A globally recognized leader in multiple industries, providing a wide range of products and services through a vast portfolio of businesses.
Operations in 100+ countries
100,000+ employees
100+ years of excellence
-Aug-04-2022-09-11-18-41-PM.png){kind=icon}
Our client faced escalating risks due to an increasingly complex and expansive corporate application portfolio serving its many international businesses. As the number of applications grew, it became increasingly difficult to track all assets and third parties and conduct effective security assessments. Key opportunities identified included:
Reducing the risk of cyberattacks by enhancing the visibility and documentation of IT assets, ensuring all systems were properly inventoried and secured.
Lowering remediation costs by implementing more efficient processes to identify and address application vulnerabilities.
Preventing vulnerabilities from reaching production by strengthening pre-release security measures to protect the business from potential economic, reputational, operational, and legal risks.
-Aug-04-2022-09-05-23-20-PM.png){kind=icon}
To address these challenges, Softtek implemented a comprehensive Application Security and Vulnerability Management program through a nearshore managed services engagement model that has been ongoing for more than 20 years. This approach gave Softtek accountability for the security program, ensuring that the client could focus on core business operations while we met well-defined SLAs and KPIs, provided full transparency through real-time reporting, and continuously improved the program by increasingly leveraging automation and AI year over year.
Assessment and inventory: Conducted a comprehensive assessment of the client’s current state, including a detailed analysis of the existing environment. We also created and maintained a complete asset and application inventory, aligning with the “Identify” core function of the NIST Cybersecurity Framework.
Application security and vulnerability management program: A proactive program that includes routine and on-demand scanning for vulnerabilities, providing detailed remediation recommendations and support, and conducting follow-up scans to validate that all vulnerabilities have been fully resolved.
Identity and access management (IAM): Achieved 100% coverage of all applications by implementing a comprehensive IAM framework aligned to NIST and tailored to the client.
Third-party risk management: Achieved 100% third-party risk assessment coverage by conducting thorough evaluations of all third-party providers to ensure compliance with the client’s security standards. This included reviewing security policies and operational processes, followed by validating adjustments with the providers.
Security awareness training: Developed and delivered custom security awareness programs, including secure coding training for all developers and standard security awareness training for the entire workforce.
The combined efforts across various programs and services delivered substantial results, most notably achieving zero security breaches since the outset of our 20-year engagement. Additional significant outcomes included:
Achieving an average annual savings of $100K through effective process consolidation and ongoing improvement initiatives.
Addressed and resolved all internal audit findings, ensuring complete coverage for vulnerability management.
Successfully passed all external audits with exemplary results.
