CASE STUDY
Dedalus governs open-source risks in a fraction of the time it previously took
Dedalus is a global healthcare software company with over 40 years of experience delivering healthcare software and services to over 6,700 healthcare organizations.
CAST Highlight was deployed in a few weeks and enabled automated control of open-source risks across their application portfolio, without disrupting developers.
CAST Highlight has proven to be a valuable instrument in shaping our security budget enabling us to allocate resources more effectively.
Romila Kulshrestha
Director
A few weeks
to develop a comprehensive
remediation plan
50+
applications
controlled for legal and security risks, without disrupting developers
2000+
components
Managed within the open source ‘control tower’
Challenge
Dedalus owns over 200 applications acquired over the course of several years. These products serve more than 6,700 healthcare organizations worldwide, facilitating over 4 billion diagnostic results and managing 540 million patient records.
The applications use a diverse set of technologies, hosted across several geographically dispersed platforms.
They contain 3rd party and opensource software (OSS) libraries which increases the complexity of planning the technology direction and managing security risks at a global program level.
Dedalus’ Group Chief Technology Officer, Mr. Daniel Becker, identified the need for better control of security risks and a way to prioritize actions for implementing a sustainable technology transformation program.
Solution
Dedalus chose CAST Highlight for automated Software Composition Analysis (SCA) and deployed it across 50+ strategic applications.
It acts as a ‘control tower’ of the applications by automatically understanding the composition of each application including opensource technologies and components, versions of each component, security vulnerabilities, OSS licenses, age of each component, weaknesses, and more.
All these elements are included in the automatically generated Software Bill of Materials (SBOM) of each application to help Dedalus maintain an accurate and always up to date inventory of their application composition. CAST Highlight was chosen for its rapid deployment and ease of use.
Results
Dedalus now governs their diverse applications more effectively. They developed a comprehensive remediation plan in just a few weeks which included priority actions to take across the scanned applications.
The built-in Portfolio Advisor automatically recommended which applications to focus on to lower security risk, reduce legal exposures, upgrade component versions.
Dedalus realized multiple benefits across the organization including - increased visibility, reduced compliance risk, cost savings from component rationalization, and reduced security risk due to advanced warning of emerging vulnerabilities.
Dedalus also utilizes the Cloud Maturity insights available in CAST Highlight to plan ongoing application modernization.
