Case study by Steve Kouvalis - Information Security and Privacy Manager, Archibus-Serraview
Archibus-Serraview is a global provider of an integrated workplace management system (IWMS) platform, and Serraview, a cloud-based provider of space optimisation and workforce enablement software, recently announced that they have merged to create a leading provider of solutions for managing the modern built environment. This powerful business combination unites the ARCHIBUS comprehensive suite of real estate, infrastructure, and facilities management solutions with Serraview’s cloud-first, employee-centric space management software to help organisations optimise the “Workplace of the Future.” The combined company offers thousands of customers around the world an integrated IoT powered, user-friendly platform to effectively manage their real estate facilities, infrastructure, and workplace assets, and enable employees.
It’s critical to our business success and that of our clients, that we minimise the risks of a data breach, or of a hacker bringing down our application so that clients can’t use it. Our clients have a very high expectation regarding Archibus-Serraview’s security and due to this, Archibus-Serraview managements are absolutely on board when it comes to investing in maintaining the most advanced IT security controls.
Archibus-Serraview recently developed a new application that we were planning to roll out to clients. However, before we go live, we needed to make sure there were no weaknesses in our software and we needed to undertake a penetration test, using industry best practices methods, to ensure that the application was vulnerability free.
While we had used other third-party suppliers to do penetration testing in the past, I decided I wanted the benefit of a fresh set of eyes to look at our new application. I wanted a company that was prepared to really understand our business and our model.
The Missing Link contacted me requesting a meeting, and I knew they were an Australian company with some high-level clients and good senior management experience. I decided to move forward, so I met with Thomas, and I liked his approach. He wasn’t pushy; he was keen to listen to our needs and what our business does, and he was enthusiastic about the project. Their price was competitive with project costs clearly broken down - and made the decision to proceed with The Missing Link.
The Missing Link was responsive to our needs from day one, and they were happy to work with our colleagues in the US, where the team who developed this particular application is located, despite this requiring extra hours and late nights due to the difference in time zones.
Although I’m experienced in information security, I’m not a penetration tester or a hacker, so I don’t necessarily speak The Missing Link’s language, but I found they were excellent at explaining things in layman’s terms. The report we received post-testing was well prepared and suitable for both my development team and me. The Missing Link presented a summary I could use for my management reports, followed by a detailed report on technical vulnerabilities for our respective teams to use. It wasn’t an overload of information, but rather a concise report from each finding, with links to more detail if required.
The Missing Link’s penetration test provided us with the reassurance to know we could release our application into production.
We’ll be using The Missing Link again when the time comes– they offer the expertise I am looking for and we’ve developed a good comfortable relationship – I can pick up the phone to them anytime, have a quick personal chat and then move on to business. Yes, price is important, but in the end it’s all about having the required expertise on board and a great working relationship.