Because we deal with customer sensitive data all day, every day, our core principle is, and always has been, quality of service. The care and attention given to the security of data is of paramount importance, so that customers can trust us with their data.Jonathan Relf, Solutions Architect, Esendex
Webinar: Overcoming PCI DSS Challenges While Driving Innovation
Industry Report: 2017 Cloud Security Report
Solution Overview: Alert Logic Professional
Webinar: Visibility: The Key to Better Threat Detection
Want to learn about Alert Logic solutions?
Sending the Right Message Safely
Founded in 2001 and headquartered in Nottingham, UK, Esendex is a global business communication services provider who provides a broad portfolio of high-value, reliable SMS, voice, web, and multichannel solutions that are delivered over rich APIs and web applications. Its products and services allow businesses to effectively engage and interact with customers, staff, or suppliers.
With direct network connections and a large team of in-house developers to continually develop its messaging technology, Esendex provides a market leading communications solution to over 13,000 customers globally including well-known brands, such as Ocado, npower, ClanWilliam Group, and Capgemini.
Esendex covers a wide variety of verticals ranging from retailers and the public sector through to the finance industry, and the utilities sector, who rely on Esendex for secure and reliable business communication solutions – from appointment bookings & reminders, through to call centres to business continuity solutions. Due to the provision of 24x7 services, the company has a need to be always on which means any downtime from a cyber threat would have a negative impact on the businesses it serves.
The company continues to organically develop its portfolio, as well as acquire new technologies, helping them grow and extend their business use cases for customers. For example, Collstream, a mobile payment operator, moved Esendex into the mobile payment technology sector, more specifically debt collection.
The growing Esendex portfolio is managed in a combination of on-premise private and public cloud environments. With the constantly improving Payment Card Industry (PCI) regulations, a change in security tactics was necessary, and Jonathan highlighted the importance of being transparent with customers and legislators in regards to data residency. This led to needing to choose between investing internally to train existing staff, or to go with a leading expert in the field and gain access to a far deeper breadth of knowledge.
Jonathan Relf, Solutions Architect at Esendex, explained the challenges:
- A systematic acquisition of Europe-wide businesses and their portfolio crossing over to the payment card industry, meant that Esendex needed to adhere to the PCI legislation. The PCI DSS security standard has a long list of requirements that need a continuous maintenance and high level of security.
- Esendex didn’t have the deep experience required to understand and prioritise existing cyber threats, and it was particularly hard for an in-house team to stay current with the evolving threat landscape.
The organisation wanted to improve its ability to detect suspicious activity and not currently known threats. To Esendex, the task of combining the cybersecurity tools and internal resources with the required maturity and expertise to fully understand the ever-evolving cyber threat landscape seemed an opportunity to benefit from investing in external expertise . The cost, time, and effort required to fully secure the on-premise private cloud environment had also begun taking additional resources from its primary goal of providing business messaging services for customers and the need for external security expertise has led them to Alert Logic.
It was a timely decision for us, deliberately taken because we want to be ahead of the game when it comes to GDPR. My team and I can rest easy knowing that alert logic is monitoring our systems 24x7.Jonathan Relf, Solutions Architect, Esendex
Why Alert Logic?
Part of the Esendex portfolio crosses into the payment card industry which is heavily regulated. Therefore, it was essential to invest in strong security and ensure customer data is fully protected in an increasingly hostile threat environment. Esendex needed one cybersecurity platform that could help them protect and comply across their PCI infrastructure. Alert Logic Professional provided Esendex with 24/7 continuous network security monitoring of their PCI environment, log review, real-time network threat detection, as well as an expert incident analysis and live notifications of critical attacks by security analysts in Alert Logic global Security Operation Centres.
With GDPR Compliance all businesses are required to inform the ICO if and when it suffers a breach. Esendex wanted to improve its awareness of a potential breach by adding an improved security service in place. When looking at cybersecurity companies, it became clear to Esendex that Alert Logic had strong links with the PCI Council and understood the industry sector through already providing services to their customers in the same industry. It was that which made Alert Logic stand out from its competitors.
"It was a timely decision for us, deliberately taken because we want to be ahead of the game when it comes to GDPR. My team and I can rest easy knowing that Alert Logic is monitoring our systems 24/7."
During the selection process, when Esendex started to dig deeper into what each vendor was offering it became clear that some providers only provide a security appliance that would sit and generate logs. Whilst this might have given some correlation, and could give an indication of what to investigate, internal security triage would still be required. The managed service aspect of Alert Logic’s solution, on top of a very capable platform underneath, was the absolute differentiator.
Security requires daily vigilance. Alert Logic provides Esendex with 24-hour protection and a deep set of cybersecurity knowledge that would have taken Jonathan and the Site Reliability Team a significant amount of time and investment to obtain themselves. The breakdown of potential threats, escalations or anomalies into easily digestible reports, and high-quality incident response web-tools, assures Esendex and its various associated stakeholders that it is taking the security of its own and customer data seriously and that they are fully protected.
"Because we deal with customer sensitive data all day, every day, our core principle is, and always has been, quality of service. The care and attention given to the security of data is of paramount importance, so that customers can trust us with their data."
The professionalism of the onboarding process, coupled with the quality of reporting and web tools, allowed Esendex to get quick access to incidents that were discovered and escalated by Alert Logic security analysts. The Alert Logic system quickly demonstrated its ability by highlighting operations that were being undertaken by Esendex engineers as part of the ongoing maintenance of the PCI environment.
The partnership with Alert Logic provides Esendex with the knowhow and tools to free up its internal resources to focus on the company’s core business. Esendex can continue to offer the most reliable and secure business SMS solutions available while Alert Logic takes care of monitoring its PCI DSS Compliance systems, making sure that customers can be confident that their data is safe. In addition, it would have cost Esendex significantly more than the cost of the Alert Logic solution to hire and maintain this type of expertise in house.
"In the ever-changing landscape of breaches and regulatory fines, investing in a service that can provide the necessary visibility and expertise to know whether a possible security incident is going on, as well as then being able to remediate it, is money well spent as you significantly reduce the likelihood of being a victim."
"When WannaCry hit and was holding computers to ransom, we were in a position where we could say that Alert Logic had identified this threat two months prior and had advised its customers to patch and protect against it. This kind of intel is just another great value-add for our current and future customers."
With Alert Logic, Esendex now has the tangible benefit of being better protected, saving staff time, and its PCI environment requirements are effectively answered by the Alert Logic solution. A cyber breach is as much a security issue as a business one. Esendex is protected by a partner that is keeping an eye on their environment and ensures that they identify high-risk areas to address – before the attackers get there first. As a result, Esendex can get on with what it’s good at – being Europe’s number one business messaging company.