As a long time security professional and CA Veracoder heading Product Marketing, Sam King has seen investments in security go up exponentially over the years. Even with all that additional investment, data breaches continue to happen with alarming frequency. We recently recorded a chalk talk with Sam on why this is the case.
We also added in a transcript of the video below. Enjoy!
I often get asked the question – what is special about CA Veracode and what is different about the way you solve the application security problem compared to everyone else?
So let me take a few minutes to describe that to you. As a security professional, the infrastructure that you are responsible for protection is ultimately along these lines: There’s the data, these are ultimately the crown jewels of your organization, there’s a network that you’re operating, there are end points – increasingly there are mobile devices, and then you have the applications that you are running.
In the past few years, the security community has done a pretty good job of protecting the end points and the network and a lot of progress has been made at these two layers of the infrastructure but the data is still being lost. 2011 if nothing else was the year of data breaches with a lot of data loss stories despite all that investment that has occurred at the endpoint layer and the network there, and the reason for that is the application layer.
This is big, complex, and insecure, so let’s take a minute to talk about the application layer. Well, you clearly have web application that you are running, you might have some applications that you’re getting from outsourced providers, increasingly, there are mobile applications that are entering your environment, and then you have commercial off-the-shelf applications that you might be buying from different vendors.
Now, let’s take a minute about how you would go about securing this big, complex, application layer. Well, you have different vendors doing different technologies – you may have someone that’s giving you static analysis, and someone else that’s giving you dynamic analysis, or maybe you have some consultants come and do man-pen testing, or you have someone else come in and help you create your policies for application security.
Well, CA Veracode does all of this (security testing) for all of that (applications) and we do it using the single, central cloud platform, so its instantly on, no hardware, no software, no installation, no maintenance – you are instantly on the cloud platform and you can start analyzing all of these applications.
And by the way, we do this for hundreds of companies, so not only do we know what your state of software security looks like, we know what everyone’s state of software security looks like as well, What that allows you to do is get a sense of how you are doing in comparison to peers in your industry or in comparison to industry standards.