Tieto needed to efficiently and effectively find and fix exploitable vulnerabilities in new and existing applications.
Despite its software development prowess and experience, the firm struggled, until recently, with ways to efficiently and effectively find and fix exploitable vulnerabilities in new and existing applications.
While Tieto has a software development organization of about 3,000 employees, it maintains a relatively small security team, primarily focused on network, infrastructure, and business security issues.
“One of the key challenges we faced is that we did not have a centralized way of doing application level security testing,” notes Sami Suro, Director for Business Solutions. “We pay a lot of attention to network and business security but, until recently, application security has not received the same level of scrutiny.”
According to Suro, over the past few years the firm has seen a major increase in demand from internal and external customers for new web and mobile applications for both horizontal and vertical industry uses. “Mobility is transforming entire business models, service models, and revenue models,” he remarks. “Our major sector customers expect us to be able to meet all their application needs, and that includes web and mobile applications as well.”
He continues, “We understood the message from our customers that they want us to include application level security assessment and remediation as part of our complete development services,” Suro explains. “Our development teams had been using some open-source tools for the application security testing we were doing. However, after we began using Fortify on Demand, we realized how much more accurate and better the results could be. The increased visibility we can provide to the many stakeholders involved with every application is a tremendous advantage.”