Veracode Simplifies Security Policy Management for Organizations Grappling with Mobile Applications and the Consumerization of IT
NATIONAL HARBOR, Md.--(BUSINESS WIRE)-- The consumerization of IT can bring new workforce efficiencies, as well as potentially devastating enterprise security and compliance risks. As organizations grapple with the new era of mobile device management, a one-size-fits-all approach to application security policy management and compliance isn’t sufficient. Today, Veracode, Inc., provider of the world’s only independent, cloud-based application risk management platform, announces a more effective approach with the launch of its new Veracode Policy Manager. Veracode is demonstrating Veracode Policy Manager at the Gartner Security & Risk Management Summit 2011 (booth #53), taking place
Veracode Policy Manager allows enterprises to move rapidly from ad-hoc testing to proven and enforceable security programs and policies for their entire software application portfolio, including mobile. Veracode currently provides application security verification across primary mobile platforms - RIM’s BlackBerry operating system (OS), Windows Mobile, Google’s Android OS and Apple iOS.
A cloud-based service, Veracode Policy Manager provides CISOs with a dashboard that offers a centralized view of their portfolio of internal and third-party applications with details on how each application is performing from a policy perspective. Veracode Policy Manager’s easy-to-use interface offers specific compliance requirement tracking capabilities and enables users to tick through a series of best practice-based or customizable drop-down menus that identify appropriate security policy options, including recommended remediation times based on the criticality of the flaw, criticality of the application and established CISO requirements.
“Mobile adoption and related application vulnerabilities are pushing organizations to think more seriously about software security. The reality is that mobile apps are no different from other enterprise apps from a security policy perspective. However, many organizations, even those that are serious about application risk management, are still questioning what those security policies should be, and how to enforce and report on them,” said
Policy Manager Makes Effective Governance Programs Possible
Veracode Policy Manager provides the ability to customize application security acceptance criteria (or use Veracode best practices), enforce required scan type and frequency, set “fix by” dates on flaws and set default global or per-application policies.
Specific features of Veracode Policy Manager include:
- Application Policy Dashboard: Centralized dashboard for applying policies, assigning business owners, adding new applications and tracking policy compliance across application inventory
- Policy Editor: Interface to defining custom policies based on standards (e.g., OWASP/SANS Top 25), flaw type (CWE), severity and Veracode rating with capability to specify assessment frequency, acceptable remediation timeframes and grace periods
- Policy Control Reports: Detailed reports depicting status against all controls specified within applicable policy, provides snapshot of compliance on a per-application basis
- Notification Workflow: Support for automated notifications to business owners regarding policy assignment, testing requirements and compliance status
Available to all current Veracode customers, Veracode Policy Manager offers CISOs greater risk management control across their entire application portfolio. It enables organizations to better adhere to, and enforce and report on, established policies associated with applications’ business criticality and portfolio risk tolerance. It also enables CISOs to identify variances between known risk tolerance and those internally or third-party-developed applications that are the farthest from compliance. Those variances can then be used to influence the establishment of benchmarks across the organization’s developer and vendor community.
“Veracode Policy Manager was developed with CISOs in mind. We simplify the governance process and put control in the hands of the CISO, helping them to gain a centralized view of their portfolio from a policy performance perspective while supporting more well-informed discussions with senior management related to risk tolerance and compliance,” continued Cirino.
Additional Resources
Along with the launch of Veracode Policy Manager, the company is offering access to two new resources for organizations seeking additional guidance with determining, setting and enforcing the appropriate security policies for their software portfolio.
- “Policy-Driven Software Security From Ad-Hoc Testing to a Programmatic Approach,” available here: http://info.veracode.com/policy-wp-june-2011.html
- “Understanding the Risks of Mobile Applications,” available here: http://info.veracode.com/Whitepaper-2011-Mobile.html
About Veracode
Veracode is the only independent provider of cloud-based application intelligence and security verification services. The Veracode platform provides the fastest, most comprehensive solution to improve the security of internally developed, purchased or outsourced software applications and third-party components. By combining patented static, dynamic and manual testing, extensive eLearning capabilities, and advanced application analytics, Veracode enables scalable, policy-driven application risk management programs that help identify and eradicate numerous vulnerabilities by leveraging best-in-class technologies from vulnerability scanning to penetration testing and static code analysis. Veracode delivers unbiased proof of application security to stakeholders across the software supply chain while supporting independent audit and compliance requirements for all applications no matter how they are deployed, via the web, mobile or in the cloud. Veracode works with customers in more than 80 countries worldwide including Global 2000 brands such as Barclays PLC and Computershare as well as the California Public Employees’ Retirement System (CalPERS) and the
Copyright © 2011 Veracode, Inc. All Rights Reserved. All other brand names, product names, or trademarks belong to their respective holders.
fama PR
[email protected]
Source: Veracode
Advisor News
- Fear of outliving money at a record high
- Cognitive decline is a growing threat to financial security
- Two lessons career changers wish they knew before starting the CFP journey
- Americans less confident about retirement as worries grow
- 6 in 10 Americans struggle with financial decisions
More Advisor NewsAnnuity News
- CareScout Joins Ensight™ Intelligent Quote LTC & Life Marketplace
- Axonic Insurance Annuities, Built for Banks, Broker-Dealers and RIAs, Now Available through WealthVest.
- Allianz Life Adds New Accumulation-Focused Fixed Index Annuities
- Allianz Life adds new accumulation-focused FIAs
- Industry objects to ‘tone and tenor’ of draft NAIC Annuity Buyer’s Guide
More Annuity NewsHealth/Employee Benefits News
- CT insurers violating law that requires equal mental health care coverage, state says. 'An outrage'
- REPS. PANETTA, JOYCE INTRODUCE BIPARTISAN MEDICARE ADVANTAGE IMPROVEMENT ACT
- Sheridan School District leaders, teachers union restart negotiations under orders from Gov. Jared Polis
- After health insurance subsidies end, 30,000 Idahoans will be uninsured, government report says
- Sheridan School District will stop health insurance coverage for staff as teachers strike hits 3 weeks
More Health/Employee Benefits NewsLife Insurance News
- Agam Capital and 1823 Partners Announce Strategic Partnership to Provide Life Insurers with an End-to-End Value Chain Solution
- AM Best Revises Outlooks to Positive for Western & Southern Financial Group, Inc. and Its Subsidiaries
- Principal Financial Group Announces First Quarter 2026 Results
- SBLI Enhances its OmniTrak Term to Deliver Faster Decisions, More Client Coverage, and Improved Pricing
- Life insurance premium surges, but coverage is still falling short for many
More Life Insurance News