The customer
REaD Group helps brands to run more effective sales and marketing campaigns by providing them with high-quality data, cleaning customer data, and running advanced analysis of that data. Offering insights based on hundreds of variables, REaD Group ensures that brands run campaigns that are both effective and compliant with GDPR and other relevant legislation.
The challenge
With a number of high-profile clients, REaD Group understands that cybersecurity is an essential arm of their business. Dan Pope, IT Manager at REaD Group, explains:
“If we were to suffer a data breach, both REaD Group and our clients could be liable, and incur heavy fines. It’s essential not only for our business, but for our clients’ businesses, that our networks and our systems are absolutely watertight.”
If we were to suffer a data breach, both REaD Group and our clients could be liable, and incur heavy fines.”
In fact, many of REaD Group’s clients insist on demonstrable security measures such as penetration testing. Because of this, REaD Group was running regular penetration tests and monthly vulnerability reviews on one of its assets and data management platforms. But Dan knew that they could be doing more.
“If an application updates two weeks after we’ve pen tested it, then the results of that test are largely irrelevant,” Dan comments. “I knew that we needed to make sure we were providing the very best security for our clients and their data – it was time to get even more frequent touchpoints on our assets, while still satisfying our clients’ need for pen testing.”
The solution
Fortunately for REaD Group, the answer lay with an existing supplier – Claranet. Claranet was already providing REaD Group’s annual pen testing, but after listening closely to Dan’s challenge, they suggested a new way to help him achieve his goal.
“Claranet suggested Continuous Security Testing, and the concept was exactly what I was looking for,” Dan says.
Claranet suggested Continuous Security Testing, and the concept was exactly what I was looking for.”
Continuous Security Testing (CST) combines advanced application scanning with manual penetration testing to provide a regular review of your security. All results are evaluated by cybersecurity experts and assessed for impact, presented in a way that lets you immediately act on new threats to limit vulnerabilities. Dan saw that CST would be perfect for their estate, enabling them to continue optimising their web application without increasing their security risk.
Before he could say yes, though, Dan knew he’d need the client’s buy-in to use CST. Though CST offers more robust security than traditional pen testing, it was different to the measures the client had stipulated as a condition of working with REaD.
“We presented the Claranet proposal to our client, and they were also very impressed,” says Dan. “They recognised that because CST is continuous, and the Claranet pentesters would gain detailed knowledge of our environment over time, it would protect their data much more effectively than penetration testing and vulnerability scans in isolation.”
The result
REaD Group uses CST to protect their web application and its underlying infrastructure. Automated scans of the infrastructure are run daily, while the web application is scanned continuously - once a scan finished, the next one starts. Any vulnerabilities highlighted are then manually verified by Claranet’s security experts. Since beginning operation, CST has already driven some powerful results for CST. In the first month alone, CST identified one high-impact and one medium-impact vulnerability – both of which were immediately fixed.
“If we had been relying on annual penetration testing and monthly vulnerability scans, those vulnerabilities could have been missed for weeks,” Dan observes. “With CST, they were found and remedied in days instead.”
If we had been relying on annual penetration testing and monthly vulnerability scans… [some] vulnerabilities could have been missed for weeks. With CST, they were found and remedied in days instead.”
This is fantastic news for REaD Group, who can now be confident that Claranet and CST are giving them more robust protection of all data assets than they were receiving before. But CST has delivered other benefits to the business, too.
With CST providing continuous scanning of its web application, REaD Group no longer needs to perform monthly vulnerability tests, which it had been doing in-house. That resource has now been freed up to work on other projects, making better use of REaD Group’s own resources. At the same time, the annual penetration test that is part of REaD Group’s security operations has been reduced from just seven days to two, due to the efficiency and depth of protection offered by CST.
Looking to the future, the team at REaD Group is planning to expand the scope of assets that are protected by CST, to ensure more of their clients can benefit from their advanced security measures. Armed with CST, the team at REaD Group has also been able to pitch for new business opportunities where a robust level of security is a prerequisite.
The tenders we are bidding for at the moment can be worth more than £300k ,” says Dan. “Obviously, the value of security measures can be measured by considering the cost of fines that we might get if we were breached. But at REaD Group we can also say that our security measures are actively generating revenue for us.”