/jun 23, 2020

Making a Case for the Cloud: Customers Give Their Honest Feedback of SaaS-Based AppSec

By Hope Goslin

Before the pandemic, 70 percent of companies were in the early stages of a digital transformation. But given the current circumstances, companies are being forced to speed up those efforts. This statistic, coupled with the FBI’s findings that cyberattacks have increased by 400 percent over the last few months, supports the need for increased application security (AppSec) and the shift toward software-as-a-service (SaaS) models.

Veracode offers the application industry’s only cloud-native SaaS solution, combined with over a decade of experience helping customers develop effective AppSec programs. This means your program is up and running on day one, and you don’t purchase or maintain servers, which can lead to savings of up to $650,000 a year*.

Most organizations are starting to realize the benefits of this delivery model. Gartner’s 2018 report on Market Trends: The Transformative Impact of SaaS on the Software Market, found that SaaS models are definitely trending. In fact, SaaS revenue grew a whopping 135 percent between 2015 and 2018.

We recently compiled some of our customers’ thoughts on the advantages of SaaS-based AppSec. You can see the video here. Combined with data from a recent Forrester Total Economic Impact report*, we found that the following are the biggest benefits:

No deployment

On-premises solutions take more than 33 hours* to configure – that’s almost an entire workweek! But, since SaaS-based solutions don’t require physical servers, you can start scanning immediately. This means there is zero downtime for your organization.

No maintenance

With SaaS-based AppSec solutions, the customer doesn’t take care of maintenance, the vendor does. This saves you time and money that can be dedicated to other efforts, like integrations. As our customer, Wallace Dalrymple, Chief Information Security Officer at Advantasure, said about our solution in a recent interview, “We could rely on our strategic partner to maintain it for us. We could really just focus on integrating the product and its features and functionalities.”

Ease of scaling

What’s great about a SaaS-based AppSec solution is that you don’t need to plan for scan spikes or take any action. The solution is elastic and will auto-scale to meet demand. This means no more paying for a sudden scan increase or worrying about adding additional scan engines. For customers like Gautum Roy, Head of Product Marketing and Security at Automation Anywhere, Veracode’s ability to “scale on-demand in the cloud” was a major selling point.

Cost savings

The total cost of ownership for a SaaS-based AppSec program is significantly lower than that of an on-premises solution. Not only is it 20 percent less a year to operate, the increased productivity time can save you millions*. You will also avoid unexpected expenses like scan spikes, enabling your organization to budget better.

More accurate results

With SaaS-based AppSec, developers and security professionals can easily mark a finding as a false positive, meaning low false-positive rates, without self-tuning. On-premises vendors are limited to testing their false-positive rate with a small number of test apps in a lab. You would need to file support tickets for false positives, which is a time-consuming step most developers are unlikely to take. This is why on-premises applications have a higher false-positive rate, and why on-premises users need to tune the scanner for each application to reduce the false-positive rate.

Watch our customers talk about SaaS advantages

For more details, check out our video, Veracode Customers Talk About the Advantages of SaaS-Based AppSec.


*Data is based on a Veracode-commissioned study and published in Forrester’s report, SaaS vs. On-premises: The Total Economic Impact™ of Veracode’s SaaS-based Application Security Platform.


Related Posts

By Hope Goslin

Hope is part of the content team at Veracode, based in Burlington, MA. In this role, she focuses on creating engaging AppSec content for the security community.