“Security First” for the Win at Bluescape

Technology providers are feeling heavy pressure to provide the best user experience, the most intuitive UI, and are racing to release better and better versions of their offerings. But organizations are often pushing to release these improvements at the expense of ensuring the software they’re releasing is secure and free from vulnerabilities.

A “security first” approach is ultimately going to win this race for two reasons. First, “improve everything before security” will ultimately backfire when vulnerabilities are compromised, and breaches occur. And second, the recent White House Executive Order on cybersecurity highlights the software supply chain as a key security risk vector, reinforcing what many customers are already asking for and raising this as a priority.

Businesses are often forced to make a choice in development: focus on the externally facing, visible improvements that customers can experience, or on the ensuring the security of their software and applications is rock solid. Think of it as investing in a new kitchen remodel that everyone can see and enjoy versus a new furnace. As Bluescape CISO Mark Willis discussed in a recent blog, he and his team went through this evaluation process and chose a “security first” approach because it was imperative to “focus on security first, even if it meant rolling out new tools, features, and programs at a later date.”

This has proven to be the right choice for this enterprise-scale visual collaboration SaaS platform. With exploding demand for online collaboration tools, the quality and security of Bluescape’s software is one of its competitive differentiators. The company is proud of its application security program and its ability to deliver AppSec assurance to its customers. As part of of its security-first approach, Bluescape chose the ZeroNorth DevSecOps platform to provide the backbone and risk metrics for its software security program, using ZeroNorth to showcase its scanning processes and cadence, closed-loop remediation and AppSec risk reporting. Mark is proud to say to his own customers that “our Secure SDLC is orchestrated and powered by ZeroNorth.”

*** This is a Security Bloggers Network syndicated blog from ZeroNorth authored by ZeroNorth. Read the original post at: