Industry: IT and Telecom
Company: RPM Software
Location: Alberta, Canada
Company Size: 11-50 Employees
Product: Invicti Enterprise
“Invicti is not just another vendor we buy software from; they’re like business partners. We trust their products to secure our cloud platforms, otherwise our business reputation could be at risk. And Invicti has earned that trust,”
Jade Ohlhauser
CTO at RPM Software
About RPM Software
RPM Software develops cloud-based process management software for enterprises in industries such as telecommunications, construction, oil and gas services, and government. The company has been in business since 2001 and is based in Calgary, Canada.
Web Security Challenges Faced by RPM Software
Cloud Software Security
As a cloud software developer and provider, RPM Software is responsible for their customers’ sensitive data, so they can’t afford to take web application security lightly, as Jade Ohlhauser, CTO at RPM Software, explains:
“Our entire business is our platform, which depends on our reputation for secure data storage. If we lose our customers’ trust, our entire ability to operate is at risk.”
Shouldn’t every business take web application security seriously? Of course, although, the challenge for cloud software developers and providers is far greater than it seems. Cloud software, or software as a service (SaaS), is a collection of complex web applications that are available to customers 24/7. Therefore, the task isn’t as simple as scanning a single website. They needed a solution that can easily scale, identify all possible attack surfaces, and automate processes as much as possible.
Maintaining Development Pace and Reducing Costs
Initially, the RPM Software team conducted manual web security audits and hired third-party specialists. However, as the business grew, new features were added, and solutions became more complex, the situation easily spiraled out of control.
“We couldn’t continue to rely solely on manual penetration testing due to new features and frequent product updates. Therefore, we required an automated solution that wouldn’t hinder product development while allowing us to properly test new features and enhancements, ensuring they wouldn’t have any undesirable security implications. We also needed to start conducting security audits ourselves. We could no longer rely on third-party assistance, as it was expensive, and they had other clients, so their availability was not always optimal,”
Jade Ohlhauser
CTO at RPM Software
Solution: Scalable Cloud-Based Web Vulnerability Scanner
After evaluating several solutions, RPM Software settled on Invicti. Initially, they used Invicti Standard, but later switched to Invicti Enterprise because, as RPM Software’s CTO explains, “a cloud account can be used from any machine and eliminates the need to manage local software.”
However, it wasn’t just the ease of use that attracted the RPM Software team to Invicti Enterprise.
“Invicti’s severity calculation and detailed vulnerability information make remediation more effective. For example, Invicti finds various issues in our software that are rated as the lowest threat level. We do not respond to most of them, but it’s good to know they’re being tested, and it alerts us to things we might not have known about. When a more serious vulnerability is found, detailed testing results and links to additional information make resolving issues easier.”
Invicti Enterprise Saves the Day
The RPM Software team follows the best development and operational practices, so they have never encountered a critical issue. However, Invicti did once discover a cross-site scripting vulnerability on one of the pages in a testing environment.
RPM Software is a good example, because they always conduct checks in both test and production environments. If such a vulnerability were to be introduced into a live service, the consequences could be different. Prevention is better than cure, and that ss exactly what RPM Software does: scans its web applications for vulnerabilities and secures them before moving them to production, rather than waiting for a successful hacker attack.
The Future is with Invicti Enterprise
RPM Software has trusted Invicti’s accurate scanning technology since 2010, and they have no intention of changing their minds because the vendor has earned their trust.
