Music Magpie
case study
Music Magpie are an online business with 5 million customers who are buying on trust.
They were engaging with manual penetration testers twice annually but struggled with additional consultancy days being required and being kept in the dark on new vulnerabilities for 6 months at a time.
Worried about the consequences of a security attack, they needed a solution that would help them be more proactive towards potential threats.
Tell us a bit about yourself and your organisation
We are Music Magpie. A lot of people tend to know who we are but as a bit of background we were established around 12 years ago by two friends in their garage buying and selling CD’s. Since then it’s grown into such a huge business with a big turnover and distribution centres in America.
Some of our company milestones include being the biggest sellers by volume on both Amazon and eBay worldwide, a record I don’t think will be beaten, and also being the first seller on eBay to get 5 million positive feedback.
I joined the company as Group CTO as part of this rapid expansion, helping to bring legacy tech up to date and making the tech move in line with the business growth, which was a big challenge. Obviously a big part of that was around security.
What was the business need for AppCheck?
Before AppCheck we were using a manual penetration testing company producing twice yearly reports which only allowed X number of days engagement per year as part of that package. To run through it or ask any questions was additional consultancy days, anything else that we wanted on top there was a charge attached and only doing it every 6 months meant we were in the dark the rest of the year.
We are a digital online business with 5 million customers who are buying on trust. When customers are buying or selling with us they need to trust us. We are not selling brand new products so we have made sure they are up to standard (battery changes etc). Equally that trust spans on to making sure we secure customer data. For us that whole trust piece is a very important part of our business.
If we ever did end up with a security attack it would have massive implications for the organisation so we needed a solution that would help us be more proactive towards these potential threats.
What were your main challenges with security before AppCheck?
Really it was the inflexibility and cost of our previous service, it just didn’t feel like I was getting value for money with what I was paying.
That’s what AppCheck gave us – a really robust product that is constantly updated and the thing that got me was that when I had the demo and got the information sent through the report that was produced looked almost identical to the twice yearly ones we were receiving already.
I feel AppCheck gives us that value for money and flexibility. We are in the place now where we have regular weekly scans and a full test on everything once a fortnight in a rotating cycle. The unlimited nature of the licence means we can be constantly running tests, fixing it and then running that test again to make sure it’s fixed and it’s now within our power to be able to do that.
Why did you choose AppCheck?
We actually weren’t really looking to change at the time, we were just grinning and bearing with what we had. It was completely opportunistic. I get so many calls and emails and LinkedIn messages but when I picked up the phone and it was about a solution that could solve all of my problems I started to listen.
We had a little look around and AppCheck had such great commercials – why wouldn’t we want to move?
As soon as we had the demo, I was sold on AppCheck straight away. It basically provides us with a tool we can use whenever we want rather than the position we were in before of getting visibility twice a year and being charged for anything outside that. It puts the power back with us and arms us with everything we need to stay on top of vulnerabilities.
What is your favourite thing about AppCheck?
It just gives you that ultimate flexibility of being able to run scans whenever you want to run them without incurring additional costs.
Sum up your experience with AppCheck in 1-2 sentences
It’s just a great team, who are really flexible and are genuinely focused around getting the best results for their customers.
Want to scan your critical assets?
What has been the impact of using AppCheck?
I think what it’s done is add more focus around security and testing which was previously a twice-yearly event.
It would be a case of getting a test back, making some fixes and then that was it, wait another 6 months. Whereas now there are tests going on every single week, and that’s not even the lightweight tests. We do the full suite of tests over a 2 week rotating period against all our main systems, the data centres, everything.
So it’s now constantly on the agenda rather than being a twice a year thing that we’d think about. If we are putting a major release in we can get that checked out first before we put it live. If we have any questions we can raise a ticket, get a call booked, and I can get my guys sorted and talking to the experts that you have and that helps us understand what we need to do.
What advice would you give to other companies looking to manage vulnerabilities?
I’d say without a doubt get a demo or a trial. It’s quite funny because if you haven’t done anything with security before I think getting a free trial would be really enlightening to actually see what the lay of the land is and what vulnerabilities you have.
For anyone who is manual testing or having more of a consultancy service, again get a demo. One of the things we found with ours was we picked an area where we knew we had quite a few issues from a recent report with our consultants and we wanted a comparison to see if AppCheck picked up the same, and the exciting thing was it picked up all those vulnerabilities and actually highlighted some extras that were missed by the consultants.
So I would definitely say for someone who’s already with a consultant or security partner is just give the demo a try and see what the results are like.
Want to see what AppCheck can find in your websites, applications, network, and cloud infrastructure?
Put us to the test.
Try AppCheck for free
Contact us or call us 0113 887 8380
