Security Compass: Making Software Secure
Built in or bolted on? In any given scenario, ‘bolted on’ should not be the first choice, and yet for software security, ‘bolted on’ is certainly the norm. In the light of newer paradigms being adopted in the organizational infrastructure, networks and software are increasingly becoming vulnerable to calamitous cyber attacks. In such a scenario, security needs to be the top most priority for organizations, especially when it comes to software development. Transforming this belief into reality is Security Compass. “We really want people to walk away with understanding that we are the company, which is focused on making software secure,” says Rohit Sethi, the COO of Security Compass. Headquartered in Toronto, Canada, Security Compass is a software security company specializing in solving root application security problems for Fortune 500 companies. While the company set sail as a consultancy firm offering wide range of penetration testing services, it today brings an intuitive Application Security Requirements and Threat Management (ASRTM) platform—SD Elements to the table. The platform assists organizations in eliminating security vulnerabilities in mission-critical applications, minimizing organizational risk, and seamlessly complying with regulatory and compliance standards. Security Compass also still offers a variety of advisory services, as well as an eLearning platform for providing security training to development teams.
Security Compass—an IBM partner, raises the bar for application security in software development through their flagship platform, SD Elements. Organizations can unify application security with business goals to build better, more secure software through SD Elements.
Conquering security risks together will help achieve the organization’s mission without compromising usability
Uniquely positioned to help organizations seamlessly to introduce security requirements early in the software development lifecycle, the platform eliminates security vulnerabilities in the most cost effective way, before scanning begins. The platform takes a five-step approach which involves answering a short questionnaire about setup and compliance, automating risk analysis and customization, linking them to test cases, delivering through development tools and building security, and at last verifying requirements. SD elements tackles the threats by generating comprehensive threat profiles for which detailed counter-measures are compiled for corresponding application and then automated throughout the Software Development Life Cycle (SDLC).
Available in three different versions—Express, Professional, and Enterprise, the platform is suitable for a wide variety of development teams, and offers new enterprise-level integration and customization capability. SD Elements fits into the existing development process and synchronizes security and other non-functional requirements with Application Lifecycle Management tools. IBM’s Rational CLM is one among the ALM tools which support SD Elements. SD Elements also integrates with popular security scanning tools such as IBM AppScan. Security Compass, as an IBM partner delivers end-to-end solutions to address the security issues of clients.
What adds to the company’s competency in the software security landscape is their training content and their consultancy support that enables them to assist the clients, right from the initiation of their security process to ensure the application is secure. “We offer high-level, strategic advice across a variety of areas to help an organization in improving its overall security posture,” adds Sethi. Security Compass has partnered with IBM and consequently, the training and security requirements of Security Compass are a part of IBM’s end to end solution software. Security Compass also works with Vantage Point in the Asia Pacific region.
Talking about the future of Security Compass, Sethi mentions that the company is planning to expand geographically and also planning to venture into healthcare, medical device manufacturing, and energy utility, along with oil and gas sectors. The company anticipates a strategic expansion into newer and broader markets to accomplish its prime vision—to become a one-stop-shop for organizations to produce and deploy a secure application.