This is a guest post was written and contributed by Evan Fromberg, Sr. Director of Channel Sales and Business Development at Veracode, a Rackspace Cloud Tools Partner.
As we look back at 2011, we see a meteoric rise in mobile and web applications development across all of our customers. At Veracode, we work with many application development and security teams, from enterprise accounts, such as large financial institutions, to SMBs who are trying to protect their business websites, to independent software vendors (ISVs) who work from home offices. They all agree that speed to market is critical for their new applications, which is why we are also seeing rapid adoption of cloud platforms to develop and bring new applications to market faster than previously possible.
With more businesses using cloud platforms, such as Rackspace, as the ‘back end’ infrastructure of their web and mobile applications deployments, there comes a need to look at new methods of security. Traditional security controls (e.g. firewalls, strong passwords, encryption) alone won’t be effective ensuring that their sensitive data is protected in cloud environments.
The evidence of this is seen in the equally meteoric increase in high profile data breaches, some of the largest in history at many Fortune 500 organizations. Our CTO, Chris Wysopal examined the 10 big breaches of 2011, and his findings were alarming, 66% of the breaches were related to application security. In many cases these breaches were achieved through vulnerabilities in website applications. Hackers were able to exploit SQL injection or Cross-site Scripting (XSS) in every-day website software to penetrate deeper into the business. The size of the company being attacked does not matter because every company’s private data is important. What matters is the vulnerabilities resident on the company’s websites and mobile applications.
Understanding their application vulnerabilities is one reason our customers use our services for independent security testing. Another reason is that we understand the cloud. Our solution is cloud based because we know that independent application security testing must be delivered quickly, with accurate and actionable results and delivered at a valued price.
We are very excited to be part of the Rackspace Cloud Tools program! A move to the Rackspace Cloud provides businesses of all sizes a great opportunity to start to implement security practices into your development process. We believe that there are several benefits to Rackspace customers in leveraging the Veracode security platform:
• Veracode offers a SaaS/Cloud testing platform, without the need to deploy hardware or software to get started
• Veracode helps identify the most severe security flaws in applications through a variety of testing methodologies
• We provide guidance and policy enforcement to help meet industry standards such as PCI compliance
• By having an independent security verification conducted on your applications, Independent Software Vendors (ISVs), will be further differentiated and successful in providing software to enterprise customers.
• Rackspace’s cloud services and Veracode’s solutions will make for a fun and secure cloud experience!
For more information on Veracode’s solutions visit us at http://www.veracode.com/services.