Security Compass, a software security company that provides organizations with the knowledge, training, and technology to make software secure, announced that its award-winning, policy-to-execution platform, SD Elements, has been redesigned to support a state of continuous compliance.
Organizations no longer need to prepare, allocate resources, or slow development work for a software audit. With the continuous security and compliance enhancements found in SD Elements version 5.0, software systems are always audit-ready, allowing customers to maintain a lean and agile software organization.
Organizations lack mechanisms to track compliance to security standards in software stacks, leaving them exposed. SD Elements fills this policy-to-execution gap by providing an automated system that translates and tracks security standards into actionable tasks across software stacks.
The latest release can now proactively track manual and automated process steps mapped to popular compliance frameworks, standards, and laws.
SD Elements version 5.0 makes it easy for agile development teams to manage the security considerations of their entire technology stack – both the software itself, as well as the deployment and configuration requirements of the server and operating system.
Integrations with popular issue tracking tools, like JIRA and Microsoft Azure DevOps, along with Continuous Integration (CI) tools like Jenkins, ensure security and compliance are a seamless part of agile and DevOps processes.
“Unlike Governance, Risk, and Compliance (GRC) tools on the market, SD Elements is uniquely focused on the software stack – ensuring the development, configuration and deployment of software is always secure and compliant,” said Nish Bhalla, CEO of Security Compass.
“With version 5.0, SD Elements now provides both engineering and non-engineering teams with a holistic solution for managing software security requirements across development, testing, deployment, and operations in an efficient and reliable manner. It provides a single, comprehensive view into the security and compliance posture of an organization’s software systems.”
Using SD Elements, organizations can proactively build security and compliance into their systems rather than reacting to and remediating vulnerabilities.
Early, beta users of SD Elements continuous compliance features report a manual threat risk assessment that once took six weeks to prepare and execute has been cut down to two weeks – a time reduction of 66% at an estimated cost savings of $10,400 per assessment.
Key features and functionality now available in SD Elements version 5.0 include:
- Organizations can automatically profile their software inventory and determine relevant actionable tasks that map to standards and regulatory controls;
- Integrate actionable tasks into popular ALM tools like JIRA and Microsoft Team Foundation Server;
- Consistently track and view security and policy controls to ensure continuous compliance;
- Embed security and compliance into software operations across teams by integrating with key security tools;
- Ensure organizational compliance to industry regulations and policies such as ISO 27001, PCI, GDPR, and NIST 800-53; and
- Obtain reporting and insights on their security and policy posture while determining the value at risk.
SD Elements version 5.0 further facilitates continuous compliance against an organization’s software controls with existing and planned integrations with industry-leading products in the following categories: static and dynamic analysis, cloud configuration, network scanners, component verification scanners, web application firewalls, and single sign-on.