Does application security pay? Communicate the business value of application security solutions in a language that matters to the board.

Author:LeGrande, Craig

The last decade has seen a dramatic shift in the way companies manage information security and protect vital data. In the past, businesses confronted the threat of cyber attacks and data breaches primarily by building firewalls and other "perimeter defences" around their networks, but the threat has continued to evolve, and more criminals are hacking into applications that are running on a plethora of new devices and environments, including cloud, mobile, and social media.

As a result, the focus of threat protection is moving from securing the infrastructure to securing the software applications that businesses write and deploy. The shift has created a market for a new generation of products and services - known as software security assurance (SSA) solutions - that help companies uncover vulnerabilities in their code, effectively fix these defects, and produce software that is impervious to security threats.

In an effort to quantify the business value of SSA, Fortify Software commissioned Mainstay Partners to conduct in-depth interviews of 17 global customers - organisations that have implemented SSA, and representing a cross-section of industries. The study found that companies are realising substantial benefits from SSA right out of the box, saving as much as $2.4M per year from a range of efficiency and productivity improvements, including faster, less-costly code scanning and vulnerability remediation and streamlined compliance and penetration testing.

Exponential increases in benefits, however, are being achieved by companies that deploy SSA in more comprehensive and innovative ways. These advanced deployments include embedding software security controls and best practices throughout the development lifecycle, extending SSA programs into critical customer-facing product areas, and leveraging SSA to seize unique value-generating opportunities. For these strategic companies, the benefits of software security solutions can add up to as much as $37M per year. In our interconnected world, software is everywhere - not just in data centres or on desktop computers, but in mobile phones and all kinds of wireless devices and consumer products. Software resides on the Web and in the cloud, where businesses rely on software-as-a-service solutions (SaaS) for mission-critical business functions. Application security protects the software that is running in all these environments and devices, and the business improvements of SSA are seen as extending to wherever applications are deployed.

At a time when IT budgets are coming under closer scrutiny, chief information security...

To continue reading