Complinity Technologies Private Limited
case study
Complinity faced the challenge of maintaining security for their SaaS product on AWS amid continuous enhancements. They also had a lack of confidence in security measures and theoretical knowledge so needed a user-friendly tool with clear reporting functionality.
They now boast a near-zero vulnerability platform, regular scheduled security scans and streamlined monthly reviews.
Tell us a bit about yourself and your organisation
I am Hari Bala and I have been around in the IT industry for nearly four decades. I have been hands-on with technology in spite of very rapid professional growth in the Corporate Sector. I set up a Tech company in 2001 and have been the co-founder and CTO of this organisation. We have a SaaS product on the AWS platform used by nearly 300 organisations. Our product has been on the AWS platform since 2016.
What was the business need for AppCheck?
There is a constant pressure from our user community to keep enhancing our product which contains nearly 15 different modules integrated into a single system. At the same time, I need to ensure that security is provided a very high focus since the system needs to be up 24×7, provide very quick response time and at the same time keep the data safe and sound.
What were your main challenges with security before AppCheck?
We read from available literature and tried to comprehend what we read and implement whatever we understood. We were underconfident and had this nagging feeling that what we had done was not good enough.
Being pure developers, our expertise in Security in 2016/2017 was not good enough. It was theoretical knowledge. Meeting with Security consultants was not useful enough since the engagement was short-lived.
Why did you choose AppCheck?
Somewhere around 2016, we felt the need to take security more seriously. We required a tool that will keep scanning our software and infra on a regular basis and alert us in the event vulnerabilities are detected.
Around 2017-18, after looking at various tools, we decided to take our dialogue with AppCheck to the next level. We were impressed with their eagerness to help and engage with us. In the first few meetings, they guided us quickly on how to go about securing our digital assets.
We decided to engage AppCheck in our security strategy and signed up with them.
What is your favourite thing about AppCheck?
The Scheduler/Notifier. Ability to configure the scan. The clear vulnerability report with recommendations on how to go about mitigating the vulnerability.
Sum up your experience with AppCheck in 1-2 sentences
Pretty satisfying. I will recommend this product to one and all. It is a must especially if you use the Cloud.
Want to scan your critical assets?
Have you ever used other tools to discover vulnerabilities?
We got exposed to various other tools, which I will not be naming here, through our customers who insisted on scanning our software before they signed up with us. The reports were pretty confusing with a lot less recommendations on how to go about resolving the vulnerabilities.
We found the AppCheck tool very user friendly. It was quick to set up and run. The schedulers with notifications make everything seamless. We have scheduled our monthly VAPT scan for the fourth week of every month. It is awesome that I get an email from AppCheck when the scan starts and another one when the scan ends asking me to access and go through the report. This greatly helps me in ensuring that the scans are acted upon every month without fail.
What are your next steps with the tool?
I think we have utilised only 30% of AppCheck’s capabilities.
We plan to get more in-depth with the tool and maximise benefits that we can derive from AppCheck. We will be expanding out of India next year and will be rolling AppCheck into other regions too.
What has been the impact of using AppCheck?
The first few scans threw up 100’s of vulnerabilities. We were at it for a few months and we had to make many security-related changes in our software to ensure that the vulnerabilities are mitigated. We had to make changes in over 1,000 programs to include security related codes. Of course, we should have done it in the first place but thanks to the focus on delivery, these
things were missed out.
Similarly, we had to make several changes in the AWS platform for better security.
Presently, our reports contain only two medium vulnerabilities both related to AWS Load balancer which AWS has certified as not vulnerable. From an environment which had more than 100 vulnerabilities, our solution has become a near zero vulnerable platform.
We have also instituted a regular monthly review of vulnerabilities driven by the AppCheck scheduler.
The greatest comfort is when we hand over the latest VAPT report to our prospect and no further questions are asked of us!
What advice would you give to other companies looking to manage vulnerabilities?
Please start early. Don’t wait until your product is delivered and operational. This is the mistake we made. Set apart a time budget to get in-depth into the product features so that you can take the maximum advantage of the product.
Want to see what AppCheck can find in your websites, applications, network, and cloud infrastructure?
Put us to the test.
Try AppCheck for free
Contact us or call us 0113 887 8380