January 30, 2017


Eliminating Data Vulnerabilities with a ‘Resilient’ Cyber Security Model

Co-author:Aravind Mahendran

The business landscape is witnessing a wave of transformation – organizations are now ‘going digital’ and adopting advanced technologies such as Cloud and IoT. Consequently, this is leading to a rise of new and unfamiliar security requirements.

Digital frameworks such as Internet of Things (IoT) and Bring Your Own Device (BYOD) connect several applications on a single stream – this makes them more susceptible to vulnerabilities and Advanced Persistent Threats (APTs). Application security has, therefore, become a primary objective for organizations on the front line of digitalization.

However, after the measures are in place companies often overlook a crucial aspect of security – appropriate testing measures which prove indispensable and formative in the long run. Security testing can no longer be considered an option – with integrated systems creating a gamut of cyber vulnerabilities, it has become a mandate.

Security Testing: Trends and Opportunities

Security testing market will grow at CAGR 18.1%, going from $3.31B in 2016 to $7.61B by 2021

This indicates that organizations have already identified this space as a source of corporate integrity, brand reputation and customer accountability – and begun investing.

Security testing can be broadly classified into network, application and device. Some of the recent advancements in this domain include:

  • IOT security testing
  • DevsecOps (a collaboration between security and DevOps which allows organizations to find and fix vulnerabilities earlier in the development process)
  • Cloud Malware
  • User and Entity Behavioural Analytics

Penetration testing (pen-testing) is another buzz-word in cyber security testing– which refers to gaining access to resources without knowledge of usernames, passwords and other common parameters. Such vulnerabilities can be identified only by the penetration tester in collaboration with the vulnerability scanner – therefore, the first step of a penetration test or a vulnerability scan is reconnaissance.

Emerging challenges in security testing

Powered by the digital revolution, cyber-threats are becoming more creative and complex every day. The security testing process, therefore, faces multiple hurdles across different layers of execution. These challenges include:

HCL’s Security Testing Expertise

As a 21st century enterprise, at HCL we have initiated and orchestrated security services across multiple domains – Access control, Content security, Endpoints security, Threat management, Identity and Access management and Security Management. The HCL Application Security Assurance Program (HASAP) adopts industry best practices – integrated with Software Development Life Cycle (SDLC) security processes.

Secure SDLC Process

Our ready-to-test dedicated labs simplify end to end product testing services while ensuring cost efficiency. HCL’s in-house automation tools and technologies ensure accurate assessment and gap identification – then bridging the gaps with robust, state-of-the-art testing solutions.

Our product testing services ensure a safe and secure environment for our global customers while successfully pre-empting cyber-attacks.

The HCL Advantage

At HCL, we have extensive expertise in the security testing services industry, having conceptualized and implemented frameworks across domains. Our diversified testing services portfolio is consolidated within a unified, comprehensive toolbox – Product Testing Services(PTS). HCL leverages this differentiator to craft a ‘resilient’ ecosystem for your products and services.

Value to our customers

Application security testing is at the heart of industry best practices. As a leading security solutions ISV, we handle critical applications and businesses worth $ 1.42 billion – even a minor security lapse would significantly compromise our corporate responsibility. We deployed the secure software development lifecycle methodology – the S2D model as outlined by HCL – to implement the ‘defence in depth’ principle. We successfully prevented malicious input from infecting application cookies and GET/POST parameters, via appropriate data validation controls. We used robust session management models to prevent users from viewing sensitive information such as credit card and banking information.