All businesses should be testing their IT resources, whether they are in the cloud or on-premise, for weaknesses in protecting the business against cyber-crime. The trouble is, this can be both time-consuming and expensive.
With that problem in mind, application security assessment, standards and training specialist, Security Innovation, has introduced a hosted Managed Application Security Testing (MAST) service for organisations with many applications to secure.
MAST provides an optimised process to manage threats by ensuring that the appropriate level of security testing is applied. Built upon a multi-tiered as remediation and reporting platform, MAST is flexible enough to address the varying needs and characteristics of any organisation’s specific application landscape.
“Security relies heavily on consistency, and good metrics are critical to achieving that consistency”
Designed for all application types, assessments range from a deep inspection conducted by world-class security engineers, to a combination of manual/automated testing with expert verification of vulnerabilities, to a rapid automated scan with engineering analysis to remove false positives. This approach helps ensure maximum ROI through decreased costs, shortened test cycles and reduced time-to-fix.
Additionally, because MAST does not require organisations to have hardware or infrastructure in place to begin application security testing, it can be launched in as little as a day.
A 2013 Ponemon Institute research study, `The Current State of Application Security’ revealed that only 43 percent of organisations have a security testing process in place. Additionally, less than half the respondents say their organisations measure application security risk and believe it is well understood. Even fewer use risk metrics to guide application security decision-making.
Regular and iterative assessments ensure that problems are caught before they propagate. Additionally, they enable risk trend analysis, which helps organisations make more informed remediation and security investment decisions. From a cost perspective, MAST ensures a practical approach to help organisations determine the optimal application testing needed, which typically yield a 20 to 30 percent reduction in cost over individual testing services, according to company data.
“Application assessments should not be a one size fits all solution. Business critical applications require significant time and effort while low risk applications may require a very light touch,” said Edward Adams, CEO of Security Innovation. “Optimisation around frequency and depth of testing based upon application criticality and business risk can help improve ROI by enabling investment in the areas where it is needed most and over-spending in low-risk areas.”
