Case Study by Michael Doherty - Product Manager, Everperform
The Background
Everperform is all about maximising team performance. We work with a number of companies in Australia and Europe – mostly professional consulting firms – who use our web application to increase team morale, productivity etc.
As such, almost every engagement necessitates the collection of confidential information about individuals and companies – from negative feedback on directors and CEOs, information about employee’s personal lives and health status, through to the monetary values of large corporates. Some of the information we capture is potentially damaging and should be kept confidential, away from the public eye.
To maintain confidence in our data security in the past, we’ve conducted our own penetration testing, security assessments, and ongoing best practice reviews. However, our company is growing, and so, as part of our maturity process, we needed to conduct a third-party assessment to demonstrate our capabilities.
This is essential to validate our own security processes as well as win business from larger enterprise companies – third-party security assessments are a constant request.
We went to the market looking for a company that was reputable for penetration testing as well as helpful, and forthcoming with guidance – a company we could trust to maintain a relationship with us over a few years.
The Goal
Customer confidence is our number one goal – as a small business, it’s easy to be overlooked by larger companies that assume you don’t have the professional maturity they’re looking for in a service provider. We needed customers and potential customers to have absolute confidence in our level of security so that we could maximise our growth opportunities.
The Selection Process
A personal friend recommended The Missing Link, pointing out their long list of accolades and certifications. He’d had dealings with them and had been highly impressed.
We approached The Missing Link, along with a number of other vendors, but they were the fastest responders, and they kept in contact. They were thorough in their approach to exploring our needs, they provided a quote extremely quickly – within one day – and the project manager and a senior penetration tester were happy to run me through the process and to discuss any alternatives.
Our Relationship
From start to finish, The Missing Link have been consistent, professional and very timely. The level of detail provided has given me full confidence in their capability, and they have met every milestone, from providing a quote to completing Penetration Testing, delivering the final report, and following up a day later to answer any questions.
We were fully informed of the Penetrating Testing process, timing and responsibilities well in advance, and they contacted me every second day of the testing to keep me up to date with their progress. When they did find a vulnerability, they reported it immediately and guided us through the fix, then detailed it in the final report as well.
I’m not overly technical, but I found the report understandable, easy to read, and clear about potential threats and the level of care we need to take when implementing change.
Our head of engineering was very happy. He felt the report had all the information he needed to address concerns raised and to protect our business in the future, including guidance for updating internal policy so that similar vulnerabilities don’t recur.
The Difference
Third-party Penetration Testing has spurred the maturation of our organisation. Now that we’ve taken this first step, it will be easier for the rest of the organisation to follow.
Importantly, it has given us as an organisation, greater trust in our web application and the confidence we need to go out and sell into bigger enterprises, even those we have no previous relationship with. With this behind us, we can approach potential customers knowing we’re not going to have the rug pulled out from under our feet with awkward security questions, or by being exposed to any vulnerabilities - we can focus on driving the business forward.
We’re already talking to The Missing Link about future endeavours, and I feel confident that we’re going to benefit from the long-term relationship we’d hoped for.