Skip to main content
May 3, 2013

Enterprise Application Security with Evan Fromberg

UBM Tech Director of Content, Jonas Tichenor, interviews Evan Fromberg, Senior Director of Channel Sales and Business Development at Veracode. A transcript of the interview is available below the embedded video.

Jonas Tichenor: Hi I'm Jonas Tichenor Director of Content for UBM Tech channel and joining us today is Evan Fromberg, Senior Director of Channel Sales and Business Development at Veracode, so tell me specifically what is Veracode? Evan Fromberg: Veracode as a company is a on demand platform that helps enterprise customers understand risks in software applications they developed or they bought from third parties. So as application security or really as threats continue to emerge and businesses are more reliant and interconnected through software, there's potential risks in securing that software. Jonas Tichenor: Describe to me some of the key problems that Veracode is helping to solve today? Evan Fromberg: Today mostly enterprise customers have reached out to us saying they have a problem, is that they're increasingly interdependent on software they buy or that they develop or purchase from third parties. They need a way to understand how they can continue to develop and push new solutions to market without slowing down the development of that but ensuring that they're secure at the same time. Jonas Tichenor: Does that include everything from cloud based solutions to mobile applications, the whole 9 yards? Evan Fromberg: Yeah as you can imagine with mobile applications exploding in use and with web applications really creating an interdependence and an increasing need to be connected all the time, businesses are more and more reliant on software in both mobile and web applications. So for example with BYOD (bring your own device) and mobile applications that's really a key area that we're helping enterprises understand risk. Jonas Tichenor: So exactly who are the adopters of some of this technology and why do you think that is? Evan Fromberg: Traditionally in the solution provider space, application security as a market has been challenging. There's a finite group of resources that have the skill set to really test and understand if there's security flaws in applications. I think it's a tremendous opportunity. What we're seeing is many solution providers want to help their customers find innovative and unique solutions but they haven't had the skill set to do so, so you know our value proposition and what we're we're seeing in the market is leverage automated on-demand platforms such as Veracode to help solve unique problems for your customers without having to find the scarce resources that has traditionally been hard for solution providers to to acquire. Jonas Tichenor: So what role do you feel like mobility plays in this application security space? Evan Fromberg: We're an on demand SaaS platform, all the benefits that people want about software-as-a-service or cloud, resources on demand, pay as you go, use them when you need them and essentially we do that. So we help organizations understand where an application software they've either developed or bought from third parties where they're most likely to potentially be breached through flaws in those applications. The hackers understand exactly how to leverage coding or development flaws to gain entrance and we're they're they give enterprises that viewpoint as to where they're most likely to be breached. Jonas Tichenor: So you show them where, do you also help them figure out how to how to put the stop in? Evan Fromberg: That's a great question. We give them the visibility to where they're most likely to be breached, where potential vulnerabilities exist, we give them pinpoint accuracy as to how they should fix that, what these coding flaws mean and help them understand exactly from an application perspective where they should fix it. Then together with our solution provider communicate there's a great opportunity to say where should I start first, how do I build a remediation strategy and what's the best use of my time to deal with the most pressing vulnerabilities first and deal with the others later. Jonas Tichenor: So that fits nicely into this next question, where do you see the opportunities in the channel around the specific security space? Evan Fromberg: I think there's a couple. I think when we look at the channel today there's solution providers that are delivering solutions in technologies to help protect sensitive data and there's also a subset of solution providers or ISVs who are developing software as part of how they they go to market. I think there's a great way to extend traditional security techniques of protecting sensitive data for the channel to get in a market that was traditionally hard for them to do so. I think there's an opportunity to differentiate for those people that are building custom software to show that they've gone through the extra steps to make sure that that software has been independently verified by a third party such as Veracode. Jonas Tichenor: Give me specific example of how Veracode has helped the solution provider or independent software vendors today? Evan Fromberg: Today we have a global partner program and we have over a hundred partners that are in application security, are helping secure applications but have hard time scaling their business so they turn to us to help increase the scalability, decrease the amount of time it takes them the complete projects, and really capture revenue and solve problems for customers in a segment of security that was challenging for them. Specific to third-party software vendors or independent software vendors, we help them provide independent verification showing we've gone through the due diligence to know that the software they've produced is free of security flaws, that's making it more likely to be adopted by their end users out there to marketplace. Jonas Tichenor: Hackers are smart. Once they find the hole they know where to go the next time so it's interesting that you guys figure and help pinpoint where to put that stop in. Evan Fromberg: While it sounds easy, it's really one of the key areas today that's leading to breach and sensitive data loss. Trustwave recently did a survey and they said seventy six percent of breaches were from some component of third-party software and it's, we think because of the complexity because as challenging and disparate development of software is, it was a hard problem to solve and we think we're helping our own way to make that a lot easier. Jonas Tichenor: Do you have any advice for solution providers out there in the community that might not be in the application security space but certainly want to take advantage of the opportunity? Evan Fromberg: I think it's a logical step in how organizations, specifically enterprise customers will look to protect sensitive data moving forward. It's absolutely an area with as we've talked about the use of mobile and web applications that they need to consider and that it's a skill set that is challenging to find. You'll find an automated platform and a SaaS model like Veracode, where they can partner not only to help not only grow their business but meet the needs of customers who who are looking for innovative solutions. Jonas Tichenor: Evan any final thoughts before we wrap up for today? Evan Fromberg: We've had our partner program for over two-and-a-half years, we're global in nature and it's very easy to get started with us due to our on-demand SaaS model. There's no installing software or hardware and it's very easy to to leverage the capabilities that we've brought to market . Jonas Tichenor: Evan Fromberg, Senior Director of Channel Sales and Business Development at Veracode, thanks so much for being with us today. Evan Fromberg: My pleasure, thank you.

Neil is a Marketing Technologist working on the Content and Corporate teams at Veracode. He currently focuses on Developer Awareness through strategic content creation. In his spare time you'll find him doting over his lovely wife and daughter. He is a Co-Owner of CrossFit Amoskeag in Bedford NH, his favorite topic is artificial intelligence, and his favorite food is pepperoni pizza.

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.