Background
Deputy's mission is to change the way the world works with their all-in-one workforce management solution that simplifies timesheets, tasking and communication. Deputy's management software helps organizations streamline their business admin processes and manage teams of all sizes.
It is critical for the health of their application to be in good condition and free from security threats, otherwise this would translate into real-life impacts that could threaten the livelihood of workers. In more time-sensitive industries like healthcare, a shortage of staffs on shift might impose a threat for patients.
Challenges
Upon an internal review of their current security stack, they identified the need for a more comprehensive tool to analyse the health of their development environment and track the dependency of components within their infrastructure.
However, the existing tools Deputy were working with were not providing a comprehensive representation of their environment and there was the lack of ability to manage the lifecycle of existing components. The presence of legacy systems within their infrastructure also posed as a huge invalidity risk against the sustainability of their applications.
Solution
An SCA solution was identified to evaluate the open source components in application building and Scantist was tasked to demonstrate our capabilities in this regard.
With the use of Scantist's SCA tool, it gave them a single panel view of the high risks applications that were running in their environment. This allowed them to make immediate actionable remediations without adding huge complexities to their pipelines to stay in compliance with ISO 27001's vulnerability management standards.
The Facts
Scantist's SCA was effectively able to map the application's open source inventory and presented the following information:
- 155 PROJECTS
- 11,354 UNIQUE LIBRARIES DETECTED
- 716 AVERAGE SCANS PER WEEK
- 40 AVERAGE VULNERABILITY FIXES PER WEEK
Scantist's Software Composition Analysis (SCA) uses proprietary analysis techniques combined with a highly curated vulnerability database to provide best-in-class results when it comes to understanding your organization's open source risks.
Implementation Results
Well maintained code does good things but if it is not managed from a lifecycle perspective, unexpected reliability and security issues can occur spontaneously, contributing to downtime of the application and disruption of business.
Measuring the health of their development environment was a great challenge that came with multiple metrics such as risks, vulnerabilities and age for them to oversee. Scantist's SCA tool was presented as a simple solution for their developers to identify which areas of their stack to prioritise.
Upon usage of our SCA tool, it was brought to Deputy's attention that they had components as old as ten years sitting in their application. This warranted an immediate call to action for them.
The SCA tool also empowered them with a centralized and standardized way of managing their libraries with high levels of visibility (which should be the case for small development teams) thus giving them another suggested area of improvement in their workflow.
Customer Testimonial
"We were throwing some interesting and unusual questions about the product's capabilities, and we got a response in a few weeks with very intricate changes to the solution Scantist was offering to us. The level of responsiveness and adaptability of Scantist helped make the decision process a lot easier. Scantist went above and beyond to tailor its product for us to get data that was unique and valuable to our environment. This type of interaction with a vendor makes the partnership a delightful one to work with and we are getting a great deal of value out of it."
Robert Mitchell
Head of Security
