abutton
Close menu
Accessibility Menu
Bigger text
bigger text icon
Text Spacing
Spacing icon
Saturation
saturation icon
Cursor
big cursor icon
Dyslexia Friendly
dyslexia icon
Reset
 

CASE STUDY/ INDUSTRIAL

Nearshore program safeguards application security for global industry leader over 20 years

NextGen IT Operations | Agile Portfolio Evolution

icon

About the customer

A globally recognized leader in multiple industries, providing a wide range of products and services through a vast portfolio of businesses.

circle icon

Operations in 100+ countries

circle icon

100,000+ employees

circle icon

100+ years of excellence

young-business-people-office-working-with-tablet
icon

Business challenges

Our client faced escalating risks due to an increasingly complex and expansive corporate application portfolio serving its many international businesses. As the number of applications grew, it became increasingly difficult to track all assets and third parties and conduct effective security assessments. Key opportunities identified included:

1

Reducing the risk of cyberattacks by enhancing the visibility and documentation of IT assets, ensuring all systems were properly inventoried and secured.

2

Lowering remediation costs by implementing more efficient processes to identify and address application vulnerabilities.

3

Preventing vulnerabilities from reaching production by strengthening pre-release security measures to protect the business from potential economic, reputational, operational, and legal risks.

icon

How Softtek comes into play

To address these challenges, Softtek implemented a comprehensive Application Security and Vulnerability Management program through a nearshore managed services engagement model that has been ongoing for more than 20 years. This approach gave Softtek accountability for the security program, ensuring that the client could focus on core business operations while we met well-defined SLAs and KPIs, provided full transparency through real-time reporting, and continuously improved the program by increasingly leveraging automation and AI year over year.

Assessment and inventory: Conducted a comprehensive assessment of the client’s current state, including a detailed analysis of the existing environment. We also created and maintained a complete asset and application inventory, aligning with the “Identify” core function of the NIST Cybersecurity Framework.

Application security and vulnerability management program: A proactive program that includes routine and on-demand scanning for vulnerabilities, providing detailed remediation recommendations and support, and conducting follow-up scans to validate that all vulnerabilities have been fully resolved.

Identity and access management (IAM): Achieved 100% coverage of all applications by implementing a comprehensive IAM framework aligned to NIST and tailored to the client.

Third-party risk management: Achieved 100% third-party risk assessment coverage by conducting thorough evaluations of all third-party providers to ensure compliance with the client’s security standards. This included reviewing security policies and operational processes, followed by validating adjustments with the providers.

Security awareness training: Developed and delivered custom security awareness programs, including secure coding training for all developers and standard security awareness training for the entire workforce.

Asset 5
back img
impact1 impact2
icon

Business impact

The combined efforts across various programs and services delivered substantial results, most notably achieving zero security breaches since the outset of our 20-year engagement. Additional significant outcomes included:

money-coins

Achieving an average annual savings of $100K through effective process consolidation and ongoing improvement initiatives.

Documentos

Addressed and resolved all internal audit findings, ensuring complete coverage for vulnerability management.

Like

Successfully passed all external audits with exemplary results.

Get the PDF version