How a Global Retailer Scaled Its Application Security Program and Accelerated Digital Transformation
Overview
Focusing on digital transformation and new technology to reach its business goals, it partnered with Black Duck® to develop and deploy application security solutions and services throughout its SecOps and DevOps program. The goals of this initiative were to
- Protect its web applications from being compromised
- Protect its intellectual property (IP)
- Maintain HIPAA compliance by securing pharmacy applications
- Maintain high fidelity and customer confidence in its mission-critical online services
- Fix vulnerabilities in a timely manner
- Strengthen its overall security posture
The challenge
Recognizing the importance of its applications as a means to meet its global growth initiatives, the organization faced challenges balancing security with application delivery timelines. The volume of unfiltered vulnerability data was overwhelming its security teams as it tried to scale the application security program and remove the barriers of communication between its SecOps and DevOps teams.
The solution
The company chose a variety of Black Duck solutions to
- Provide best-of-breed AppSec services with verified findings
- Ensure continuous monitoring for vulnerabilities in its mission-critical applications
- Utilize risk ranking to prioritize which critical issues and bugs should be immediately addressed
- Accelerate and prioritize response times and get 24x7 escalation for critical issues and a personalized engagement to ensure that all its issues are resolved swiftly
| BENEFIT | IMPACT |
|---|---|
| No false positives and or duplicates | As part of Security Testing Services, all data is passed through Continuous Dynamic Threat Research and only true positives are reported back. |
| Risk ranking of vulnerabilities | The organization was better able to prioritize resources for critical bugs and at-risk applications. |
| 24/7 support | Development teams could reach out with questions directly, making Black Duck® SCA a true extension of the organization’s security team. |
| Fewer cross-functional silos and roadblocks | Regular brownbag sessions with the organization’s development teams provided an educational resource to resolve bugs and issues. Black Duck helped the organization remove internal silos and achieve more effective programmatic enablement between DevOps and SecOps. |
| Improved interactions between SecOps and development teams | The organization’s teams worked together more efficiently and achieved improved results. |
The results
Black Duck solution architects worked with the organization to successfully develop and execute an application security strategy tailored to its diverse development needs and deploy an enterprise-wide risk management program.
The organization worked with Security Testing Services to implement a programmatic approach to remediating vulnerabilities according to its security policies and best practices, while empowering its teams to work together more effectively and efficiently. All of this helped the organization secure its business-critical applications and meet its growth initiative goals.
Company overview
This global retailer provides pharmacy-related services and is in business in more than seven countries with over 700 locations. It has an annual revenue of over $166 billion.
Related content
A Theoretical vs. a Practical Approach Toward AppSec
See why DAST remains a primary pillar in a holistic AppSec program
Software Vulnerability Snapshot
Top 10 Most Common Web and Software Application Vulnerabilities
Preview the report
