“Deployment of Static Analysis was smooth, easy and the results were something we could act on immediately, helping us prioritize development activities...”
Rekener builds client trust by integrating security into software development lifecycle.
The Challenge
Rekener works with recurring revenue businesses and Rekener’s software platform allows bizops, sales, and marketing teams to leverage the data they have in multiple go-to-market systems to build and execute revenue growth strategies. Because Rekener’s application directly syncs with data from its clients’ own go-to-market systems, Rekener can’t afford to take application security lightly. In founding the company, the leadership team knew its clients and prospects would place a lot of emphasis on security certifications — namely, industry-standard data security certifications like SOC 1 Type II and SOC 2 Type II. Rekener wanted to make sure that security was embedded from the beginning in both its code and its development culture, giving it a competitive advantage in the marketplace. Casion states, “For Rekener, our first priority was to develop a strong security posture from day one for our clients, so we wanted to bring best-in-class tools into our development process early.”
The Solution
Rekener had plans to achieve SOC 1 and 2 certifications when it was merely a team of eight people. With that in mind, Rekener brought in Veracode as a single solution for both static and dynamic analysis for its business-critical application. On its decision to invest in Veracode, Casion states, “We wanted to bring in both static code analysis and dynamic code analysis into our development process and Veracode offered a single solution. For static analysis, we were looking for an enterprise-grade third party to be an unbiased voice at the table, helping us prioritize security- related development priorities and the commensurate dynamic analysis to constantly keep an eye on the front door.”
The Rekener team needed to balance the amount of time invested on implementation and training the team on a new solution with the 24x7 demands of a fast-growing startup. Veracode’s cloud- based delivery enabled the Rekener team to get started quickly. Veracode’s team of Program Managers and Application Security Consultants were integral in training the Rekener development team on using the platform and remediating any findings that were uncovered, something that the other solutions evaluated could not provide. The training helped to ensure that Casion and his team were well prepared to address any security flaws yielded by the Veracode scans. Veracode was their solution of choice to establish a baseline and institute incremental improvements to the security posture of their application portfolio. For Rekener, Veracode offers the unbiased third- party assessment it needs to ensure its applications are built with not only top-notch functionality, but top-notch security parameters as well.
Positive Business Outcomes
With Veracode Static Analysis, Rekener was able to yield actionable results quickly and easily. “Deployment of Static Analysis was smooth, easy and the results were something we could act on immediately, helping us prioritize development activities,” Casion reported. Veracode provided an unbiased attestation of Rekener’s flagship software so that Rekener could focus its remediation efforts on the most critical vulnerabilities. The platform’s policy management function allowed Casion and his team to streamline remediation timelines by addressing flaws in accordance with industry certifications like OWASP, SOC 1 and SOC 2. Having used similar solutions in the past, Casion and his team understood the importance of testing software early in the development cycle, rather than potentially accumulating a multitude of security flaws later in the development process. He goes on to say, “Basically we wanted to establish a really strong baseline to start, and the Veracode tools helped us get there.”
What The Future Holds
With promising results in just a few short months, Dave Casion and the Rekener team are already planning to fully automate their use of the Veracode platform. Integrating Veracode with their internal bug tracking system is one step toward streamlining the process by which developers prioritize their remediation efforts. “We envision a future where we submit a scan as part of the sprint process, and assignments are automatically created based on the findings and assigned back out to the engineers responsible. We’re looking forward to that future together,” Casion states. Rekener is also looking to integrate security scanning into its build process so that security checks are a routine part of its sprint cycles.
Since application security is an important element in Rekener’s product design, it makes sense that application security is also a mainstay in its internal developer training curriculum. On how Rekener leverages Veracode’s knowledge base in its internal training curriculum, Casion states: “We perform ongoing internal security training programs company-wide. For our engineering team, we discuss and train on industry-standard best practices such as the OWASP Top 10. We rely on Veracode’s scan results to help inform us where we need to train as that points out where we need to improve.”
As Rekener gears up for its next phase of growth, Casion and his team are confident that Veracode software and services will play a big role in its security strategy. “We’re looking to build lasting strategic relationships and partnering with best-of-breed technology providers like Veracode enables us to deliver on our commitment to be a responsible partner to our clients.”
