Explore our award-winning strategy driving our digital transformation and further strengthening our cyber posture and operational controls.
According to the Ponemon Institute, one of the world’s eminent research centers dedicated to privacy, data protection and information security policy, software vulnerabilities detected in live solutions (aka “in production”) cost 100 times more to remediate than those discovered in the design stage of the software development lifecycle (SDLC). Our teams at Wolters Kluwer knew there had to be a better way, and have received recognition in the 2021 CSO50 Awards for our innovative approach that integrates security into each phase of our product development processes, enabling us to build secure-by-design products for our customers, while further strengthening our cyber posture and operational controls.
Driven by the mission of the Wolters Kluwer Digital Experience Group (DXG) to develop secure, re-usable and innovative software assets and solutions across the enterprise with the security standards and audit role provided by Global Business Services (GBS), the “Secure Software Development Lifecycle” (SSDLC) project was initiated in early 2020. The sophisticated program enables teams to measure the "state of security" for each asset, identify gaps, analyze dynamics of changes over time, aligned to a framework of SMART (Specific, Measurable, Achievable, Relevant, Timebound) goals, transforming the way our product development teams embed security into our information products and expert solutions.
At Wolters Kluwer, we realize that while securing the cloud-based networks and servers that host our products and services is extremely critical, it’s equally important to ensure that the code in our deployed applications is equally as secure. “To achieve this critical level of application security, our development teams created a comprehensive program, integrating security into each phase of the development process and allowing us to build secure-by-design products. This ‘shift-left’ approach enables our teams to identify and address security issues much earlier in the software development lifecycle, yielding a more cost effective and overall secure set of software assets and products as a result,” said Anthony Oliveri, VP of Product Software Engineering, Wolters Kluwer DXG.
SSDLC is guided by security principles, reduces the cost of potential security issues, and features a blend of manual and automated elements, such as increased security awareness among our engineers, with a framework for maintaining the program with clearly identified KPIs that allow our teams to manage and monitor the ongoing security state of our applications. This best practice followed by top development and security teams is one all teams can learn from: to define, measure and continually improve on key security indicators throughout the development lifecycle.
“We’re very proud of this project for lots of reasons, including the respect for security principles at its foundation, which were set forth by our team, and embraced and put into practice by our partners in DXG. It is also a great example of how we’re continually working to improve our cyber resilience in innovative ways,” said Mohammed Lazhar, VP of Global Information Security, Wolters Kluwer GBS.
Wolters Kluwer has been named an honoree of a 2021 CSO50 Award from IDG's CSO. This prestigious honor is given to a select group of organizations that have implemented security projects and initiatives demonstrating outstanding business value and thought leadership. The company will accept its award at the CSO50 Conference scheduled for November 16-18, 2021.
“The disruptive events of 2020 – combined with sophisticated and far-reaching attacks like SolarWinds – brought new challenges and costs to organizations, their security leaders, and business outcomes,” said Amy Bennett, executive editor of CSO. “Our annual CSO50 Awards recognize security teams that bring innovation and thought leadership to solving for the many risks their organizations continue to face. This year’s class of CSO50 winners represent an elite group of risk and security thought leaders, and we are pleased to give them the recognition they deserve.”
In terms of scope, this project touches the software assets of all Wolters Kluwer's businesses (either directly or indirectly), including some that are directly accessible by our customers. Additional elements included participation in our enterprise-wide application security audit program, run by a third-party vendor, for which the team achieved the highest score across the entire company. Thus, our strategy of continued investment in secure, cloud-based, scalable solutions marches on.