Indian outsourcer  Wipro is to work with Fortify Software on a joint centre to assess and assure the security of on-demand and managed service applications.

Wipro’s Software Assurance Centre (SAC) will use Fortify 360 technology and operate from the outsourcer’s Indian base and US and European facilities.

Vinod Muniyappa, Wipro’s practice head of application security, said “Traditionally, organisations have focused their vulnerability management efforts on desktops, servers and network devices, reacting to critical vulnerabilities through patch management programmes.”

But the changing nature of threats and compliance demands, he said, “is requiring companies to expand their vulnerability management activities to include large-enterprise applications, databases, externally facing web applications and internally developed applications.”

A security survey from Forrester Research earlier this year showed 77% of enterprises and SMBs consider application security an important IT initiative, and 35 percent have already adopted or plan to adopt application security measures in the next 12 months.

The reasons are clear, according to Forrester analyst Chenxi Wang. The business drivers include regulatory requirements, such as the new payment card industry (PCI) standards, which include an application security mandate, as well as other regulations such as Sarbanes-Oxley.

Other factors include Reputational damage from data breaches and the direct financial consequences of security breaches. “Forrester estimates that cost per record for a security breach is approximately $305 for companies in a highly regulated industry.7 This cost can be prohibitively high for companies that handle hundreds of thousands or millions of data records,” wrote Wang in a report Operationalising application vulnerablity management .

As the focus on application security gets sharper, enterprise outsourcing of application development is becoming increasingly widespread - a survey by research firm Quocirca this April found that 90 percent of companies surveyed outsource almost half of their code development.

“Enterprises need a cost-effective, scalable way to assess the business risk posed by insecure applications and remediate those vulnerabilities, whether those applications are developed within their organisation, or by an outsourcing relationship with a trusted provider,” said John M. Jack, CEO of Fortify Software.

The Wipro SAC offers clients a service that provides visibility into the risks posed by vulnerable software and assesses applications to provide a measure of the application’s security health. The Wipro SAC can also validate an application’s compliance to key regulations such as PCI, GLBA and HIPAA.

“Application development and IT security have been outsourced for years, and now organizations are also beginning to outsource for application security,” said Diana Kelley, principal analyst, SecurityCurve.

Anthony Miller, Managing Partner at analyst firm TechMarketView, said Wipro has one of the world’s largest software testing businesses, worth $450m (£270m) in revenues. Miller called software testing “one of the ‘hidden jewels’ in the IT services crown”. “Most customers see it as a ‘necessary evil’, but the systems integrators love it as it’s very profitable and very ‘sticky’ business.”