Security as a Key Performance Indicator (KPI)
Embracing the modernization of technology is exciting. It allows a team to be more agile, more flexible, more efficient. It allows for organizations to adopt practices such as DevOps or CI/CD which enable teams to scale code development and deployment at rapid rates. Modern systems allow dev teams to compete with the seemingly thousands of new SaaS-based companies emerging everyday.
As the market leader in dashboard creation & automation, Klipfolio helps their clients succeed with data. In their platform, Klipfolio uses data to create simple units of visualizations called ‘Klips.’ Each Klip contains another visualization, providing clients with an almost limitless range of options for displaying their data or connecting their message.
When looking for a partner in application security, Klipfolio looked for someone who could help them track the numbers that matter. Klipfolio has a state of the art DevOps pipeline and, as a leader in business intelligence and data visualization, security for the DevOps team is an important metric of success. As a relatively small team, they can't afford to employ a lot of security tools with massive amounts of false positives. Doing so would require a lot of valuable time and effort that could otherwise be spent optimizing and extending the features in their platform.
Klipfolio’s web application functions as a dashboarding service, used to display data analytics in a user-friendly, digestible format. Aimed at B2B customers, the platform could be used by business analysts, marketing teams or financial professionals, for example.
As a data analytics platform, the application naturally handles a lot of data. Tons of pre-canned data sources, integrations, databases, web servers and FTP connections all fly in and out of the system regularly. From a pentester's perspective, this is a huge attack surface that has the potential for a lot of risk if not secured responsibly. And, as the application develops and connects with more data sources, the attack surface would continue to grow. Some of the top security concerns with data management could be in endpoint vulnerabilities, data mining risk, unauthorized access controls and in distributing data systems.
Klipfolio, thinking proactively about their security, used quarterly Penetration Testing as a Service (PTaaS) as a way of minimizing and preventing future risk for their application. Through continuous, year-round manual pentesting to identify confirmed vulnerabilities, remediation guidance, and on-demand advice on securely designing new features from scratch, working with Software Secured allowed Klipfolio to earn a better sense of application security and spend more precious developer time on efficient, secure development.
301 Moodie Dr. Unit 108, Ottawa, ON, K2H 9C4