Case Studies
Teams need Precise, Actionable Vulnerabilities Guidance
The promises around AI are only getting bigger. But even as the hype cycle spins, AI is bringing meaningful transformation to how businesses are built and run. Being able to ingest large amounts of data, and automate decisions from and around it, is helping teams reduce expensive complexity across the enterprise.
One ideal target is procurement—nearly everything about it is complex and slow. This is why category leaders like Dropbox, British Telecom, and Adidas trust Globality’s autonomous Glo platform. It leverages AI to help companies synthesize requirements, identify ideal suppliers, and more efficiently manage the entire process.
How do you create confidence in the unknown?
When it comes to AI, security matters more than ever: businesses need to be able to trust any tool with access to this much information. When longtime security pro Vance Lindholm joined Globality, he was looking for something big: I wanted to be involved in building something from the start.
The rapid growth of the company and platform gave the seasoned security expert everything he was after. He joined Globality to bolster their security program, tasked with protecting internal infrastructure and the codebase used to build and deliver products to customers.
Part of this was building and growing a security team and improving their security posture over time. For Vance Lindholm, this meant moving from narrowly scoped “point in time” penetration testing to a continuous testing program, moving from being reactive to proactive and strategic.
“One reason we did point-in-time testing was because customers asked for it. But it’s not particularly useful as a strategy. I wanted to go to a continuous model, testing as we release to make sure we’re always there. I knew that the best way to show companies we’re secure.” - Vance Lindholm, Sr. Mgr InfoSec & IT at Globality
Click to tweet
Lindholm knew he and his small team needed help, so they began to evaluate traditional bug bounty providers.
Finding dollars while building consensus
As the Globality team evaluated their options, Lindholm worried about finding the resources required to make bug bounty programs work. Like many small companies trying to grow, leadership was hyper-focused on budgets and ROI. That left Lindholm with a familiar task of justifying spend. “At the end of the day, security isn't a team that makes you money-- it's a risk mitigation team, right? We’re here to keep us from losing money.”
Even with leadership buy-in, finding a provider with reasonable economics was hard. Most traditional bug bounty programs were highly priced, especially for the level of service Lindholm and team expected to receive. “Looking at samples, the reports they deliver aren’t even actionable, because they’re just aggregating a bunch of garbage reports.”
He knew the absolute last thing he and his team needed was a flood of low-quality alerts that distracted them from building the platform. ‘I just don’t have time for that,’ he remarked. Globality needed more than just raw data from researchers, they needed a path towards mitigation.
Fast frustration with traditional researchers
Having the cybersecurity initiative in-house was great, but it brought its own challenges. Even when they received reports, obtaining further assistance was difficult. ‘Often, the reporters were unresponsive or became aggressive, saying things like, "Hey, I found something, I need my money now,"’ he remarked. This added even more stress to the team.
If the goal was to reduce Globality team workloads, it wasn’t working, in many cases it actually created additional complexity. Managing a whole program has many moving parts and Lindholm’s time was wearing thin.
Lindholm and the team knew they needed a solution that helped them move with greater confidence and speed. In an industry like AI, moving faster was everything.
Getting the balance right: Globality chooses Inspectiv
Lindholm knew Globality needed a solution that reduced cost and stress while improving readiness. That’s when he found Inspectiv, and immediately realized they could finally get “continuous testing at a price we could afford.” This was the upfront reason to learn more, but Lindholm quickly realized how much deeper the value went.
After learning more about how Inspectiv worked, Globality realized they’d be getting better vulnerabilities intel—and help with actual mitigation. Inspectiv would give them what they needed more than anything else: faster time to market. It wasn’t just a security benefit but helped drive the business. “The most valuable thing we get is speed. At the end of the day, engineers are incredibly busy, and product always wants a new feature out the door.”
More than a platform; the Inspectiv partnership
While budget may have been why Globality initially chose Inspectiv, a sense of trust is what made the decision permanent. Lindholm knew he had found a partner that could a true force multiplier, investing the time, personalization, and attention required to understand Globality as a business and a technology platform. This collaboration is a critical part of the Inspectiv difference.
As Globality and Inspectiv continue their collaboration, the advantages of this in-depth partnership are increasingly evident. Inspectiv's familiarity with Globality's platform enables close cooperation between the two teams as the platform evolves. 'Since you are integrated into the platform and understand its functionality, we can easily ask you to test new features as they are released,' he explained. The responses Globality receives are both prompt and illuminating.
Instead of fixes taking months of back and forth communication, tight collaboration helped to resolve them much faster. “It’s no longer taking months, and the number of issues that are reported that are actual vulnerabilities is almost total—it’s rare to get an error.”
Measuring and demonstrating value
The other enormous benefit to the Inspectiv partnership was the ability to see and measure progress made towards continuous security. That had been a huge obstacle to getting buy-in from leadership. The Inspectiv partnership gave the team clear, objective metrics that everybody could understand—severe vulnerabilities detected, time to resolution, etc.
This transparency was critical for a few reasons. Leaders could see that the vulnerabilities found by Inspectiv were accurate and highly actionable, ensuring maximum ROI on budget dollars. Dev and security teams could also see how quickly vulnerabilities were being fixed, which in turn gave confidence to the most important stakeholders of all: “Our customers see that.”
Lindholm is certain that clarity and visibility has kept technology, business, and security leaders moving in the same direction. “Being able to show them actionable KPIs is critical to help them understand what we are doing, why we need this, and how this helps us achieve our business objectives.”
This alignment is critical to Globality keeping up with new technology—and ahead of their competition.
Globality + Inspectiv: a partnership of expanding trust, technology, and success
As more and more businesses look to secure an advantage via AI, platforms like Globality will continue to grow. And as Globality evolves continuously to deliver greater speed and clarity to its customers, Inspectiv will do the same for Globality’s software security, giving them a platform and a partner they can trust moving forward.
Lindholm knows Inspectiv is committed to keeping pace with their growth, adding new expertise and efficiencies as required.
“As a company grows, the security team grows. But it’s never going to be big enough to do everything on its own. That’s why partners like Inspectiv are so important, and we’ll continue to partner because you’re so good at what you do.”
Share this post
Case Studies
