HP’s security software as a service gets FedRAMP OK
- By Jonathan Lutton
- Mar 12, 2015
HP has announced the authorization of HP Fortify on Demand as the first security software-as-a-service to win provisional authorization under the FedRAMP program. The service will allow federal agencies to perform security assessments on application code and web services without the installation and management of additional software.
According to research by HP Enterprise Security Products, software vulnerabilities account for more than 70 percent of agencies’ cyber breaches and grant hackers unrestricted access to an agency’s network and data once exploited.
HP said its Fortify on Demand addresses this concern with continuous monitoring of deployed software across more than 600 vulnerability categories and services, thereby mitigating risk and identifying vulnerabilities within their network.
The service is currently authorized for agency use to perform security assessments across application code, web services testing and end-to-end mobile application testing. Meanwhile static code scanning for major programming languages is performed system-side at the code layer and then reviewed by an HP static auditor. Dynamic website and web services testing combine HP WebInspect and manual penetration testing followed by an HP auditor’s review as well.
“Organizations can no longer afford to simply respond to breaches as they arise,” said Rob Roy, CTO of HP Enterprise Security Products. Instead, agencies must take a proactive stance in rooting out cyber vulnerabilities and securing software in every stage of its development lifecycle.