“There are enough challenges within security that it’s nice to have a partner where you don’t have to worry about if their products are meeting your requirements or not.”
Veracode’s industry-leading AppSec solution reduces time to remediation for high-severity flaws, improves security and development culture, and speeds up deployment for Advantasure.
The Challenge
Organizations in the healthcare industry are held accountable for complying with state and federal cybersecurity regulations. For Advantasure, this posed a real challenge. Advantasure not only needed an application security program that could protect it against cyberattackers, it needed an AppSec program to help it prove compliance with laws and regulations across multiple states. On top of that, Advantasure had a multi-cloud platform, so it was challenged with finding a SaaS- based AppSec solution.
The Solution
Veracode was the clear choice for Advantasure.
“We spent a lot of time looking at other solutions and trying to figure out the right one and – as any organization would – do our due diligence to not just pick one product but find the right fit. As soon as we did those side-by-side comparisons and we conducted an analysis, Veracode was the one that came out on top and met most of our requirements. We felt like it was the best company and that we could partner with Veracode for the long term.”
Not only does Veracode have the ability to help its clients comply with state and federal regulations, it’s also a cloud-based solution that’s easy to implement, easy to use, and easy to measure.
Since Veracode is cloud-based, Advantasure didn’t need to “hire people, manage, upgrade, and maintain” as would have been the case with on-premises solutions. Advantasure, along with its Veracode Security Program Manager, was able to “just focus on integrating the product and its features and functionalities.”
Advantasure also selected Veracode for its Verified program. Veracode Verified offers an easy-to- follow roadmap to help Advantasure reach the highest-level of application security. With multiple tiers to achieve, the Advantasure team views Verified as an exciting challenge – they’re always working toward achieving the top tier, Continuous.
The Results
Since partnering with Veracode, Advantasure has seen many positive and impactful changes. For starters, Advantasure has taken advantage of Veracode’s developer training offerings, including Veracode eLearning. The online tools help train developers in security, alleviating the training burden that was originally placed on the security team. The online training has also helped gain developer buy-in for the AppSec program and has established security champions. Security champions are elected developers who immerse themselves in security training and become advocates for secure coding on their development teams. The security champions program has been very helpful at Advantasure because, as Sue McTaggart, Application Security Architect at Advantasure, expresses, “We have over 600 developers, and we cannot train all of them to be security-focused. So, by having security champions, we have ambassadors that can evangelize secure coding.”
Ultimately, Veracode has become an integral part of Advantasure’s development process. In addition to scanning directly in the IDE, Advantasure has also been able to integrate the AppSec solutions into their CI/CD pipeline, which is deployed on AWS and uses Jenkins. By integrating Veracode’s security analysis into that Jenkins pipeline, they are assessing the security of code as they deliver changes to their applications on AWS. With this combination of Veracode and AWS, they have all the benefits of an abstracted application infrastructure, plus assurance around the security of the code they build and deploy. This automation and integration are very beneficial for Advantasure because, “manual processes are prone to human error. So, if you can build automation into your application security program, you automate the finding of vulnerabilities and risk within your source code and you’re not relying on humans.” This has helped Advantasure speed up development and move to production faster than ever before.
Advantasure has remediated high-severity flaws faster thanks to Veracode’s reporting structure. Veracode consolidates the findings from its AppSec solutions into one, easy-to-read report that ranks vulnerabilities based on severity.
Lastly, Advantasure’s participation in Veracode Verified has helped it maintain stakeholder buy-in and gain a competitive edge in the market. The Verified program enables stakeholders to see the return on their investment. It also helps Advantasure when discussing AppSec performance with clients and its board of directors. As Dalrymple explains, Advantasure is able to come “prepared to talk about how we’re measuring the security program” knowing that they have the right products to support Advantasure’s future growth.
