Unit4 Enhances DevOps and Reduces False Positives with Contrast Application Security Platform
- Cybersecurity & Privacy - Application Security
- Platform as a Service (PaaS) - Application Development Platforms
- Equipment & Machinery
- National Security & Defense
- Product Research & Development
- Quality Assurance
- Tamper Detection
- Visual Quality Detection
- Testing & Certification
- Training
In 2014, Unit4, a provider of next-generation enterprise solutions, embarked on a large-scale digital transformation. The company aimed to adopt the DevOps methodology, consolidate various software solutions developed for different markets, streamline application security and quality control efforts, and transition to a cloud-based delivery model for all its products. A centralized quality assurance group was formed to ensure a consistently high level of quality across the entire portfolio. However, each product operated in a silo with its own development and quality assurance functions, using different methodologies and tools. Application security was part of this piecemeal approach. The company had a group of security experts implementing the main security layers at the core-level technical platform level. However, the process was manual and required a lot of customization, which was not sustainable for the company's digital transformation.
Unit4 is a leading provider of next-generation enterprise solutions that power many of the world’s most people-focused mid-market services organizations. Their state-of-the-art cloud platform, ERPx, delivers unified ERP, HCM and FP&A, combining functionality designed for service-centric industries and a user experience that puts people first. It supports rapid and continuous change while delivering individualized fit for customers at scale, unifying the processes across their organization, and connecting their people. Unit4 serves more than 6,000 customers globally, including Bravida, Havas, Migros Aare, Americares, Save the Children International, Action against Hunger, Metro Vancouver, Forest Research, Southampton City Council, Habitat for Humanity, Selkirk College, FTI Consulting, and Surrey County Council.
Unit4 decided to streamline its application security efforts by deploying Contrast Assess, an application security tool that uses instrumentation to conduct continuous security scanning from within the application. The tool sends an alert with contextual, actionable information whenever a vulnerability is created, allowing the engineer to fix the problem right away without involvement from the security team. This approach enables vulnerabilities to be remediated before additional layers of code are added, making the process less complicated, time-consuming, and costly. Unit4 also integrated Contrast Assess with Microsoft Teams for instant notifications whenever a new critical, high, or medium-severity vulnerability pops up. The tool also allows for application merging, grouping of duplicated vulnerabilities, and just-in-time training for engineers to create more secure code over time.