Sabesp advances in Security through Managed Services

Applied solution submits own and third party systems to source code analysis for vulnerability detection; teams gained productivity after applications passed targeted corrections

Comprised of a wide variety of systems to serve various internal and external processes, Sabesp currently serves 367 municipalities in the State of São Paulo, benefits more than 27.7 million people with water supply and more than 21.4 million users with sewage collection. To protect the system from vulnerabilities and security flaws in software applications, the company announces the contracting of managed services from Nalbatech. The project is supported in the use of the bugScout platform.

“With managed services for application security, we increase the efficiency of our work, allowing us to comply with the company’s Information Security Master Plan,” says Daniel Bocalão, manager of the Information Security and Connectivity Department – (CIC) at Sabesp. The executive is responsible for the security of the corporate network, systems and services and information vital to the company’s business processes.

In internal systems development, NalbaTech monitors and supports the use of the bugScout solution, which detects security risks during the life cycle of software applications. When third parties, the company performs the analysis of source code to detect possible flaws and subsequent correction by the manufacturer. “The work is done by sampling, to reduce time and investment, and later on throughout the application. Suppliers are informed about the tests even before hiring and are then instructed to make the necessary corrections. The analysis of the entire source code of the application follows the pattern of use of these systems within the company ”, explains Bocalão.

In the field, the Internet of Things is already applied in devices and systems that collect in real time the data on water and sewage services delivered to the population, and which involves the identification of consumption, changes or deviations in the consumption pattern, potential for leakage , among many other variants, producing a large amount of data that needs to be protected. This account also includes administrative management, billing, CRM, asset control, supplies, HR and other systems, which pass the vulnerability tests required by the company.

The most found vulnerabilities

More than a thousand applications have already been analyzed, and the most common flaws in third-party applications are related to the exposure of sensitive information, weak encryption, violation of trust limits, basic errors in the source code, among others. “There is rarely any application on the market without finding a fault,” says Bocalão.

Increased user productivity

Security vulnerabilities are not the only ones identified. With errors in the source code, many systems become slow, significantly impacting the productivity of networks and teams. “We noticed a very big increase in productivity after the applications went through the corrections guided by bugScout”, says Bocalão. “With the maturity in the use of the solution, we also improved our internal processes and procedures”.