Skip to main content

A Large Financial Organization Uses SD Elements to Ensure Developers Implement the Right Security Controls

Challenges 

 The client was struggling to entrust their developer teams with the responsibility of handling application security. To verify whether the security controls being implemented were effective, development teams often resorted to asking infosec, which consumed a great deal of valuable time from both development teams and infosec.

 

Solution

 The client onboarded SD Elements, Security Compass’ Policy-to-Execution platform, which has a section dedicated to ensuring that the controls developers implement are adequate. This section contains step-by-step instructions which can easily be followed by developers. SD Elements is also synchronized with external tools and SAST/DAST scanners and can import scan reports to automatically determine whether stories are validated or not.

 

Learnings 

 The client’s development teams can now independently ensure that the applications they develop are secure. They’re also now aware of the weak and strong security points in their applications, helping to avoid last minute surprises during infosec application reviews.