Why Oomnitza Relies On Crowdsourced Security Testing To Protect Clients' Data
Web vulnerabilities make it even more important that customer data is safe and secure. White hat security testing can provide that assurance.
As our footprint continues to expand, we need to find a systematic way ensure our security remains state-of-the-art
San Francisco-based enterprise IT asset management company Oomnitza is focused on developing cutting-edge solutions that are mobile-first, customizable and user friendly. With that in mind, the company’s mantra is simple; clean data, standardized technology and ease-of-use for maximum productivity.
Oomnitza’s co-founders Arthur Lozinski (CEO) and Trent Seed (CTO) realized there were problems with standard IT asset management solutions: a lack of support for interfacing with modern devices coupled with the inherently error-prone nature of manual entry.
As former enterprise consultants, Lozinski and Seed wanted to create software that would deliver a much higher level of visual design based on user-centric functionality. The vision, according to Lozinski, is for Oomnitza to function as a single pane of glass across all areas of a business.
An evolving software company with a small internal QA team, Oomnitza wanted to find a way to ensure that customers’ data and assets would remain safe, private and secure.
The IT asset management industry maintains strict security standards from vendors like Oomnitza, which includes yearly security penetration tests. When you consider that new web vulnerabilities are discovered on an almost daily basis, it became clear that Oomnitza needed to find a testing solution that would ensure its product would remain impenetrable.
Applause Security Experts Think Like A Hacker
Oomnitza had two options; bring a full-time security team on board or outsource penetration testing to a third party. The first option was unrealistic, especially as Oomnitza wanted an immediate solution that was both affordable and scalable.
After an extensive search, Seed found out about Applause from a trusted friend, coming to the conclusion that Applause would be an excellent fit for his company’s needs.
The key is to think like a hacker.
Applause’s security experts use white hat penetration methods that uncover issues that cost companies time, money, and reputation. They also provide comprehensive reports for actionable remediation methods.
In addition, the number of white hat testers required could scale up or down depending on a demonstrated need.
“As our footprint continues to expand, we need to find a systematic way ensure our security remains state-of-the-art,” Seed said. “Our developers follow best practices and they know what to look for, but Applause grants us that second layer of expertise and knowledge.”
Oomnitza leverages Applause’s testers both prior to major releases and during penetration phases. The Applause platform integrates smoothly with noted bug-tracking system JIRA and prioritizes all discovered issues. This prioritization enables Oomnitza to receive alerts for any tier-one bugs as soon as they are discovered, which allows the company to instantly get to work on a fix.
“Security issues are not something I like to leave open. As soon as Applause identifies them, we immediately escalate it to the development team,” said Seed. “This allows us to ensure our product is as secure as possible.”
To date, Oomnitza has run several security cycles and each has identified a number of vulnerabilities. After a cycle is run, Applause presents Oomnitza with a personalized and detailed report.
The in-depth analysis provides the company with all the tools necessary to remediate vulnerabilities, a crucial step in ensuring that the brand and customers’ data remains protected.
Apart from the bugs found and confirmation that the Oomnitza product is secure, the best part about Applause for Seed is the personal level of attention the company gets from the Applause team.
“The back and forth has been great,” said Seed. “Our project manager is always quick to respond in a clear and detailed fashion. It truly feels like he is looking out for our best interest.”
Since partnering with Applause, Oomnitza has seen a dramatic improvement in the security of it’s software.
“We pay very close attention to reported security matters. In the two years we have been with Applause, there has been a notable and drastic decrease of these issues,” Seed said.
Most important of all, Oomnitza has passed all security audits with flying colors and its customers are confident that their information is safe and secure. And Applause’s hand-picked security experts have played a major role in that customer confidence.
“Each security expert brings his or her unique background and perspective.” Seed said “To have so many different approaches at uncovering weaknesses through a single vendor is amazing. We need to be prepared for anything and Applause provides an unparalleled way for us to ensure all our bases are covered.”