When it comes to IT security initiatives, many enterprises struggle to quantify business value and return on investment (ROI), often viewing their security spend solely as an insurance expense – a must-have in today’s world of compliance regulations and inevitable cyberattacks. But by implementing the right solutions, organizations can mitigate a multitude of security challenges while enabling business agility and achieving measurable operational benefits.
Many organizations continue to invest heavily in developing their own software applications to better serve their customer base and to maintain and drive new revenue. During the development process, coding errors that could potentially lead to exploitable vulnerabilities are bound to happen. In this case, poor quality quickly becomes a security issue and can negatively impact release frequency; meaning software that is intended to improve the bottom line becomes undeployable due to heightened vulnerability-related risk.
Or worse, the pressure to meet a critical deadline, or the identification of a vulnerability too late in the cycle, results in many pushing new builds with vulnerabilities into production. In fact, according to ESG Research, 79 percent of organizations regularly or occasionally push code with known organic vulnerabilities into production. This all equates to increased security risk, business risk and operational inefficiencies pointing to the need for an integrated solution for application security testing that enables rapid releases while reducing the underlying costs of doing so.
In this context, and to help quantify the ROI of Checkmarx AST solutions, we commissioned an independent research study with Nucleus Research to understand from our customers the business benefits they’d achieved through implementing Checkmarx. In the case of a large European financial services customer they interviewed, Nucleus found that they achieved complete payback from their Checkmarx SAST and Checkmarx Codebashing deployment within five months and gained a 393% ROI over 3 years.
The study highlights many benefits achieved by the customer in using Checkmarx solutions including:
- Reduced coding vulnerabilities: Checkmarx enabled the organization to address all software security concerns through increased visibility, reduced vulnerability, and more actionable remediation insights. Additionally, Checkmarx allowed the company to retire legacy third-party tools and libraries incorporated within its code, thereby reducing the overall risk posture of its applications, and giving developers a more modern environment to work in.
- Increased developer productivity: By using CxCodebashing, Checkmarx’s AppSec awareness and training solution, to educate developers how to create more secure code, better understand security vulnerabilities and weaknesses, and proactively discover and prevent these issues, the organization saved each of its 1,000 developers two hours per week, translating to 104,000 hours and 1.7 million Euro annually.
- Increased AppSec scalability: Initially, the organization was working on 300 different projects on an ongoing basis. After deploying Checkmarx, that number is approaching thousands, with 5-10 new projects being onboarded every day. This is all achieved with the same number of developers, displaying the solution’s overall scalability.
To learn more about the significant value and rapid payback that this customer achieved with Checkmarx application security testing, download the full ROI case study here.
For additional independent research data to support building the business case for AST investments, check out:
ESG Research Report: The Application Security Imperative: A Pragmatic Approach to Reducing Production Vulnerabilities with an Integrated Approach
*** This is a Security Bloggers Network syndicated blog from Blog – Checkmarx authored by Stephen Gates. Read the original post at: https://www.checkmarx.com/2021/01/07/what-is-the-roi-of-checkmarx-application-security-testing/