Under the Hood of Simon Data’s World-Class Application Security Program

Central AppSec Management

Publish Date

Dec 9, 2020

Written by

ZN Logo for Blog


Tagged with

  • Continuous Security
  • Cybersecurity
  • Application Security
  • Automation
  • DevSecOps
  • DevOps
  • Digital Transformation
  • AppSec
  • Rapid AppSec
  • SimonData

Are you curious how CISOs with major data platforms handle their application security testing programs? So are we, which is why ZeroNorth asked Robert Wood, CISO from Simon Data to join us for a webinar discussing how he and his teams have leveraged automation, open source scanning tools and orchestration to build a world-class (and fully scalable) application security testing program.

As an enterprise Customer Data Platform (CDP) provider empowering brands to deliver data-driven, personalized customer experiences, Simon Data aggregates information from different technology systems and uses it to segment customers into profiles. This ability allows them to leverage enterprise-scale big data and machine learning to power customer communications across all marketing channels.

Personalization is great for marketers looking to understand how customers’ brains work. But all that data also means increased security risks, as well as privacy and storage issues. Customers want what they want, but they also want (and expect) you to keep their data secure. And they demand a secure, manageable application security program. For an organization like Simon Data, who’s currently building an enterprise customer data platform pulling from various digital sources, security is far more than a concern—it’s an organizational imperative. When you’re in the business of delivering this level of secure data, enabling comprehensive application security for fast engineering teams is a must. Best practices for CISOs demand nothing less.

Proof of Success

In a recent ZeroNorth webinar with Simon Data, CISO Robert Wood outlined how he and his team have used a combination of AppSec automation, open source security scanning tools and vulnerability correlation to build a world-class security testing program. As Simon Data grows along with the amount of data it collects, Wood’s security testing program remains repeatable, scalable and poised for advancement.

Because Simon Data engages in aggressive, continuous deployment and iterative development, Wood felt it was critical to weave in security functions wherever possible without introducing additional friction. This meant he had to work closely with his engineers and developers to ensure their processes continued to improve along with the technology.

Finding the Right Fit

Where there are problems, there are often solutions. The ZeroNorth application security automation and orchestration platform provides a holistic view of risk across its entire application portfolio and the ability to orchestrate and manage all of its preferred commercial and open source scanning tools in one central location. The ZeroNorth capability platform effectively solves problems like those experienced by Simon Data and can help CISOs and their teams make sense of the flood of data flowing in from their various tools.

As an example of an organization bolstered by their own robust application security program, Simon Data continues to grow and can now onboard the newest, best-in-class scanning tools while seamlessly integrating their vulnerability data. And as Simon Data collects more customer data, it can continually ensure the security program they rely on keeps up with the pace of business.

To learn more about the Simon Data journey and how they built out and scaled a robust application security management program, view the webinar. For more information on how to stand up and/or your own robust program, please contact us at ZeroNorth.



eBooks & Research Reports

Research Report: The Journey to True DevSecOps

Many questions emerge as the topic of DevSecOps is volleyed about. First, confusion exists in terms of understanding what it actually means to get to true ...

Read Now


Application Security: Bridging the Gap Between DevOps and Security Teams

When AppSec and DevOps teams aren’t aligned on how to deliver secure software, fast, organizations are at risk. This video discusses how to tackle this challenge ...

Watch Now

Related Articles

Application Security

ZeroNorth Joins Veracode’s Technology Alliance Program

By ZeroNorth May 10, 2021

Companies looking to extend the power of better application security (AppSec) just received some good news! Veracode, the largest global provider of application security testing (AST) ...

Read More

Application Security

How Emerging AppSec Solutions Can Actually Boost Your ROI

By ZeroNorth Feb 9, 2021

Historically, investments in application security (AppSec) have been seen as financial black holes, with never-ending cost and complexity. And yet, they are a necessity in today’s ...

Read More

The ZeroNorth DevSecOps platform offers options for your DevSecOps journey—getting started with AppSec, finding enterprise visibility or fully integrating security into DevOps.