CS1907
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
industry leaders<br />
FULLY IN THE FLOW<br />
DOCUMENT LOGISTIX USES DAST TO ENSURE<br />
SECURITY OF SENSITIVE CUSTOMER DATA<br />
Tim Cowell, Document Logistix:<br />
customers understand we are serious<br />
about protecting their data.<br />
Document Logistix provides awardwinning<br />
workflow software that<br />
manages the lifecycle of<br />
information from capture, through rulesbased<br />
workflow, retention automation<br />
and, finally, destruction.<br />
Historically, software security was not a<br />
topic that was often raised by potential<br />
purchasers. However, today enterprises<br />
and compliance-conscious buyers are<br />
asking for detailed testing information in<br />
their RFTs.<br />
Tim Cowell, Document Logistix CTO, says:<br />
"We invested in dynamic testing to give us<br />
added credibility with customers by raising<br />
the question of security first. It becomes<br />
a non-issue, because they understand<br />
we're serious about our duty to protect<br />
their data."<br />
Document Logistix document<br />
management software powers the<br />
operations of some of the world's most<br />
demanding, high-volume businesses,<br />
including major logistics companies like<br />
DHL, CEVA and Fedex/TNT. Customers<br />
entrust Document Logistix with handling<br />
their sensitive information, so security is<br />
a high priority.<br />
Document Logistix looked for a higher<br />
level of confidence in its application<br />
security testing, and appointed WhiteHat<br />
Security to secure its DevOps environment<br />
and automate its processes. Document<br />
Logistix uses WhiteHat for static<br />
application security testing (SAST) and<br />
dynamic application security testing<br />
(DAST). Cowell explains: "Our application is<br />
basically a portal for sharing documents.<br />
It's not a banking application - we don't<br />
store credit card information - but<br />
document management can be equally, if<br />
not more, vulnerable to people trying to<br />
gain access to things they shouldn't see."<br />
Document Manager is highly<br />
customisable for a large range of business<br />
processes. This could be for something<br />
as simple as proof of delivery or for more<br />
sensitive information, like HR records,<br />
where there is potential for people to see<br />
records they should not be viewing. The<br />
issue has been heightened since the EU's<br />
General Data Protection Regulation (GDPR)<br />
came into effect.<br />
While protecting customers' data has<br />
always been a priority for Document<br />
Logistix, through encryption, permissions<br />
and redaction, it has now implemented<br />
a true solution for testing its application's<br />
security. In the past, some clients<br />
performed their own penetration testing<br />
and submitted any issues to Document<br />
Logistix. The company also did manual<br />
code checks for security vulnerabilities,<br />
which was intensive and costly.<br />
"The biggest problem was the huge<br />
unknown. Our customers are high profile<br />
and high risk. We needed a solution that<br />
gave us a better process," says Cowell.<br />
"With DAST, we have confidence in saying<br />
to our customers: 'This is what was done<br />
to make your information more secure,'<br />
and they know that, every time there's a<br />
new application build, it gets a new test.<br />
We do three to four releases a year and<br />
testing is very expensive, so performing<br />
testing on each release isn't practicable.<br />
This is a cost-effective solution, because<br />
the testing process is ongoing."<br />
ABOUT DOCUMENT LOGISTIX<br />
Document Logistix won the prestigious Document Manager publication's award for the 2018 Product of the Year: Workflow and<br />
BPM. Since 1996, Document Logistix has supplied its uniquely flexible and scalable Document Manager software to diverse SMEs<br />
and blue-chip clients around the globe. The company's UK and EMEA operations are headquartered in Milton Keynes, UK, which<br />
is also the central point of product development, technical support and training. The US branch of the company is headquartered<br />
in Austin, Texas, and has major contracts with the Texas Department of Public Safety, the Virginia State Police, attorneys and<br />
various agencies in other states.<br />
Tel: 01908 366 388 www.document-logistix.com<br />
08<br />
computing security July/August 2019 @CSMagAndAwards www.computingsecurity.co.uk