Case Study by Adrian Tchordjallian - Network, Cloud and Service Manager, Thinxtra

The Background

Thinxtra is an IoT Telco, based in Australia and with operations in New Zealand and Hong Kong.

We build and operate the public 0G Network, dedicated to the Internet of Things (IoT)and provide fit-for-purpose solutions to diverse customers across many industries and applications. Our solutions include a broad range of tracking devices, such as GPS trackers that enable parents to keep tabs on backpacks, cars and boats, through to trackers for kegs, cars and cargo and remote monitoring for water, electricity and building infrastructure.

The Goal

As a fast-growing scale-up, I’ll admit that while security was very important to us, – we did what we could with our internal knowledge and didn’t invest in external expert advice. Given that our Sigfox network technology and infrastructure is inherently secure, we were in a good position. However, as we grow in scale and complexity, and need to continue to meet compliance and risk management requirements, we decided to treat security with the care it deserves and engaged experts in this field.

The Selection Process

The Missing Link came to us via word of mouth – we’d directly heard about the work they do, and so we started a conversation with them. While we spoke to other potential providers, we quickly concluded that they were the best partner for us in terms of their size, knowledge, and approach.

Our Relationship

To build the right working relationship, we started with reconnaissance to see how much access they could gain to our systems and what sort of data they could acquire without giving them any starting points. The reconnaissance report they presented was very promising – they were able to gather a lot of information that we thought they’d find hard to access. From there, we moved on to look at our processes via a Security Control Review. As a result of this, we were presented with a security rating, a list of things we needed to do to improve our maturity level, and software investment recommendations.

The next step involved The Missing Link’s engineers working directly with us to plan and implement Penetration Testing.

The Penetration Testing was informative. Our systems are complex, meaning The Missing Link was not expected to provide specific directions for vulnerability fixes. Instead, we wanted a report of the vulnerabilities they found and a recommended approach to fix them.

Throughout the process, it was very easy to reach out to The Missing Link. Our stakeholders were able to talk directly with the engineers working on the job about all of the details.

The Difference

Working with The Missing Link has given us better visibility and insights. As a Network, Cloud and Service Manager, this means that I now have the information I need to prioritise budget and provide the business with a solid roadmap.

It also helps me educate the entire organisation about potential security threats and get everybody to buy-in and support.
For the business, the work we’ve undertaken gives us more confidence knowing that we have the right tools in place to protect our data assets.

Additionally, it’s changed our processes for the better I’d say that as a result of The Missing Link’s findings, we’ve introduced efficiencies in areas where we didn’t realise there were opportunities to do so.

Engaging The Missing Link to undertake a Security Control Review and Penetration Testing has been the start of a good partnership.

Author

Taylor Cheetham

Campaign Manager