The solution
Applied Trust assessed Rally’s application, including the network and system resources that support it, against specific IT security standards. Based on that information, Applied Trust then created an IT security roadmap to guide mitigation efforts based on cost and priority. Applied Trust has since worked side-by-side with Rally IT staff to implement the changes outlined in the roadmap.

The benefits
Rather than being caught off-guard by security vulnerabilities the company didn’t know existed, or overwhelmed by trying to address all potential security issues at once, Rally has proactively been able to increase its security at a pace that’s commensurate with the rest of the company’s growth, running smoothly and securely along the way. In addition, Rally can now demonstrate how its application complies with relevant IT security standards.

Rally Software Development: agile from the start
Rally provides products and services around Agile Software Development, a methodology that emphasizes collaboration, communication, and the frequent deployment of software.

Rally’s products help to drive early and consistent delivery of customer value by enabling its clients’ cross-functional teams to efficiently plan and manage software releases that propel their business. In addition to providing development tools to facilitate Agile adoption, the company’s Agile University and world-renowned coaching services help mentor teams to create internal Agile experts, and its Web 2.0 community Agile Commons encourages knowledge sharing among Agile practitioners.

Since opening shop in 2002 Rally has grown tremendously, finding itself atop the Boulder County Business Report 2007 Mercury 100 List of fastest growing companies in Boulder and Broomfield counties. More than half of the world’s leading software-driven companies currently use Rally, and Rally’s tools have supported its customers in more than 6,500 Agile releases.

Recognizing the importance of security: fast growth, but also smart growth
Because Rally’s clients trust that Rally’s production environment and application development tools are secure, Rally needed to be sure that there were no gaps in its application security. That’s why Rally looked to Applied Trust’s security experts to conduct an assessment of its application, including supporting network and system resources, and then to create an IT security roadmap based on the assessment results to guide vulnerability mitigation. This approach ensured that Rally, and its clients, were able to focus on agile development without worrying about an insecure environment.

Making sense of security standards
There are many security standards that help guide companies in their development and implementation of IT security practices. Compliance with some, such as HIPAA, Sarbanes-Oxley, and FISMA, is mandated based on the nature of a business, while others, such as the International Standards ISO/IEC 27002 (formerly ISO/IEC 17799), are voluntary but convey an organization’s commitment to IT security. Applied Trust has expertise in helping organizations identify applicable security standards and how to achieve compliance with them. Rally looked to Applied Trust for help in navigating the maze of security standards to determine which standards were appropriate based on the company’s goals, clients, and needs, and how to achieve compliance with the relevant standards. After deciding on the standards to which Rally should strive, Applied Trust’s assessment provided an analysis of current compliance status and recommendations for gaining compliance where it had not already been achieved.

A plan for mitigation and compliance
Upon completion of the assessment, Applied Trust worked with Rally to develop an IT security roadmap based on the mitigation recommendations made in the assessment. The map was organized by quarter for the upcoming year and by security category. Each recommendation was added to the roadmap in the appropriate location based on the time frame in which it needed to be addressed. The most important issues were included in the first quarter column. Longer-term goals, such as compliance with a particular industry security standard, were broken into a variety of tasks occurring over several quarters, helping Rally’s IT staff to stay organized and focused in the short term. As items are completed they can be checked off, and in cases where a priority shifts a task can be moved to a different time frame. The roadmap, and the focused recommendations provided in the assessment, enable Rally’s IT staff to keep just the right pace with the organization’s security efforts, and ensure compliance with security standards.

“Applied Trust's security expertise has been invaluable to our company. Their practical approach to security standards compliance has helped our organization get farther, faster. We view Applied Trust as a long-term partner, and we look forward to their ongoing help in making sure we head in the right direction security-wise while we further grow our business."
— Tim Miller, CEO, Rally Software Development