Case Study by Don Nguyen – Co-founder, Aerofiler
Our Background
Aerofiler was co-founded in 2018 with the aim to assist organisations in managing the growing number of electronic documents associated with their daily business. Our platform helps them store, access and share what can be highly complex documents. In 2018 we were recognised as an APAC Finalist for the StartCon Startup of the Year award, and we’re looking to disrupt the existing processes and solve a problem that should’ve been solved years ago. Currently, we have offices in Sydney and San Francisco from where we work with venture-backed and publicly listed companies in Asia-Pacific, the United Kingdom and the United States.
With all manner of information being managed by our platform, we believe that being able to guarantee our clients confidentiality and integrity as well as immediate availability of their information is critical to our success - we refer to this as CIA. Of course, this is a priority for our clients as well – they’re always concerned about security.
The difference between Aerofiler and many other businesses, even those within the same industry, is that two of our co-founders have professional legal and engineering experience. This allows us to be hyper-responsive to customer needs.
With CIA in mind, we would never release a product iteration without being absolutely sure it measures up to the latest industry security standards and meets external CREST certification. This is where The Missing Link comes in.
The Goal
As a company that helps international businesses manage highly confidential information, we need external validation that the products our IT team builds in-house meet the highest security standards. This is our policy and it is what our clients expect.
In order to achieve international recognition of our high standards of security, we wanted to engage a company with CREST certification to secure our platform, using industry best practice methods.
The Selection Process
I initially reached out to The Missing Link a year before we engaged them. At that time, I had invited them, along with a few other vendors, to tender to undertake Penetration Testing. The Missing Link did not win the tender; however, I remained in touch with them. What impressed me was that The Missing Link was willing to provide us with solutions, even though we weren’t a paying client.
When it came time to go to re-contract, I invited other vendors, The Missing Link being one of them, and this time decided that The Missing Link was the best fit for us.
What made them stand out was their CREST certification and their willingness to really work with us, rather than taking a cookie-cutter approach. They took the time to understand our requirements and customised a proposal based on what we were looking for.
The Relationship
Working with The Missing Link has been a smooth process right from the start. I have great confidence in them as a vendor– both from the technical perspective and in the way they work with us – they are happy to customise their service and come up with bespoke solutions based on our needs.
Importantly, I feel comfortable ringing our account manager, to ask any questions – she is very professional and approachable.
The Penetration Testing that The Missing Link has undertaken for us has gone well. There have been no surprises from technical and security assessments and I was highly impressed by the delivery of the security assessment report post-Penetration Testing. Their report was thorough, insightful and in-depth, making it very easy for us to understand.
I’ve also been impressed by the flexible approach they take to project management. The Missing Link are open to the concept of smaller incremental tests for new feature releases, rather than requiring a complete re-test no matter how small the change. This gives us the option of performing even more regular testing, which will ultimately be to the benefit of our clients.
The Difference
Periodic security testing is part of our business process – it’s necessary for us to release certain new products. It also helps us attract new clients and build our business. It’s been a pleasure to work with The Missing Link. When the time comes for further security testing, they’ll be one of the first vendors we turn to.