
Veracode - OverviewVeracode - Overview
Veracode - Overview
 
Why Benchmark Application Security - Veracode
Why Benchmark Application Security - VeracodeWhy Benchmark Application Security - Veracode
Why Benchmark Application Security - Veracode
 
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
 
Android and android phones
Android and android phonesAndroid and android phones
Android and android phones
 
CERT - CLAREDON PARKER - EXECUTIVE SECRETARY
CERT - CLAREDON PARKER - EXECUTIVE SECRETARYCERT - CLAREDON PARKER - EXECUTIVE SECRETARY
CERT - CLAREDON PARKER - EXECUTIVE SECRETARY
 
toc
toctoc
toc
 
poster Roma CNIS_2014
poster Roma CNIS_2014poster Roma CNIS_2014
poster Roma CNIS_2014
 
Assertion And Holistic Health Dr. Shriniwas Kashalikar
Assertion And Holistic Health Dr. Shriniwas KashalikarAssertion And Holistic Health Dr. Shriniwas Kashalikar
Assertion And Holistic Health Dr. Shriniwas Kashalikar
 
C.V Mohammad Jihad
C.V Mohammad JihadC.V Mohammad Jihad
C.V Mohammad Jihad
 
Healthcare application-security-practices-survey-veracode
Healthcare application-security-practices-survey-veracodeHealthcare application-security-practices-survey-veracode
Healthcare application-security-practices-survey-veracode
 
Secure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSecure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green Method
 
Google per Bed and Breakfast - BTO 2015
Google per Bed and Breakfast - BTO 2015Google per Bed and Breakfast - BTO 2015
Google per Bed and Breakfast - BTO 2015
 

Similar to Selling Your Organization on Application Security

ultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeSean Varga
 
Ultimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecUltimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecJessica Lavery Pozerski
 
Meraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldMeraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldnooralmousa
 
Top 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdfTop 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdf
SolviosTechnology
 
Website Security Statistics Report 2013
Website Security Statistics Report 2013Website Security Statistics Report 2013
Website Security Statistics Report 2013
Bee_Ware
 
The 10 most promising enterprise security solution providers 2019
The 10 most promising enterprise security solution providers 2019The 10 most promising enterprise security solution providers 2019
The 10 most promising enterprise security solution providers 2019
Insights success media and technology pvt ltd
 
Plan for the Worst; Fight for the Best
Plan for the Worst; Fight for the BestPlan for the Worst; Fight for the Best
Plan for the Worst; Fight for the Best
Hewlett Packard Enterprise Business Value Exchange
 
Five steps to achieve success with application security
Five steps to achieve success with application securityFive steps to achieve success with application security
Five steps to achieve success with application security
IBM Security
 
State of Security McAfee Study
State of Security McAfee StudyState of Security McAfee Study
State of Security McAfee Study
Hiten Sethi
 
Maintain data privacy during software development
Maintain data privacy during software developmentMaintain data privacy during software development
Maintain data privacy during software development
MuhammadArif823
 
Ten Top Tips on Keeping Your Business Secure
Ten Top Tips on Keeping Your Business SecureTen Top Tips on Keeping Your Business Secure
Ten Top Tips on Keeping Your Business Secure
BurCom Consulting Ltd.
 
Integrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessIntegrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessAyham Kochaji
 
Ten top tips on keeping your business secure
Ten top tips on keeping your business secureTen top tips on keeping your business secure
Ten top tips on keeping your business secure
BurCom Consulting Ltd.
 
AppTrana SECaaS (Security as a Service)
AppTrana SECaaS (Security as a Service)AppTrana SECaaS (Security as a Service)
AppTrana SECaaS (Security as a Service)
IndusfacePvtLtd
 
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Sarah Nirschl
 
5 must haves - cloud confidence
5 must haves - cloud confidence5 must haves - cloud confidence
5 must haves - cloud confidenceSean Dickson
 
ICT eGuide: Switching foundation technology for better cyber security
ICT eGuide: Switching foundation technology for better cyber securityICT eGuide: Switching foundation technology for better cyber security
ICT eGuide: Switching foundation technology for better cyber security
Niamh Hughes
 
Lead Through Disruption Guide PDF
Lead Through Disruption Guide PDFLead Through Disruption Guide PDF
Lead Through Disruption Guide PDF
Deloitte United States
 
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
IJNSA Journal
 

Similar to Selling Your Organization on Application Security (20)

ultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracode
 
Ultimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecUltimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSec
 
Meraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldMeraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless world
 
Top 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdfTop 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdf
 
Website Security Statistics Report 2013
Website Security Statistics Report 2013Website Security Statistics Report 2013
Website Security Statistics Report 2013
 
The 10 most promising enterprise security solution providers 2019
The 10 most promising enterprise security solution providers 2019The 10 most promising enterprise security solution providers 2019
The 10 most promising enterprise security solution providers 2019
 
SECURITY
SECURITYSECURITY
SECURITY
 
Plan for the Worst; Fight for the Best
Plan for the Worst; Fight for the BestPlan for the Worst; Fight for the Best
Plan for the Worst; Fight for the Best
 
Five steps to achieve success with application security
Five steps to achieve success with application securityFive steps to achieve success with application security
Five steps to achieve success with application security
 
State of Security McAfee Study
State of Security McAfee StudyState of Security McAfee Study
State of Security McAfee Study
 
Maintain data privacy during software development
Maintain data privacy during software developmentMaintain data privacy during software development
Maintain data privacy during software development
 
Ten Top Tips on Keeping Your Business Secure
Ten Top Tips on Keeping Your Business SecureTen Top Tips on Keeping Your Business Secure
Ten Top Tips on Keeping Your Business Secure
 
Integrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessIntegrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-Effectiveness
 
Ten top tips on keeping your business secure
Ten top tips on keeping your business secureTen top tips on keeping your business secure
Ten top tips on keeping your business secure
 
AppTrana SECaaS (Security as a Service)
AppTrana SECaaS (Security as a Service)AppTrana SECaaS (Security as a Service)
AppTrana SECaaS (Security as a Service)
 
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
 
5 must haves - cloud confidence
5 must haves - cloud confidence5 must haves - cloud confidence
5 must haves - cloud confidence
 
ICT eGuide: Switching foundation technology for better cyber security
ICT eGuide: Switching foundation technology for better cyber securityICT eGuide: Switching foundation technology for better cyber security
ICT eGuide: Switching foundation technology for better cyber security
 
Lead Through Disruption Guide PDF
Lead Through Disruption Guide PDFLead Through Disruption Guide PDF
Lead Through Disruption Guide PDF
 
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
 

Recently uploaded

Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus
 
Understanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSageUnderstanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSage
Globus
 
Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604
Fermin Galan
 
Cyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdfCyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdf
Cyanic lab
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Mind IT Systems
 
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxTop Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
rickgrimesss22
 
Accelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with PlatformlessAccelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with Platformless
WSO2
 
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar
 
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdfEnhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
Jay Das
 
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamOpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
takuyayamamoto1800
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
Paco van Beckhoven
 
Vitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume MontevideoVitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume Montevideo
Vitthal Shirke
 
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Globus
 
Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024
Globus
 
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.ILBeyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Natan Silnitsky
 
2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx
Georgi Kodinov
 
May Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdfMay Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdf
Adele Miller
 
Lecture 1 Introduction to games development
Lecture 1 Introduction to games developmentLecture 1 Introduction to games development
Lecture 1 Introduction to games development
abdulrafaychaudhry
 
A Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdfA Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdf
kalichargn70th171
 
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
AMB-Review
 

Recently uploaded (20)

Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
 
Understanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSageUnderstanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSage
 
Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604
 
Cyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdfCyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdf
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
 
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxTop Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
 
Accelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with PlatformlessAccelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with Platformless
 
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBroker
 
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdfEnhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
 
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamOpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
 
Vitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume MontevideoVitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume Montevideo
 
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
 
Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024
 
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.ILBeyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
 
2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx
 
May Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdfMay Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdf
 
Lecture 1 Introduction to games development
Lecture 1 Introduction to games developmentLecture 1 Introduction to games development
Lecture 1 Introduction to games development
 
A Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdfA Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdf
 
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
 

Selling Your Organization on Application Security

  • 2. It's no secret that cyberattacks place organizations large and small at risk. Although these events are an inescapable piece of today's business puzzle, many breaches and breakdowns are avoidable. An often-overlooked aspect is reducing risk in application security. By securing applications and creating a framework that supports consistent software and coding standards, an enterprise is better equipped to shield its data, information and intellectual property. Selling Your Organization on Application Security | 01
  • 3. Cyber risk is no small problem: Losses from breaches exceed US $400 million annually.1 But using a best-practices approach requires more than great tools and technologies. There's a need to achieve strong buy-in from five key groups and functions within the enterprise: Executive team Contract management specialists Development teams Legal department Marketing and communications What’s the Real World Cost of a Breach?2* Selling Your Organization on Application Security | 02 Business Disruption 39% Information Loss 35% Revenue Loss 21% Equipment Damages 4% Other Costs 2% TWEET THIS * Note that percentages add up to 101% due to study sponsor's use of rounding.
  • 4. Gaining support for your application security initiative among your board of directors, C-Suite and other key players means leaving the bits and bytes discussion behind and establishing a business case — along with quantifiable data — that focuses on value, cost and risk. It's also imperative that your enterprise achieves strategic alignment across groups, sponsorship across the organization, essential budgeting support, the human resources necessary to achieve results, and an environment that promotes communication and collaboration. This approach, which includes a CISO overseeing the task and serving as the liaison among groups, allows the organization to deploy effective program teams and create strong and consistent alignment. THE EXECUTIVE TEAM Selling Your Organization on Application Security | 03 OVER THE NEXT THREE YEARS, THE TIME CSOs WILL SPEND ADVISING BUSINESS EXECUTIVES IS ANTICIPATED TO INCREASE BY 79%.3 CSO TWEET THIS
  • 5. Terms and agreements are the foundation of a strong application security framework and total organizational buy-in. As a result, it's vital to get your contract management specialists on board so there are overarching controls in place along with provisions that prevent groups from redlining critical terms and conditions. When contract managers effectively support application management and application security, the task becomes a strategic function that's tightly integrated across the enterprise. This leads to broader and deeper software controls and fewer gaps and vulnerabilities. Security Risks Exist Across the Enterprise4 On average, almost two-thirds of all internally developed enterprise applications remain untested for security vulnerabilities. This category is composed of four key groups: Mobile Applications not tested for security vulnerabilities Web Applications not tested for security vulnerabilities Client/Server Applications not tested for security vulnerabilities Terminal Applications not tested for security vulnerabilities Selling Your Organization on Application Security | 04 CONTRACT MANAGEMENT SPECIALISTS 62% 63% 67%62%
  • 6. The success of today's digital enterprise revolves heavily around software and coding. As a result, achieving buy-in among development teams is critical. These groups must tie together diverse groups of applications, APIs and other open-source libraries, public and private clouds, and more. Without consistent standards and a strong commitment to application security, the task is next to impossible. The upshot? Development teams must have quick and easy access to guidelines, policies and procedures. The result is more consistent coding and far more integrated software lifecycles that ultimately lead to better application security. 95% OF BREACHES INVOLVE HARVESTING CREDENTIALS STOLEN FROM CUSTOMER DEVICES AND THEN LOGGING INTO WEB APPLICATIONS WITH THEM.6 Selling Your Organization on Application Security | 05 A TYPICAL U.S. $500 MILLION-PLUS ENTERPRISE RELIES ON MORE THAN 3,079 APPLICATIONS THAT IT HAS DEVELOPED INTERNALLY.5 DEVELOPMENT TEAMS TWEET THIS
  • 7. Over the past decade, software procurement and development have become incredibly complex tasks. It's essential to build in mechanisms that boost compliance internally, within an industry and for government mandates and regulations. A legal department is at the center of all this, making their buy-in essential to your application security program. The legal team will help your enterprise — and your vendors — establish workable conditions and ensure that all parties abide by contractual obligations. They must also protect the organization from unnecessary legal exposure. INTERNALLY DEVELOPED APPLICATION PORTFOLIOS ARE GROWING AT A RAPID 12% ANNUAL RATE. THIS TRANSLATES INTO AN AVERAGE OF 371 NEW APPLICATIONS FOR A TYPICAL ENTERPRISE WITHIN THE NEXT YEAR.7 THE LEGAL DEPARTMENT Selling Your Organization on Application Security | 06 TWEET THIS
  • 8. Capturing the hearts and minds of key players doesn't happen on its own. Even the best tools, most efficient processes and strongest executive support aren't enough to guarantee success. Consider this: A Project Management Institute (PMI) study found that 56 percent of unsuccessful projects fail to meet their goals due to ineffective communication.8 This points directly to the need for support from internal marketing and communications teams, who will help oversee your initiative and keep news and information flowing both upstream to senior executives and downstream to the enterprise. They must also tap surveys and metrics to understand whether the message is getting across and buy-in is taking place. MARKETING AND COMMUNICATIONS SPECIALISTS Selling Your Organization on Application Security | 07 AN ENTERPRISE MUST DEVELOP A STRATEGIC PLAN ALONG WITH THE TECHNOLOGY, PROCESSES AND COMMUNICATION NEEDED TO FULLY SUPPORT AN APPLICATION SECURITY INITIATIVE. TWEET THIS
  • 9. Having your key stakeholders recognize that application security is a business imperative is a key step in building a cybersecurity framework for the present and the future. Your enterprise must develop a strategic plan along with the technology and processes to fully support application security. Your leaders must connect and integrate key groups while establishing robust communication channels that keep everyone informed and engaged. With this foundation in place, it's possible to achieve total buy-in and tackle application security in a holistic and highly effective way. The result is a business that's fully equipped to deal with today's opportunities and challenges. PUTTING IT ALL TO WORK Selling Your Organization on Application Security | 08 24% OF ORGANIZATIONS SUFFERING A BREACH REPORT FINANCIAL LOSSES OF $100,000 OR MORE, AND 7% REPORT LOSSES OF MORE THAN $10 MILLION.9 MORE THAN HALF OF ALL RESPONDENTS IN A RECENT SURVEY EXPECT SPENDING ON APPLICATION SECURITY TO INCREASE OVER THE NEXT YEAR. WITH SO MUCH ON THE LINE, GETTING STAKEHOLDER BUY-IN IS NOTHING LESS THAN CRITICAL TO THE SUCCESS OF YOUR INITIATIVE.10
  • 10. To learn more about why you need your enterprise’s teams on board when implementing an application security program, download our informative guide, “Joining Forces: Why Your Application Security Initiative Needs Stakeholder Buy-In.” DOWNLOAD LOVE TO LEARN MORE ABOUT APPLICATION SECURITY? Get all the latest news, tips and articles delivered right to your inbox by subscribing to our blog. Subscribe Now Selling Your Organization on Application Security | 09
  • 11. Veracode is a leader in securing web, mobile and third-party applications for the world’s largest global enterprises. By enabling organizations to rapidly identify and remediate application-layer threats before cyberattackers can exploit them, Veracode helps enterprises speed their innovations to market — without compromising security. Veracode’s powerful cloud-based platform, deep security expertise and systematic, policy-based approach provide enterprises with a simpler and more scalable way to reduce application-layer risk across their global software infrastructures. Veracode serves hundreds of customers across a wide range of industries, including nearly one-third of the Fortune 100, three of the top four U.S. commercial banks and more than 20 of Forbes’ 100 Most Valuable Brands. Learn more at www.veracode.com, on the Veracode blog and on Twitter. ABOUT VERACODE 1 2015 Data Breach Investigations Report, Verizon, April 2015. 2 2015 Cost of Cyber Crime Study: Global, Ponemon Institute, October 2015. 3 State of the CSO 2014, CSO Magazine, 2014. 4 The Application Enterprise Landscape, IDG Research, May-Aug 2014. 5 lbid. 6 Ibid. 7 lbid. 8 Executive Sponsor Engagement: Top Driver of Project and Program Success, Project Management Institute, October, 2014. 9 2014 Global State of Information Security Survey, PriceWaterhouse Coopers, CIO Magazine CSO Magazine, September 2013. 10 2015 State of Application Security: Closing the Gap, Sans Institute, May 2015. Selling Your Organization on Application Security | 10