icon_CloudMgmt icon_DollarSign icon_Globe icon_ITAuto icon_ITOps icon_ITSMgmt icon_Mainframe icon_MyIT icon_Ribbon icon_Star icon_User icon_Users icon_VideoPlay icon_Workload icon_caution icon_close s-chevronLeft s-chevronRight s-chevronThinRight s-chevronThinRight s-chevronThinLeft s-chevronThinLeft s-trophy s-chevronDown

Security

At BMC, we continuously adapt our security practices, tools, and techniques to embrace new technologies and protect against an evolving threat landscape.

Supporting an integrated SaaS security framework

Addressing Security SaaS

Our integrated security framework is designed to operate effectively at the speed that networks currently require. We embed technologies that provide a holistic view and are capable of taking action on threats. We believe in continuous risk assessment and in leveraging automation with governance rules specifically for the cloud. BMC’s security strategy includes the following layers:

  • Governance
  • Physical
  • Perimeter
  • Network
  • Endpoint
  • Application
  • Data

Security is an integral part of our software development life cycle

Supporting Integrated Security Framework

We continuously adapt our security practices, tools, and techniques to embrace new technologies and protect against an evolving threat landscape. We conduct security design reviews and threat modeling workshops to identify potential issues during the architecture and design phases of product development, as well as pre-release testing.

  • “Shift-left” approach: Threat modeling, attack surface analysis, security architecture analysis, and other techniques are employed at early phases of application conception.
  • Secure coding: Corporate-wide training for all developers, QA engineers, product managers, and architects includes mandatory training on the OWASP Top 10 Security Risks.
  • Testing: During product development, static code analysis and libraries' audits are performed on a daily basis. Before release, each product also goes through one or more penetration tests. Policies in place prevent release of products with known high or critical vulnerabilities.