The Synopsys Software Integrity Group is now Black Duck®. Learn More

How a Global Retailer Scaled Its Application Security Program and Accelerated Digital Transformation

Overview

Focusing on digital transformation and new technology to reach its business goals, it partnered with Black Duck® to develop and deploy application security solutions and services throughout its SecOps and DevOps program. The goals of this initiative were to

  • Protect its web applications from being compromised
  • Protect its intellectual property (IP)
  • Maintain HIPAA compliance by securing pharmacy applications
  • Maintain high fidelity and customer confidence in its mission-critical online services
  • Fix vulnerabilities in a timely manner
  • Strengthen its overall security posture

The challenge

Recognizing the importance of its applications as a means to meet its global growth initiatives, the organization faced challenges balancing security with application delivery timelines. The volume of unfiltered vulnerability data was overwhelming its security teams as it tried to scale the application security program and remove the barriers of communication between its SecOps and DevOps teams.

The solution

The company chose a variety of Black Duck solutions to

  • Provide best-of-breed AppSec services with verified findings
  • Ensure continuous monitoring for vulnerabilities in its mission-critical applications
  • Utilize risk ranking to prioritize which critical issues and bugs should be immediately addressed
  • Accelerate and prioritize response times and get 24x7 escalation for critical issues and a personalized engagement to ensure that all its issues are resolved swiftly
BENEFIT IMPACT
No false positives and or duplicates As part of Security Testing Services, all data is passed through Continuous Dynamic Threat Research and only true positives are reported back.
Risk ranking of vulnerabilities The organization was better able to prioritize resources for critical bugs and at-risk applications.
24/7 support Development teams could reach out with questions directly, making Black Duck® SCA a true extension of the organization’s security team.
Fewer cross-functional silos and roadblocksRegular brownbag sessions with the organization’s development teams provided an educational resource to resolve bugs and issues. Black Duck helped the organization remove internal silos and achieve more effective programmatic enablement between DevOps and SecOps.
Improved interactions between SecOps and development teams The organization’s teams worked together more efficiently and achieved improved results.

The results

Black Duck solution architects worked with the organization to successfully develop and execute an application security strategy tailored to its diverse development needs and deploy an enterprise-wide risk management program.

The organization worked with Security Testing Services to implement a programmatic approach to remediating vulnerabilities according to its security policies and best practices, while empowering its teams to work together more effectively and efficiently. All of this helped the organization secure its business-critical applications and meet its growth initiative goals.

Company overview

This global retailer provides pharmacy-related services and is in business in more than seven countries with over 700 locations. It has an annual revenue of over $166 billion.

 

Related content