提高安全性和效率,同时降低风险:CM.com 案例研究
技术
- 应用基础设施与中间件 - 中间件、SDK 和库
- 网络安全和隐私 - 应用安全
适用行业
- 设备与机械
- 国家安全与国防
适用功能
- 产品研发
- 质量保证
用例
- 网络安全
- 篡改检测
服务
- 网络安全服务
- 测试与认证
关于客户
CM.com 由 Jeroen van Glabbeek 和 Gilbert Gooijers 于 1999 年创立,当时名为 ClubMessage。该公司向市场推出了群组短信。早期的客户包括比荷卢经济联盟地区的迪斯科舞厅,这些迪斯科舞厅通过短信发送有关客座 DJ、时间表、比赛、折扣和更多周末新闻的信息来与客户互动。二十多年后,CM.com 已成为对话式商务云软件领域的全球领导者,帮助企业提供卓越的客户体验。他们的通信和支付平台使营销、销售和客户支持能够通过多个移动渠道自动与客户互动,并与无缝支付功能相结合,从而推动销售、赢得客户并提高客户满意度。
挑战
CM.com 是对话式商务云软件领域的全球领导者,其应用程序安全策略正面临困境。该公司的主要应用程序安全策略包括渗透测试和静态应用程序安全测试(SAST)。然而,这些工具消耗了安全团队和开发团队大量的时间。安全团队必须分析这些测试生成的报告,并为每个需要修复的漏洞创建一个票证。此过程通常会导致开发人员延迟数天才能收到有关该做什么的反馈。这些与安全相关的延迟在开发过程中造成了摩擦,并增加了与修复过程中发现的漏洞相关的复杂性和延迟。它们也引起了开发商的不满。此外,扫描和渗透报告显示,开发过程的输出质量还有很大的改进空间。
解决方案
为了改进应用程序安全架构,CM.com 决定推出安全软件开发生命周期 (SDLC) 计划。该公司将 Contrast Security 确定为一种可能的解决方案。 Contrast Security 通过其自动化应用程序安全平台提供了全面的 DevSecOps 方法。该平台能够使用仪器持续监控应用程序代码。这使得开发人员能够在检测到漏洞时立即收到反馈,包括有关如何修复该漏洞的可操作信息。 CM.com 购买了 Contrast Assess 的许可证,并将其集成到开发团队使用的各种开发工具中。为了克服开发人员最初的阻力,CM.com 在评估开发人员的关键绩效指标 (KPI) 中添加了应用程序安全指标。该公司还获得了 OSS 许可证,开始致力于保护其开源库。通过 Contrast SCA,CM.com 可以一目了然地看到应用程序使用的开源代码、这些活动库和类中存在哪些漏洞以及哪些库需要更新。
运营影响
数量效益
Case Study missing?
Start adding your own!
Register with your work email and create a new case study profile for your business.
相关案例.
Case Study
Smart Water Filtration Systems
Before working with Ayla Networks, Ozner was already using cloud connectivity to identify and solve water-filtration system malfunctions as well as to monitor filter cartridges for replacements.But, in June 2015, Ozner executives talked with Ayla about how the company might further improve its water systems with IoT technology. They liked what they heard from Ayla, but the executives needed to be sure that Ayla’s Agile IoT Platform provided the security and reliability Ozner required.
Case Study
IoT enabled Fleet Management with MindSphere
In view of growing competition, Gämmerler had a strong need to remain competitive via process optimization, reliability and gentle handling of printed products, even at highest press speeds. In addition, a digitalization initiative also included developing a key differentiation via data-driven services offers.
Case Study
Predictive Maintenance for Industrial Chillers
For global leaders in the industrial chiller manufacturing, reliability of the entire production process is of the utmost importance. Chillers are refrigeration systems that produce ice water to provide cooling for a process or industrial application. One of those leaders sought a way to respond to asset performance issues, even before they occur. The intelligence to guarantee maximum reliability of cooling devices is embedded (pre-alarming). A pre-alarming phase means that the cooling device still works, but symptoms may appear, telling manufacturers that a failure is likely to occur in the near future. Chillers who are not internet connected at that moment, provide little insight in this pre-alarming phase.
Case Study
Premium Appliance Producer Innovates with Internet of Everything
Sub-Zero faced the largest product launch in the company’s history:It wanted to launch 60 new products as scheduled while simultaneously opening a new “greenfield” production facility, yet still adhering to stringent quality requirements and manage issues from new supply-chain partners. A the same time, it wanted to increase staff productivity time and collaboration while reducing travel and costs.
Case Study
Integration of PLC with IoT for Bosch Rexroth
The application arises from the need to monitor and anticipate the problems of one or more machines managed by a PLC. These problems, often resulting from the accumulation over time of small discrepancies, require, when they occur, ex post technical operations maintenance.
Case Study
Data Gathering Solution for Joy Global
Joy Global's existing business processes required customers to work through an unstable legacy system to collect mass volumes of data. With inadequate processes and tools, field level analytics were not sufficient to properly inform business decisions.
