Jedox

Establish and Maintain Customer Trust Through Transparency

Bitsight helps Jedox demonstrate its security maturity to customers and focus its security activities and investments where they can have the greatest impact on risk.

Jedox-logo-transparent

Jedox is the leading planning and performance management software company that serves over 2,800 organizations across 140 countries. They are a Leader in the Gartner Magic Quadrant for Financial Planning Software. Since these customers entrust some of their most sensitive and strategic data to Jedox and its software-as-a-service (SaaS) platform, ensuring and demonstrating the security of their application infrastructure is paramount. Meanwhile, rapid growth and geographic expansion make prioritizing security efforts a top priority.

Background

Jedox’s customers often model some of their most sensitive information within the company’s SaaS platform. As a result, many seek assurance that Jedox has sound security practices in place. After originally learning about Bitsight from a customer, Jedox saw it as a powerful way to both hold themselves to a high standard and provide a level of transparency about its security posture to customers. “Trust is something that you need to nurture, and transparency is one of the best ways to do that”, said Vladislav Maličević, Chief Technology Officer at Jedox. “We have a dedicated, external-facing, trust webpage, and we include our Bitsight Badge there for all to see.”

Vladislav Maličević
Chief Technology Officer

Displaying our Bitsight Rating prominently on our trust page helps us gain customer trust through transparency.”

Using transparency to build customer trust

Jedox’s customers often model some of their most sensitive information within the company’s SaaS platform. As a result, many seek assurance that Jedox has sound security practices in place. After originally learning about Bitsight from a customer, Jedox saw it as a powerful way to both hold themselves to a high standard and provide a level of transparency about its security posture to customers. “Trust is something that you need to nurture, and transparency is one of the best ways to do that”, said Vladislav Maličević, Chief Technology Officer at Jedox. “We have a dedicated, external-facing, trust webpage, and we include our Bitsight Badge there for all to see.”

Keeping a high-profile SaaS application secure

Jedox also uses Bitsight extensively as part of its ongoing efforts to secure its SaaS platform. The company uses a variety of proactive activities to continually improve product security, but Bitsight is invaluable in focusing these initiatives on the areas where they can have the greatest impact on risk. “We do things like pen testing and bug bounty programs, but even with structured programs like this, the decisions about what to test – and in what order – can’t just be left to the tester or ethical hacker,” Maličević said. “Bitsight helps us focus on cluster areas of problems and use scoring to find the most critical ones.”

Prioritizing company-wide security efforts

Bitsight’s usage and impact at Jedox also extends beyond the company’s SaaS platform to all areas of its external attack surface. Leaders and team contributors from across the company’s engineering, IT, and cloud operations teams all use Bitsight to proactively find and eliminate security weaknesses in their areas of focus. “It provides structure and guidance,” Maličević said. “You’re able to zoom in on problem areas, tag issues, and share them with the areas of the organization who are responsible for fixing them.”

Vladislav Maličević
Chief Technology Officer

It's a never-ending cat and mouse game with bad actors, and Bitsight helps us make sure we’re always finding the holes and getting better.”

Bringing actionable risk insights to the boardroom

In addition to Bitsight’s role in guiding day-to-day risk mitigation, Jedox now uses the Bitsight Rating to keep its board of directors informed about the company’s risk posture. “It’s part of the key KPIs I include in my quarterly board deck,” Maličević said. “It’s awesome for board situations when it doesn’t make sense to get too deep into the details, but we can also use it to zoom in if we ever need to hold a special meeting on a thematic topic.”

Reducing costs by decommissioning legacy IT assets

Another benefit that Jedox gains from Bitsight is continually cutting down the amount of unnecessary IT sprawl across its environment. In addition to reducing the size of their attack surface, this often leads to meaningful IT expense reductions. “Oftentimes, Bitsight will discover unused IPs and other resources that were never totally decommissioned in the past,” Maličević said. “Eliminating these unnecessary resources is good for security, but it can also lead to real cost savings.”