Contrast Security Case Studies Transforming Application Security in Retail and E-Commerce: A Case Study

Edit This Case Study Record

	Transforming Application Security in Retail and E-Commerce: A Case Study Contrast Security

Transforming Application Security in Retail and E-Commerce: A Case Study

Contrast Security

Technology Category	Application Infrastructure & Middleware - Event-Driven Application Cybersecurity & Privacy - Application Security
Applicable Industries	E-Commerce Retail
Applicable Functions	Procurement Product Research & Development
Use Cases	Retail Store Automation Tamper Detection
Services	Cybersecurity Services System Integration
Challenge	The case study revolves around a large retail and e-commerce company with over 25,000 employees and $5 billion in revenue in the financial year 2015-16. As the company's e-commerce platform became a leading sales channel, it transitioned to an agile development process, moving from 6-week release cycles to 3-week cycles to accelerate innovation. However, the rapid release cycles demanded an intense focus on security to avoid brand damage and customer data loss. The company's existing application security products were a disruption to the release cycle schedule, forcing all those involved in the Software Development Life Cycle (SDLC) to reprioritize their work. The Application Security manager found himself in the critical path for every production deployment, outnumbered in the entire process. The company's traditional application security was done at the integration testing phase, which was one step before the application was released to production. The process either added significant 'rework cost' or postponed security fixes to a later application release. Read More
About Customer	The customer is a large retail and e-commerce company with over 25,000 employees and $5 billion in revenue in the financial year 2015-16. The company's e-commerce platform is a leading sales channel, and it has transitioned to an agile development process to accelerate innovation. The company is responsible for protecting six major global brands with millions of customers. The company's Application Security team, led by Chris, was looking for a product that could automate application security like other agile tools, eliminate delays, and provide the visibility and context necessary to remediate vulnerabilities. Read More
Solution	The company discovered Contrast, an application security product that resonated with their vision of continuous application security in real-time. Contrast was easy to deploy and integrate into the existing SDLC chain, improving security processes. The Contrast agent could be turned on and off by a click of a button, providing visibility to anybody in the chain. Since making the switch to Contrast, the Application Security team was no longer the bottleneck. The team was able to keep pace with the other teams involved in the application development and release cycles, while being more effective overall. Applications now reported their vulnerabilities as they were tested, eliminating the separate application security scanning step during the release cycle. This helped the company become truly agile. Contrast Assess gave the team the ability to drill down to application-level detail and inform the engineering team exactly what vulnerabilities to fix, where to fix them and how to fix them – all in real-time. Read More Log in to view content
Contents

Technology Category

Application Infrastructure & Middleware - Event-Driven Application

Cybersecurity & Privacy - Application Security

Applicable Industries

E-Commerce

Retail

Applicable Functions

Procurement

Product Research & Development

Use Cases

Retail Store Automation

Tamper Detection

Services

Cybersecurity Services

System Integration

Challenge

The case study revolves around a large retail and e-commerce company with over 25,000 employees and $5 billion in revenue in the financial year 2015-16. As the company's e-commerce platform became a leading sales channel, it transitioned to an agile development process, moving from 6-week release cycles to 3-week cycles to accelerate innovation. However, the rapid release cycles demanded an intense focus on security to avoid brand damage and customer data loss. The company's existing application security products were a disruption to the release cycle schedule, forcing all those involved in the Software Development Life Cycle (SDLC) to reprioritize their work. The Application Security manager found himself in the critical path for every production deployment, outnumbered in the entire process. The company's traditional application security was done at the integration testing phase, which was one step before the application was released to production. The process either added significant 'rework cost' or postponed security fixes to a later application release.

About Customer

The customer is a large retail and e-commerce company with over 25,000 employees and $5 billion in revenue in the financial year 2015-16. The company's e-commerce platform is a leading sales channel, and it has transitioned to an agile development process to accelerate innovation. The company is responsible for protecting six major global brands with millions of customers. The company's Application Security team, led by Chris, was looking for a product that could automate application security like other agile tools, eliminate delays, and provide the visibility and context necessary to remediate vulnerabilities.

Solution

The company discovered Contrast, an application security product that resonated with their vision of continuous application security in real-time. Contrast was easy to deploy and integrate into the existing SDLC chain, improving security processes. The Contrast agent could be turned on and off by a click of a button, providing visibility to anybody in the chain. Since making the switch to Contrast, the Application Security team was no longer the bottleneck. The team was able to keep pace with the other teams involved in the application development and release cycles, while being more effective overall. Applications now reported their vulnerabilities as they were tested, eliminating the separate application security scanning step during the release cycle. This helped the company become truly agile. Contrast Assess gave the team the ability to drill down to application-level detail and inform the engineering team exactly what vulnerabilities to fix, where to fix them and how to fix them – all in real-time.

Impact #1	The switch to Contrast has transformed the company's application security processes. The Application Security team is no longer the bottleneck in the development and release cycles, and is able to work along with the project teams instead of against them. The team now has quick and easy access to organization-level metrics, which it can share to keep everybody informed and involved. The company has achieved its vision for security across all its applications and brands, and is able to protect its customers effectively. The team can now inform and 'security-enable' teams at every level, making security a core discipline of application development at the company.

Impact #1

The switch to Contrast has transformed the company's application security processes. The Application Security team is no longer the bottleneck in the development and release cycles, and is able to work along with the project teams instead of against them. The team now has quick and easy access to organization-level metrics, which it can share to keep everybody informed and involved. The company has achieved its vision for security across all its applications and brands, and is able to protect its customers effectively. The team can now inform and 'security-enable' teams at every level, making security a core discipline of application development at the company.

Benefit #1	Transitioned from 6-week release cycles to 3-week cycles, accelerating innovation
Benefit #2	Eliminated the separate application security scanning step during the release cycle, making the process truly agile
Benefit #3	Automated application security process, allowing vulnerabilities to be reported as they are tested

Benefit #1

Transitioned from 6-week release cycles to 3-week cycles, accelerating innovation

Benefit #2

Eliminated the separate application security scanning step during the release cycle, making the process truly agile

Benefit #3

Automated application security process, allowing vulnerabilities to be reported as they are tested

Download PDF Version

Overview

Transforming Application Security in Retail and E-Commerce: A Case Study

Operational Impact

Quantitative Benefit