CS1907

industry leaders
FULLY IN THE FLOW
DOCUMENT LOGISTIX USES DAST TO ENSURE
SECURITY OF SENSITIVE CUSTOMER DATA
Tim Cowell, Document Logistix:
customers understand we are serious
about protecting their data.
Document Logistix provides awardwinning
workflow software that
manages the lifecycle of
information from capture, through rulesbased
workflow, retention automation
and, finally, destruction.
Historically, software security was not a
topic that was often raised by potential
purchasers. However, today enterprises
and compliance-conscious buyers are
asking for detailed testing information in
their RFTs.
Tim Cowell, Document Logistix CTO, says:
"We invested in dynamic testing to give us
added credibility with customers by raising
the question of security first. It becomes
a non-issue, because they understand
we're serious about our duty to protect
their data."
Document Logistix document
management software powers the
operations of some of the world's most
demanding, high-volume businesses,
including major logistics companies like
DHL, CEVA and Fedex/TNT. Customers
entrust Document Logistix with handling
their sensitive information, so security is
a high priority.
Document Logistix looked for a higher
level of confidence in its application
security testing, and appointed WhiteHat
Security to secure its DevOps environment
and automate its processes. Document
Logistix uses WhiteHat for static
application security testing (SAST) and
dynamic application security testing
(DAST). Cowell explains: "Our application is
basically a portal for sharing documents.
It's not a banking application - we don't
store credit card information - but
document management can be equally, if
not more, vulnerable to people trying to
gain access to things they shouldn't see."
Document Manager is highly
customisable for a large range of business
processes. This could be for something
as simple as proof of delivery or for more
sensitive information, like HR records,
where there is potential for people to see
records they should not be viewing. The
issue has been heightened since the EU's
General Data Protection Regulation (GDPR)
came into effect.
While protecting customers' data has
always been a priority for Document
Logistix, through encryption, permissions
and redaction, it has now implemented
a true solution for testing its application's
security. In the past, some clients
performed their own penetration testing
and submitted any issues to Document
Logistix. The company also did manual
code checks for security vulnerabilities,
which was intensive and costly.
"The biggest problem was the huge
unknown. Our customers are high profile
and high risk. We needed a solution that
gave us a better process," says Cowell.
"With DAST, we have confidence in saying
to our customers: 'This is what was done
to make your information more secure,'
and they know that, every time there's a
new application build, it gets a new test.
We do three to four releases a year and
testing is very expensive, so performing
testing on each release isn't practicable.
This is a cost-effective solution, because
the testing process is ongoing."
ABOUT DOCUMENT LOGISTIX
Document Logistix won the prestigious Document Manager publication's award for the 2018 Product of the Year: Workflow and
BPM. Since 1996, Document Logistix has supplied its uniquely flexible and scalable Document Manager software to diverse SMEs
and blue-chip clients around the globe. The company's UK and EMEA operations are headquartered in Milton Keynes, UK, which
is also the central point of product development, technical support and training. The US branch of the company is headquartered
in Austin, Texas, and has major contracts with the Texas Department of Public Safety, the Virginia State Police, attorneys and
various agencies in other states.
Tel: 01908 366 388 www.document-logistix.com
08
computing security July/August 2019 @CSMagAndAwards www.computingsecurity.co.uk