Case Study - Telecommunications

Tier 1 telco outsources their Application Security Testing needs

Client challenge

The client is a telecommunications company and Internet service provider with a large customer base. CyberProof was approached by the company to strengthen its cyber security program while addressing local cyber-security compliance regulations.

As a large organization with distributed development teams, the client struggled to maintain clear and consistent secure coding methodologies across the enterprise ranging from application scanning and testing to implementing best practices and providing effective training.

The fragmented setup and lack of visibility made it increasingly challenging to demonstrate the company’s processes were meeting compliance regulations to internal and external auditors.

Benefits

  • 35% increase in productivity relating to application development.
  • Greater visibility into coding methodologies across the enterprise.
  • Meeting cybersecurity regulations including compliance requirements.
  • Improved management of vulnerabilities and risk across software development teams.

Our solution

CyberProof developed go-forward recommendations and implemented cybersecurity controls that better positioned the organization, from the perspective of regulatory requirements.

CyberProof identified Security Champions for each in-scope application – assigning subject matter experts able to help drive the process and identify common ground across distinct development teams.

After a thorough discovery process, CyberProof delivered specific recommendations, including:

  • An inventory of secure coding methodologies meeting software and industry standards
  • Identification of gaps in processes
  • Auditable documentation tracking the progress of secure coding implementation
  • A roadmap for addressing potential vulnerabilities

As a key recommendation within the roadmap, CyberProof implemented a platform to help the company manage vulnerabilities and risk across software development teams and infrastructure. Given the diverse nature of the scanning and testing tools, this platform provided a solution capable of ingesting, normalizing, correlating and prioritizing vulnerabilities across the software development life cycle (SDLC). In addition, as a cloud-based technology, the platform is an easy-to-deploy and platform-agnostic solution that scales with the telecommunications provider’s needs now and in the future.

CyberProof helped the telco bridge the gap between application security and security operations, while streamlining the process of addressing risk and vulnerabilities across the SDLC. With the solutions provided, CyberProof bolstered the organization’s overall security posture, leaving the client confident in its ability to meet the compliance requirements quickly and efficiently.