Major Telecommunications Group

Business-critical solution needs security at its core

The dramatic rise in digital transformation on cloud and mobile platforms, and the increase in security incidents due to the exploitation of application code defects are a growing concern for enterprises. “ A proactive approach is needed to detect these vulnerabilities and protect organizations against them. Embedding security testing early in the software development lifecycle improves the effectiveness of issue remediation and reduces cost and risk. This telecommunications organization relies on DXC to manage its applications. It was particularly concerned about an HR system that manages its payroll—clearly a business-critical solution that needs to be protected at all costs.

Our client really appreciates Fortify’s real-time, centrally managed, enterprise-class reporting and dashboards. This provides a full audit trail that is required for industry regulation compliance.

Thomas Cusset, Account General Manager at DXC, explains further: “New and updated versions of the payroll solution are regularly released, and it is important to secure the development and maintenance before the final rollout. DXC partners with OpenText to provide comprehensive solutions that help clients achieve measurable business outcomes. In a partnership spanning over 25 years and with more than 1,000 joint clients, we rapidly develop and deliver tightly integrated solutions across the entire IT estate to help organizations reap the benefits of a profitable digital future.”

DXC leverages fortify to strengthen software development lifecycle

To integrate application security into the fabric of an organization’s software development lifecycle, DXC leverages Fortify on Demand. Fortify on Demand consists of an interactive, web-based management portal that is used for scheduling application security assessments and consuming the results via dashboards and reports. And because it’s a cloud-based managed service, clients no longer need to maintain their own infrastructure. The DXC Application Security on Demand service is powered by Fortify and supported by expert analysis. This detects vulnerabilities in applications through static and dynamic security testing. The combination of static and dynamic testing means security teams can implement a layered approach to deliver greater security.

Fortify’s cloud-based model makes it easy to use and consume. Our client is free to focus on its core business while a mature AppSec program driven by Fortify makes its software development lifecycle much more robust.

Fortify on Demand fits seamlessly into clients’ existing agile or DevOps processes with an out-of-the-box IDE, continuous integration/ continuous deployment (CI/CD), and bug tracker integrations. “Fortify’s cloud-based model makes it easy to use and consume,” says Mr. Cusset. “Our client is free to focus on its core business while a mature AppSec program driven by Fortify makes its software development lifecycle much more robust. Fortify is configured to automatically deliver confirmation when security testing has been completed. This means we don’t need any dedicated resources checking the process on behalf of our client.”

Comprehensive reporting supports audits and regulation compliance

When a new version of the payroll application is deployed, continuous application monitoring provides production safe vulnerability scanning for the most critical vulnerabilities across the open Web application security project (OWASP) Top 10 and risk profile change detection. “Our client really appreciates Fortify’s realtime, centrally managed, enterprise-class reporting and dashboards,” comments Mr. Cusset. “This provides a full audit trail that is required for industry regulation compliance.”

He concludes: “We firmly believe that great code is secure code, and our Application Security on Demand service, powered by Fortify, helps our client achieve this.”