Part 2: The business case for application security. The comprehensive business guide to application security (a three-part series)
|
|
- Griselda Dalton
- 8 years ago
- Views:
Transcription
1 Part 2: The business case for application security The comprehensive business guide to application security (a three-part series)
2 Table of contents Introduction...3 The comprehensive business commitment to application security...3 Application security and corporate governance...3 Benefits of a secured application development lifecycle...4 Education....4 Creating accountability in outsourced and procured software applications...5 Due diligence on outsourcing...5 Contract/SLA process...5 Managing the development process...5 Business case models for application security...5 HP Application Security: solutions spanning the application lifecycle... 6 Summary...8
3 Introduction Software is the circulatory system of the global economy. It manages our financial transactions, it tracks the products in our ports shipping containers, it monitors a sick person s vital signs, and a lot more. Innovations in software development are changing our perceptions of the Internet, reshaping enterprises, and giving birth to significant new businesses. From Web 2.0 to Cloud Computing, not only is software driving global change, it is dictating the ever increasing pace of that change. No matter your industry, your enterprise is no doubt impacted by these trends, whether through your own software development initiatives, outsourced development, or through the strategic procurement of com mercial software. Your goals of creating new markets, gaining a competitive advantage, achieving organi zational efficiencies, and communicating efficiently may be intertwined with your efforts to introduce software innovations. A key success factor in leveraging the business benefits of software is assuring that it is implemented securely. Standing still is not an option, but failure to take appro priate measures to focus on software quality and security introduces unnecessary risk within your enterprise and often results in a situation where the organization takes one step forward and two steps back. As we near the end of the first decade of the 21st century, the software industry has the benefit of a growing body of knowledge that can be applied to software quality and security. What we have learned is that the organizations, which are most successful at securing software take a full lifecycle approach to the issue and make a program level commitment. This white paper is part two of HP s three-part Application Security for Business Educational Series, intended to help executives understand the importance of application security to their business. We encourage you to read the full series: Part 1: The mandate for application security Part 2: The comprehensive business commitment to application security Part 3: Implementing best practices through the HP Application Security Maturity Model The comprehensive business commitment to application security The risks to the enterprise from Web applications justify making a commitment to secure application development and procurement. This is not accomplished by creating a standalone group to block innovation, but rather by integrating security into the business processes you already have. The key guiding principles we encourage your organization to adopt are: Gain executive level commitment to secure software as a part of sound corporate governance. Implement a secured application development lifecycle. Drive accountability in outsourced and procured software. Use business case models to help justify and measure the effectiveness of your application security program. Application security and corporate governance Security practitioners sometimes need to be reminded of the extent to which business executives are willing to take risks as a part of corporate strategy. Risk is opportunity, and chief executive officers (CEOs) often are huge risk takers, for good or for bad. Unfortunately, the global economy has suffered at times from risk taking that occurs with inaccurate knowledge or violates compliance mandates. Governance reforms have proven to be incomplete solutions. As a result, many organizations are seeking to harmonize positive risk taking and their compliance mandates with a philos ophy known as Governance, Risk & Compliance Management (GRC). 1 GRC emphasizes organizational-wide understanding of the corporate culture and its risk tolerance. Its goal is to improve the accuracy of risk taking, while maintaining regulatory compliance and staying on course with the corporate strategy. 1 Demystifying GRC Governance Risk Compliance, Business Trends Quarterly, Q
4 Figure 1. HP Software approach to application lifecycle management HP Application Lifecycle Management Strategic control point Demand Portfolio Governance policies Requirements Complete system validation End-user management application mapping Business impact change management Prioritize and invest Plan Define/ design Develop/ test Launch Operation The complete application lifecycle Business demand Portfolio management Projects and programs Establish governance Architecture Policies Re-use Developer behavior New deployment Project management Fix/ patch Governance Minor release Fix/ patch Change management Fix/ patch Minor release Application fundamentals Functionality Performance Security GRC is quite relevant to application security. All constituencies concerned with software development will have a better understanding of the organizational risk tolerance and be better able produce the type of software the business expects. Executives should not create an application security program to eliminate vulnerabilities, but rather the program should be able to tell executives how secure they can produce software with a range of investment and time to market factors appropriate to the business. It is the business executive s job to understand the range of risks and to decide the level which is appropriate to the organization and its shareholders. Benefits of a secured application development lifecycle If there is any single objective of this paper, it would be for the reader to walk away convinced that excellence in application security is achieved by embedding security into the complete application development lifecycle. A security vulnerability is a software defect that should be identified during development. Incorporating security into the very beginning; from strategy, planning, design, coding, testing, and operation is a proven approach to reducing overall security vulnerabilities, which leads to lower costs and reduced risks by many measurements, including research detailed in part one of this series. Education Education, of course, should be considered to be a part of the secured application development lifecycle. The challenge with security-specific education is getting bandwidth on the part of the development teams to participate as they have many competing priorities, even within the educational realm. In the long run, traditional educational institutions need to take up the cause of secure software education to enable the next generation of developers. However, in the meantime, trusted organizations like SANS have made tremendous progress in creating training and certification for software developers, with its Secure Software Institute. 2 (ISC)2 3 has also developed the Certified Secure Software Lifecycle Professional curriculum and certification program to address this issue. 2 SANS Secure Software Institute, 3 (ISC) 2 Certified Secure Software Lifecycle Professional, 4
5 Creating accountability in outsourced and procured software applications A major mistake made by some corporations is to have two separate standards for application security: one for internally developed applications and one for software built externally. Many organizations have seen the outsourcer or software vendor as a black box and have taken insufficient steps to assure external software is of high quality. However, the origin of faulty Web applications that infect a customer matters little, it is the impact that is significant. In the highly interdependent architectures of state-of-the-art applications, a custom-built application may be vulnerable to a dependency on a commercial of-the-shelf (COTS) software package as well. Organizations have both the business leverage and the responsibility to maintain the same high standards for outsourced and procured applications. Due diligence on outsourcing Beyond basic business vetting: reference checks, credit ratings, etc., it is possible and recommended to research an outsourced software development company s investment in assuring application security. Corporate commitment to security ISO or similar standards and certifications. The ISO standards family, which is focused on best practices in information security management systems, are excellent indicators of the company s commitment to quality security. In addition, software vendors can become certified against these standards with the ISO certification specifically. Process improvement and quality certification. The existence of programs, such as the Capabilities Maturity Model (CMMi) from Carnegie Mellon and Six Sigma, are indicators of a mature approach to quality software development Documented secure development lifecycle. Software developers should be able to provide documentation of their software development lifecycle (SDL) process, including specification of the details and quantities of their security checkpoints. Contract/SLA process Companies that push for the inclusion of security milestone language in contracts during the procurement process uniformly report this to be a success and tend to institutionalize this practice. Generally speaking, the milestones in the contracts will specify application vulnerability testing to occur at delivery points which may coincide with the application development life cycle. These milestone tests may have service level agreements (SLAs) requiring a specific acceptable quantity of vulnerabilities and a timeframe to fix high and medium risk vulnerabilities. This remediation requirement should also apply to a post-delivery support period. Financial rewards and/or penalties are always an option with security quality of outsourced applications. Managing the development process An organization should stay engaged to the out sourcer s development process on multiple levels. With a documented contract and a defined development lifecycle, it is advisable to use your security testing tools to evaluate code during quality milestones and encourage your outsourcer to use the same tools during development to assure uniformity of results. The specific testing tools may need to be in the contract language itself. Business case models for application security Bruce Schneier, noted security expert, had this to say about application security, the problem of insecure software is not primarily a technological problem, it is an economic problem. Carnegie Mellon University (CMU) has done some excellent work in many areas of secure software development. In research sponsored by the Department of Homeland Security, CMU has developed the Build Security In Web site, 4 which contains a variety of business case models for justifying software security. The models are well known methodologies which have been adapted to the cause of secure software development. Investment-oriented models. Some examples include the Gartner Group s Total Value of Opportunity (TVO) and Microsoft s Rapid Economic Justification (REJ). Cost-oriented models. Total Cost of Ownership (TCO) from Gartner is likely the best known in this grouping
6 Figure 2. HP Application Security Center products and assessment technology HP Application Security Center Enterprise Web application security and risk management HP Assessment Management Platform Policy and compliance Centralized administration Vulnerability and risk management Alerts and reporting Distributed scanning HP DevInspect Source code testing for.net and Java applications under development HP QAInspect Security testing integrated with HP Quality Center HP WebInspect Pre- and post-production application assessment Foundation Intelligent engines Hybrid analysis Reporting SecureBase SmartUpdate Security toolkit Open APIs Environmental models. The highly popular Balanced Scorecard from Norton and Kaplan, is the best known model in this group. The Balanced Scorecard ensures that a holistic view of outcomes, good and bad, are measured when investing in application security. A model will not solve the problem of making an economic justification argument for application security by itself, however consistent measurement of application development statistics within the context of these models will prove much more persuasive than the unfortunate scare tactics many security teams use. The longer you measure application security using a consistent approach, the more accurate your results will be. Given that an organizational attitude towards risk management is in place and understood, a key component to applying return on investment (ROI) research towards secure software development is to understand the consequences of software defects to your organiza tion. Understanding the consequences allow the business executive to guide the degree of the investment which should be made to develop software more securely. HP Application Security: solutions spanning the application lifecycle HP Application Security Center software products are tailored to integrate with all phases of a business s complete application lifecycle and are continuously updated to deliver an accurate and comprehensive assessment of Web sites and Web applications, including the latest Web 2.0 technologies. In the section below we would like to provide a brief introduction to the products, and position them in the context of the guiding principles in the previous section. HP DevInspect. HP DevInspect can be seamlessly implemented within a variety of integrated development environments used by enterprise programmers, including Microsoft Visual Studio, Eclipse and IBM Rational Application Developer, provides your team with a solution that is easy to deploy, easy to use, and easy to realize value. The HP Hybrid Analysis, the patent-pending core of HP DevInspect, combines static analysis ( white box ) and dynamic testing ( black box ) to provide the most precise results; taking the guesswork out of what to fix. In addition, HP SecureObjects, provided as part of HP DevInspect, can be applied to automatically remediate any security vulnerability. By installing HP DevInspect on the developer s desktop, we are able to begin fixing vulnerabilities during the initial coding phase of the lifecycle. Our research has shown that not only does 6
7 HP DevInspect reduce vulner abilities during the critical coding phase, but the tool creates a feedback loop with the developers, increasing their awareness of security issues introduced during the development process. While organizations will not hesitate to deploy HP DevInspect to internal developers, you should consider encouraging or mandating this tool with outsourced developers. HP DevInspect could be used to provide interim milestone reporting on the delivery of quality code and drive more accountability of outsourcing. HP QAInspect. HP QAInspect applies highly sophisticated security testing to the quality assurance testing stage of the application development lifecycle. HP QAInspect integrates directly into the market leading quality assurance (QA) solution, HP Quality Center, allowing security tests to be run in conjunction with functional tests or as a standalone security validation, all from within a familiar interface. HP QAInspect has been designed from the ground up to fit effortlessly into existing quality organizations and methodologies. From requirements gathering to test planning to test execution, HP QAInspect truly establishes security as a pillar of application quality management. HP WebInspect. HP WebInspect provides leading edge Web application testing capabilities for security professionals, with the ability to identify the most current, highest risk vulnerabilities within your Web applications. The tool provides expert guidance for less experienced security professionals while increasing the efficiency of experienced penetration testers and application security experts. Depending upon the scope of the application, several security testers may be needed from different organizations. While these testers may have a variety of techniques to identify vulnerabilities, there are distinct business process advantages to using an integrate tool to manage their assessment. HP WebInspect validates the configuration of your applications to be sure your application is secure from threats. Vulnerabilities detected in a HP WebInspect report can more easily be remediated by a developer using HP DevInspect. The same issues can also be flagged by the QA department as the application is re-tested. Using a common test suite facilitates productivity during the iterative processes characterized by the application development lifecycle. An additional point to be made about a tool like HP WebInspect is that it can also be used as an acceptance testing measurement for commercial, off the shelf software. Enterprise software can be highly dynamic, and the customization process can created unintended vulnerabilities. The ability to perform black-box testing can drive accountability during the procurement process and negotiations pertaining to pricing and support. New vulnerabilities are being discovered every day. The HP Web Application Security Research Group are the industry leaders in Web application security research and provide daily updates to HP WebInspect via SmartUpdate to verify that you are always testing for the latest vulnerabilities. HP WebInspect also provides you with the ability to continue to analyze both your existing and new Web applications throughout their life in production reducing the risk to your business. HP Assessment Management Platform. The HP Assessment Management Platform is used to assess and manage application security risk throughout the enterprise and entire lifecycle. Security professionals use HP Assessment Management Platform to define their entire application security program, including security policies, testing permissions, testing schedules, running distributed scans, and more. It is the backbone of the HP Application Security Center, giving your organization visibility, scalability, and control over your application security initiatives. HP SaaS for Application Security. Is time, skills or cost a challenge for you? With HP, application security does not need to be a challenge for you or your organization. With over eight years experience in offering Softwareas-a-Service (SaaS), HP Software-as-a-Service for HP Application Security enables you to establish or augment your security program and start decreasing vulnerabilities more quickly. HP Professional Services. HP also provides a full set of professional services programs to meet your needs including product implementation and training, penetration testing, vulnerability scanning, and security program consulting services. The HP Application Security Center provides the most robust and complete solution for protecting your business from application security breaches. Our suite of products provides a complete lifecycle approach to application security across development, QA and production. It is a true enterprise solution that provides accelerated ROI benefits compared with traditional security assessment methods by using proven technologies. 7
8 Summary All organizations have a stake in assuring the security of their software. This is particularly true in the case of the Web applications which are increasing dominating the software landscape. Organizational leaders should understand the nature of a full program-level commitment to application security which is critical to its success. We propose these high level principles as the components of a comprehensive program: Application security is part of good corporate governance. Because application security has a high degree of affinity with the quality of an organization s products and services, it is a necessary part of corporate governance and should have executive sponsorship. Accountability in outsourced development and procured software. The complexities of interrelated applications mandate a consistent level of security in applications of all origins. Businesses should leverage contracts, service level agreements and purchasing power to drive security assurance in non-native applications. Security must be embedded in the application development lifecycle. Applications can only be secured when security checkpoints are embedded into the process that manufactures software. This is called the application lifecycle, and it is fundamental that security considerations are part of the process, from the early planning through production operations. Education. Software developers and other organizational stakeholders require the benefits of an educational program targeted at application security best practices, which is currently not a pervasive part of traditional educational institutions. Technology to enable secure development. The scale and complexity of today s applications require the use of technology throughout the application development lifecycle to enable all of the high-level areas mentioned above. A complete portfolio of solutions, such as those provided within the HP Application Security Center, is an ideal approach to enforce a full commitment to application security. A comprehensive commitment to application security is not about altering business, but about integrating software development with the business. While some of the key areas are technology-centric, most of these principles are sound business practices requiring executive sponsorship. As part of your initiative to identify application security solutions, we recommend reading the other two parts to this series: Part 1: The mandate for application security Part 3: Implementing best practices through the HP Application Security Maturity Model HP, and the HP Application Security Center have a permanent commitment to providing comprehensive research, best practices, education, technology and products to enable your enterprise s own Security Center of Excellence and mature enterprise security program. Technology for better business outcomes To learn more, visit Copyright 2009 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. Java is a U.S. trademark of Sun Microsystems, Inc. Microsoft and Visual Studio are U.S. registered trademarks of Microsoft Corporation. 4AA1-9814ENW, February 2009
Part 3: The best practices guide for application security. The comprehensive business guide to application security (a three-part series)
Part 3: The best practices guide for application security The comprehensive business guide to application security (a three-part series) Table of contents Introduction... 3 Implementing best practices
More informationHP Application Security Center
HP Application Security Center Web application security across the application lifecycle Solution brief HP Application Security Center helps security professionals, quality assurance (QA) specialists and
More informationTable of contents. Web application security: too costly to ignore. White paper
Web application security: too costly to ignore White paper Table of contents Web application security: too costly to ignore.... 2 Web application security: solving a complex challenge.... 3 Toward continuous
More informationApplication Security Center overview
Application Security overview Magnus Hillgren Presales HP Software Sweden Fredrik Möller Nordic Manager - Fortify Software HP BTO (Business Technology Optimization) Business outcomes STRATEGY Project &
More informationHP and netforensics Security Information Management solutions. Business blueprint
HP and netforensics Security Information Management solutions Business blueprint Executive Summary Every day there are new destructive cyber-threats and vulnerabilities that may limit your organization
More informationIBM Rational AppScan: Application security and risk management
IBM Software Security November 2011 IBM Rational AppScan: Application security and risk management Identify, prioritize, track and remediate critical security vulnerabilities and compliance demands 2 IBM
More informationSolution brief. HP solutions for IT service management. Integration, automation, and the power of self-service IT
Solution brief HP solutions for IT service management Integration, automation, and the power of self-service IT Make IT indispensable to the business. Turn IT staff into efficient, cost-cutting rock stars.
More informationHP Service Manager software. The HP next-generation IT Service Management solution is the industry-leading consolidated IT service desk.
software The HP next-generation IT Service solution is the industry-leading consolidated IT service desk. : setting the standard for IT service management solutions with a robust lifecycle approach to
More informationHP Service Manager software
HP Service Manager software The HP next generation IT Service Management solution is the industry leading consolidated IT service desk. Brochure HP Service Manager: Setting the standard for IT Service
More informationContinuous???? Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
???? 1 Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Application Delivery is Accelerating Surge in # of releases per app
More informationHP Fortify Software Security Center
HP Fortify Software Security Center Proactively Eliminate Risk in Software Trust Your Software 92% of exploitable vulnerabilities are in software National Institute for Standards and Technology (NIST)
More informationAgile and the cloud: why automating application deployment matters. Executive summary. Applications are the business
Agile and the cloud: why automating application deployment matters Business white paper Executive summary Agile development methodologies and the cloud computing model have increased the pace of deployment
More informationHP Software. Services. Increase the value of IT with HP s end-to-end consulting. Brochure
HP Software Professional Services Increase the value of IT with HP s end-to-end consulting Brochure Our IT Service Management project with HP has an 18-month payback and now has given us a better understanding
More informationEnterprise Business Service Management
Technical white paper Enterprise Business Service Management Key steps and components of a successful solution Table of contents Executive Summary... 2 Setting the goal establishing an IT initiative...
More informationSolution brief. HP CloudSystem. An integrated and open platform to build and manage cloud services
Solution brief An integrated and open platform to build and manage cloud services The industry s most complete cloud system for enterprises and service providers Approximately every decade, technology
More informationBusiness white paper. Best practices for implementing automated functional testing solutions
Business white paper Best practices for implementing automated functional testing solutions Table of contents Contents 3 Introduction 3 Functional testing versus unit testing 4 The pros and cons of manual
More informationCloud Security Benchmark: Top 10 Cloud Service Providers Appendix A E January 5, 2015
Cloud Security Benchmark: Top 10 Cloud Service Providers Appendix A E January 5, 2015 2015 CloudeAssurance Page 1 Table of Contents Copyright and Disclaimer... 3 Appendix A: Introduction... 4 Appendix
More informationIBM Rational AppScan: enhancing Web application security and regulatory compliance.
Strategic protection for Web applications To support your business objectives IBM Rational AppScan: enhancing Web application security and regulatory compliance. Are untested Web applications putting your
More informationTable of contents. Enterprise Resource Planning (ERP) functional testing best practices: Ten steps to ERP systems reliability
Enterprise Resource Planning (ERP) functional testing best practices: Ten steps to ERP systems reliability Table of contents Introduction.......................................................2 Step 1:
More informationHow To Standardize Itil V3.3.5
Business white paper Standardize your ITSM An HP approach based on best practices Table of contents 3 Introduction 3 Benefits and challenges 5 The HP approach to standardizing ITSM 6 Establish an IT operations
More informationIntroduction to SOA governance and service lifecycle management.
-oriented architecture White paper March 2009 Introduction to SOA governance and Best practices for development and deployment Bill Brown, executive IT architect, worldwide SOA governance SGMM lead, SOA
More informationBRIDGE. the gaps between IT, cloud service providers, and the business. IT service management for the cloud. Business white paper
BRIDGE the gaps between IT, cloud service providers, and the business. IT service management for the cloud Business white paper Executive summary Today, with more and more cloud services materializing,
More informationManage projects effectively
Business white paper Manage projects effectively HP Project and Portfolio Management Center and HP Agile Manager Table of contents 3 Executive summary 3 The HP Solution Invest in what matters most then
More informationTable of contents. Performance testing in Agile environments. Deliver quality software in less time. Business white paper
Performance testing in Agile environments Deliver quality software in less time Business white paper Table of contents Executive summary... 2 Why Agile? And, why now?... 2 Incorporating performance testing
More informationThree simple steps to effective service catalog and request management
Three simple steps to effective service catalog and request management Prepare for cloud initiatives and get incremental ROI with self service catalog and request management Business white paper Executive
More informationBest practices in project and portfolio management
Business white paper Best practices in project and portfolio management Practical advice for achieving greater value and business benefits Table of contents 3 Introduction 3 The importance of best practices
More informationThe Security Development Lifecycle at SAP How SAP Builds Security into Software Products
SAP Security Concepts and Implementation The Security Development Lifecycle at SAP How SAP Builds Security into Software Products Table of Contents 4 Integrating Security Right from the Start 4 Establishing
More informationAchieving business excellence through quality in a BPO environment
Achieving business excellence through quality in a BPO environment Worldwide BPO Forecast for Horizontal Business Functions, 2004 2009, US$M Worldwide spending on horizontal business process outsourcing
More informationA tour of HP Sarbanes-Oxley IT assessment accelerator. White paper
A tour of HP Sarbanes-Oxley IT assessment accelerator White paper Table of Contents Introduction...3 Sarbanes-Oxley and the ITGC Environment...4 COBIT framework of ITGC...4 Creating a compliance testing
More informationHP ITSM Assessment Services Helping you reach the levels of service your business requires
HP ITSM Assessment Services Helping you reach the levels of service your business requires HP ITSM Assessment Services are designed to help you achieve the IT service levels your business requires by reducing
More informationBrochure. Update your Windows. HP Technology Services for Microsoft Windows 2003 End of Support (EOS) and Microsoft Migrations
Brochure Update your Windows HP Technology Services for Microsoft End of Support (EOS) and Microsoft Migrations Stabilize and secure your infrastructure Microsoft will end support for Windows Server 2003/R2
More informationProtecting the Extended Enterprise Network Security Strategies and Solutions from ProCurve Networking
ProCurve Networking by HP Protecting the Extended Enterprise Network Security Strategies and Solutions from ProCurve Networking Introduction... 2 Today s Network Security Landscape... 2 Accessibility...
More informationFortify. Securing Your Entire Software Portfolio
Fortify 360 Securing Your Entire Software Portfolio Fortify Fortify s holistic approach to application security truly safeguards our enterprise against today s ever-changing security threats. Craig Schumard,
More informationHP Fortify application security
HP Fortify application security Erik Costlow Enterprise Security The problem Cyber attackers are targeting applications Networks Hardware Applications Intellectual Property Security Measures Switch/Router
More informationHP ENTERPRISE SECURITY. Protecting the Instant-On Enterprise
HP ENTERPRISE SECURITY Protecting the Instant-On Enterprise HP SECURITY INTELLIGENCE AND RISK MANAGEMENT PLATFORM Advanced Protection Against Advanced Threats 360 Security Monitoring to Detect Incidents
More informationDriving Excellence in Implementation and Beyond The Underlying Quality Principles
SAP Thought Leadership Paper SAP Active Quality Management Driving Excellence in Implementation and Beyond The Underlying Quality Principles 2014 SAP AG or an SAP affiliate company. All rights reserved.
More informationHP Project and Portfolio Management: not just for IT. White paper
HP Project and Portfolio Management: not just for IT White paper We first implemented HP Project and Portfolio Management (PPM) Center to help IT gain control of its project portfolio, to serve as the
More informationHP Master ASE Data Center and Cloud Architect
HP ExpertOne Frequently Asked Questions (FAQ) HP Master ASE Data Center and Cloud Architect certification FAQ December 2014 What are the steps to certification? Why is the application the first step of
More informationTable of contents. Best practices in open source governance. Managing the selection and proliferation of open source software across your enterprise
Best practices in open source governance Managing the selection and proliferation of open source software across your enterprise Table of contents The importance of open source governance... 2 Executive
More informationBridge Development and Operations for faster delivery of applications
Technical white paper Bridge Development and Operations for faster delivery of applications HP Continuous Delivery Automation software Table of contents Application lifecycle in the current business scenario
More informationAccelerating Software Security With HP. Rob Roy Federal CTO HP Software
Accelerating Software Security With HP Rob Roy Federal CTO HP Software If we were in a cyberwar today, the United States would lose. Mike McConnell Former DNI, NSA. Head of Booz Allen Hamilton National
More informationHP Virtualized Network Protection Service
HP Virtualized Network Protection Service HP Networking Consulting Technology Consulting Service overview With the proliferation of Virtual Datacenters (vdcs) and cloud computing environments, secure virtual
More informationHP Services Global Service Desk with esupport. Innovative technology and business processes that transform IT support for your employees
HP Services Global Service Desk with esupport Innovative technology and business processes that transform IT support for your employees Positioned in Leaders quadrant in Gartner s 2004 Magic Quadrant for
More informationHP Managed Print Services. FOCUS and INVEST in. BUSINESS and CUSTOMERS
HP Managed Print Services FOCUS and INVEST in BUSINESS and CUSTOMERS HP s approach for delivering managed print services to enterprise and public sector organizations around the world What if you could
More informationService Virtualization:
Service Virtualization: Reduce the time and cost to develop and test modern, composite applications Business white paper Table of contents Why you need service virtualization 3 The challenges of composite
More informationHP Security Solutions for Microsoft
HP Security Solutions for the Microsoft Environment Achieving a secure adaptive enterprise How secure is your Microsoft environment? Enterprise boundaries are expanding, creating the need for faster, easier
More informationGetting started with API testing
Technical white paper Getting started with API testing Test all layers of your composite applications, not just the GUI Table of contents Executive summary... 3 Introduction... 3 Who should read this document?...
More informationThree simple steps to effective service catalog and request management
Three simple steps to effective service catalog and request management Prepare for cloud initiatives and get incremental ROI with self service catalog and request management Business white paper Executive
More informationHP End User Management software. Enables real-time visibility into application performance and availability. Solution brief
HP End User Management software Enables real-time visibility into application performance and availability Solution brief Figure 1 HP End User Management lets you proactively identify application performance
More informationTable of contents. Standardizing IT Service Management. Best practices based on HP experience in ITSM consolidation. White paper
Standardizing IT Service Management Best practices based on HP experience in ITSM consolidation White paper Table of contents Go!... 2 Benefits and challenges... 2 The HP approach to standardizing ITSM...
More informationManaged Desktop Services. End-user workplace management solutions for your distributed-client computing environment. HP Services
Managed Desktop Services End-user workplace management solutions for your distributed-client computing environment HP Services Managing your distributed-client computing environment If your IT organization
More informationTransform Your Bank in Measurable Steps
Banking Transformation Framework Transform Your Bank in Measurable Steps Table of Contents 2 Establish a Platform for Transformation 3 Transform Your Business 3 Use the Reference Architecture As a Foundation
More informationOPTIMUS SBR. Optimizing Results with Business Intelligence Governance CHOICE TOOLS. PRECISION AIM. BOLD ATTITUDE.
OPTIMUS SBR CHOICE TOOLS. PRECISION AIM. BOLD ATTITUDE. Optimizing Results with Business Intelligence Governance This paper investigates the importance of establishing a robust Business Intelligence (BI)
More informationHP CLOUDSYSTEM. A single platform for private, public, and hybrid clouds. Simply the most complete cloud system for enterprises and service providers
HP CLOUDSYSTEM A single platform for private, public, and hybrid clouds Simply the most complete cloud system for enterprises and service providers Solution brief It s a fact of life: cloud computing is
More informationRealizing business flexibility through integrated SOA policy management.
SOA policy management White paper April 2009 Realizing business flexibility through integrated How integrated management supports business flexibility, consistency and accountability John Falkl, distinguished
More informationHP Strategic IT Advisory Services
HP Strategic IT Advisory Services Optimizing the value of IT investment Brochure The world has changed dramatically, and we increasingly live in a world where enterprise and personal IT experiences are
More informationwhat if you could increase your agility and improve your pace of IT innovation?
SOLUTION BRIEF CA Portfolio Management for Agile IT May 2010 what if you could increase your agility and improve your pace of IT innovation? we can helps IT executives to deliver the right projects faster,
More informationthe limits of your infrastructure. How to get the most out of virtualization
the limits of your infrastructure. How to get the most out of virtualization Business white paper Table of contents Executive summary...4 The benefits of virtualization?...4 How people and processes add
More informationBest Practices for Implementing Software Asset Management
Best Practices for Implementing Software Asset Management Table of Contents I. The Case for Software Asset Management (SAM)............................ 2 II. Laying the Groundwork for SAM............................................
More informationBrochure HP Workflow Discovery for FSI
Brochure HP Workflow Discovery for FSI Enhance productivity, improve processes and reduce costs Businesses today need to run more efficiently, and you re probably considering every alternative to help
More informationBusiness white paper. Be a multisourced. IT services broker. HP Service Integration and Management
Business white paper Be a multisourced IT services broker. HP Service Integration and Table of contents 3 Introduction 3 The business has already embraced multi-sourced services. 3 Short-term gain, long-term
More informationThe top 10 misconceptions about performance and availability monitoring
The top 10 misconceptions about performance and availability monitoring Table of contents Introduction................................................................ 3 The top 10 misconceptions about
More informationPreemptive security solutions for healthcare
Helping to secure critical healthcare infrastructure from internal and external IT threats, ensuring business continuity and supporting compliance requirements. Preemptive security solutions for healthcare
More informationBeyond Labor Arbitrage. Achieving operational excellence through business process outsourcing
Beyond Labor Arbitrage Achieving operational excellence through business process outsourcing Viewpoint paper operational excellence through an integrated life cycle approach. Although cost pressures continue
More informationHP Server Automation Standard
Data sheet HP Server Automation Standard Lower-cost edition of HP Server Automation software Benefits Time to value: Instant time to value especially for small-medium deployments Lower initial investment:
More informationSurvey on Application Security Programs and Practices
Survey on Application Security Programs and Practices A SANS Analyst Survey Written by Jim Bird and Frank Kim Advisor: Barbara Filkins February 2014 Sponsored by Hewlett-Packard, Qualys and Veracode 2014
More informationHP ProLiant Essentials Vulnerability and Patch Management Pack Planning Guide
HP ProLiant Essentials Vulnerability and Patch Management Pack Planning Guide Product overview... 3 Vulnerability scanning components... 3 Vulnerability fix and patch components... 3 Checklist... 4 Pre-installation
More informationIT Financial Management and Cost Recovery
WHITE PAPER November 2010 IT Financial Management and Cost Recovery Patricia Genetin Sr. Principal Consultant/CA Technical Sales David Messineo Sr. Services Architect/CA Services Table of Contents Executive
More information10 Best Practices for Application Performance Testing
Business white paper 10 Best Practices for Application Performance Testing Leveraging Agile Performance Testing for Web and Mobile Applications 10 Best Practices for Application Performance Testing Table
More informationKey Benefits of Microsoft Visual Studio Team System
of Microsoft Visual Studio Team System White Paper November 2007 For the latest information, please see www.microsoft.com/vstudio The information contained in this document represents the current view
More informationW H I T E P A P E R E d u c a t i o n a t t h e C r o s s r o a d s o f B i g D a t a a n d C l o u d
Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com W H I T E P A P E R E d u c a t i o n a t t h e C r o s s r o a d s o f B i g D a t a a n d C l o
More informationA Strategic Approach to Web Application Security The importance of a secure software development lifecycle
A Strategic Approach to Web Application Security The importance of a secure software development lifecycle Rachna Goel Technical Lead Enterprise Technology Web application security is clearly the new frontier
More informationOperationalizing Application Security & Compliance
IBM Software Group Operationalizing Application Security & Compliance 2007 IBM Corporation What is the cost of a defect? 80% of development costs are spent identifying and correcting defects! During the
More informationContinuous Network Monitoring
Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment
More informationHP Software Licensing and Management Solutions (SLMS) Helping organizations maximize their software investment.
HP Software Licensing and Management Solutions (SLMS) Helping organizations maximize their software investment. Three smart reasons to choose HP SLMS as your organization s software provider 1 Acquire
More informationTable of contents. Real world application security in five easy steps. Business white paper
Real world application security in five easy steps Business white paper Table of contents Introduction..................................................................................2 Executive summary..........................................................................2
More informationGlobal Service Desk. Superior end-user support for the Adaptive Enterprise. HP Services
Global Service Desk Superior end-user support for the Adaptive Enterprise HP Services The HP Global Service Desk is a cost-effective way to reduce the complexity of your IT organization while delivering
More informationIntelligent document management for the legal industry
Brochure Intelligent document management for the legal industry HP WorkSite The leading legal enterprise content management solution Sharing documents between legal teams, clients, and service providers
More informationDesign the Future of Your Human Resources with SuccessFactors Solutions
SAP Brief SAP Consulting Business Transformation Services Objectives Design the Future of Your Human Resources with SuccessFactors s Designing future processes for your global workforce Designing future
More informationTaming Microsoft Environments with HP SiteScope Exchange and Active Directory Solution Templates
Taming Microsoft Environments with HP SiteScope Exchange and Active Directory Solution Templates Quick and economical troubleshooting and performance management for Microsoft environments Business white
More informationChoosing the Right Project and Portfolio Management Solution
Choosing the Right Project and Portfolio Management Solution Executive Summary In too many organizations today, innovation isn t happening fast enough. Within these businesses, skills are siloed and resources
More informationDEMONSTRATING THE ROI FOR SIEM
DEMONSTRATING THE ROI FOR SIEM Tales from the Trenches HP Enterprise Security Business Whitepaper Introduction Security professionals sometimes struggle to demonstrate the return on investment for new
More informationIDM and Endpoint Integrity Technical Overview
ProCurve ing by HP IDM and Endpoint Integrity Technical Overview The Threats to Today s ing Environments... 2 Endpoint Integrity Defined... 2 Endpoint Integrity Options... 2 The ProCurve Solution: Endpoint
More informationHP Change Configuration and Release Management (CCRM) Solution
HP Change Configuration and Release Management (CCRM) Solution HP Service Manager, HP Release Control, and HP Universal CMDB For the Windows Operating System Software Version: 9.30 Concept Guide Document
More informationTen questions to ask when evaluating contract management solutions
IBM Software Industry Solutions Contract Management Ten questions to ask when evaluating contract management solutions Ten questions to ask when evaluating contract management solutions Contents 2 Top
More informationMonitoring and Operating a Private Cloud with System Center 2012 (10750) H7G37S
HP Education Services course data sheet Monitoring and Operating a Private Cloud with System Center 2012 (10750) H7G37S Course Overview In this course, you will receive an overview of a private cloud infrastructure,
More informationMinimizing code defects to improve software quality and lower development costs.
Development solutions White paper October 2008 Minimizing code defects to improve software quality and lower development costs. IBM Rational Software Analyzer and IBM Rational PurifyPlus software Kari
More informationI D C T E C H N O L O G Y S P O T L I G H T. E n a b l i n g Quality I n n o va t i o n w i t h Servi c e
I D C T E C H N O L O G Y S P O T L I G H T E n a b l i n g Quality I n n o va t i o n w i t h Servi c e V i r t u a lization a nd Netw or k Virtualization December 2014 Adapted from Worldwide Automated
More informationWindows 7 Upgrade Risk Mitigation Planning: Ensuring Windows 7 Upgrade Success
November 2010 Windows 7 Upgrade Risk Mitigation Planning: Ensuring Windows 7 Upgrade Success By: Robert Schaper, Laplink Software Enterprise Solutions Contents Introduction 2 Risk and Cost 2 Upgrade Strategies
More information5 Steps to Choosing the Right BPM Suite
5 Steps to Choosing the Right BPM Suite BPM Suites can deliver significant business benefits and a fast ROI but only if you choose the right one By Laura Mooney, Metastorm Copyright 2009, Metastorm Inc.
More informationHP CloudSystem Enterprise
Technical white paper HP CloudSystem Enterprise Creating a multi-tenancy solution with HP Matrix Operating Environment and HP Cloud Service Automation Table of contents Executive summary 2 Multi-tenancy
More informationWHITE PAPER OCTOBER 2014. Unified Monitoring. A Business Perspective
WHITE PAPER OCTOBER 2014 Unified Monitoring A Business Perspective 2 WHITE PAPER: UNIFIED MONITORING ca.com Table of Contents Introduction 3 Section 1: Today s Emerging Computing Environments 4 Section
More informationHP StoreOnce D2D. Understanding the challenges associated with NetApp s deduplication. Business white paper
HP StoreOnce D2D Understanding the challenges associated with NetApp s deduplication Business white paper Table of contents Challenge #1: Primary deduplication: Understanding the tradeoffs...4 Not all
More informationHP Client Automation software Starter and Standard Editions
HP Client Automation software Starter and Standard Editions Data sheet Managing client devices effectively and efficiently is a mission-critical function for today s businesses. However, that challenge
More informationPolicy-based optimization
Solution white paper Policy-based optimization Maximize cloud value with HP Cloud Service Automation and Moab Cloud Optimizer Table of contents 3 Executive summary 5 Maximizing utilization and capacity
More informationManaged Mobility Services. End-user workplace management for mobile workforces. HP Services
Managed Mobility Services End-user workplace management for mobile workforces HP Services From initial planning and design to integration and implementation, we offer support at every step. Managing mobility
More information2014 SAP AG or an SAP affiliate company. All rights reserved.
SAP Cloud Solution/SAP Computing Connection Title Discover Runs How Here Cloud And Here Computing And Here Enables And Here the And Public Here Sector (max. to 85 Improve characters) Citizens Lives Technology
More informationAccelerate Time to Value and Innovation Through Complete Contract Management
SAP Brief Ariba s Ariba Contract Management Objectives Accelerate Time to Value and Innovation Through Complete Contract Management Objectives Drive spend compliance across all contract types Drive spend
More information