The Security Compass team has launched SD Elements Version 5! This new version has been enhanced to support a state of continuous compliance. SD Elements now goes beyond the development phase of enabling security, risk and compliance management, expanding throughout the whole software lifecycle. Organizations who use SD Elements Version 5 will no longer need to slow down development during a software audit. Systems will always be audit-ready so that you can easily maintain a lean and agile software system.
The Industry Challenge: Filling the Policy-to-Execution Gap
Modern organizations have large sets of policies to comply with. Yet, they have no formalized way to translate those policies into operational activities. They also often lack the appropriate systems or processes needed to track compliance to security standards in their software stacks. This results in software that’s left exposed. What has just been articulated is referred to as the policy-to-execution gap. In order to start filling this gap, security standards must be translated into instructions that developers can easily understand and implement into software. Also, security standards must be easily tracked so that teams can ensure they’re keeping up with compliance. Part of this involves mapping all manual and automated process steps to compliance frameworks, standards, and laws.
Introducing SD Elements Version 5
SD Elements Version 5 helps to fill the policy-to-execution gap by automating the translation and tracking of security standards into actionable tasks across all software stacks. The latest release has been enhanced to track manual and automated process steps connected to compliance frameworks, standards, and laws. This makes it easy for agile development teams to manage the security of their entire technology stack, including the software itself, as well as the deployment and configuration requirements of the servers and operating systems. SD Elements is integrated with popular Issue Tracking Systems, like Jira and Microsoft Azure DevOps, as well as with Continuous Integration tools, like Jenkins. These integrations ensure that security and compliance are a seamless part of the agile and DevOps processes.
As our CEO, Nish Bhalla says, “Unlike other GRC tools on the market, SD Elements is uniquely focused on the software stack–ensuring the development, configuration, and deployment of software is always secure and compliant.” With SD Elements, organizations can build security and compliance into their systems instead of simply reacting to vulnerabilities later on. Beta users of SD Elements continuous compliance features reported that their manual threat risk assessment, which originally took 6 weeks, was cut down to 2 weeks with SD Elements on their side, resulting in an estimated cost savings of $10,400 per assessment.
Here are the key features and functionalities now available in SD Elements Version 5:
- Automatic software inventory profiling to determine relevant actionable tasks connected to standards and regulatory controls
- Actionable task integration into popular ALM tools, including Jira and Microsoft Team Foundation Server
- Consistent tracking and visibility into security and policy controls, ensuring continuous compliance
- Embedded security and compliance into software operations via integrations with key security tools
- Organizational compliance to industry regulations and policies, including ISO 27001, PCI, GDPR, and NIST 800-53
- Reporting and insights on organizational security and policy posture
Read more about the current challenges with software security and how we’re solving them in our whitepaper: The New Reality – A Complex and Constantly Changing Environment
SD Elements Version 5 enables continuous compliance in organizations by leveraging existing and planned integrations with industry-leading products, ranging from those related to static and dynamic analysis to cloud configuration, network scanners, and more. For a complete list of our current and planned vendor integrations, visit here.
To learn more about SD Elements Version 5.0, visit here.