325 Front St W
Toronto, ON M5V 2Y1, Canada
© 2023 Feroot Security
The Quickbase security team prides itself in staying ahead of cyber threats and government regulations that might impact their customers. When the European Union started to discuss the General Data Privacy Regulations (GDPR), Michael Lemire, Quickbase Chief Security & Compliance Officer, realized that he and his team had a gap in their security program.
“We needed to wrap our arms around client-side security, both in our own code and the 3rd party scripts we load into our users’ browsers when they visit our web properties. We also needed to ensure we were maintaining compliance with increasingly stringent privacy regulations.”
Michael Lemire, Chief Security & Compliance Officer
He jumped to action to learn as much about client-side security as he could, and what he and his team could do to stay ahead of cyberthreats harmful to their customers and business. With third-party scripts leading to security breaches such as e-skimming, formjacking, and Magecart-like attacks increasingly in the news, Michael and his team decided that they needed to include client-side security as part of their security program.
The team needed clearer visibility across their company’s marketing website and web services. Michael and his team began searching for a solution that could discover all of Quickbase’s web assets and inventory scripts in use and provide the team with insights to quickly take corrective action if there was a security vulnerability or unauthorized script change.
Quickbase is a computer software company that provides a no-code operational agility platform to its customers. The platform enables organizations to improve their operations through real-time insights and automation across complex processes and disparate systems. Their goal is to help companies be more responsive to their customers by providing real-time visibility into workflows and operations.
Michael and his team outlined what a client-side security program might entail and what they needed to accomplish for it to be effective:
Mike and Zach R., a Quickbase Security Engineer, evaluated the steps they would need to take to inventory and continuously scan their client-side assets. It quickly became apparent that they needed a technology that would automate the tedious and continuous efforts needed to stay abreast of third- or fourth-party code changes. Michael and Zach acquired Feroot Inspector because of the product’s ability to:
Zach took on the challenge to build Quickbase’s client-side security program using Feroot Inspector as the platform for it. In close collaboration with Greg B., Manager of Software Engineering, Zach successfully executed the program to protect Quickbase’s most valuable assets—it’s customers. Zach and Greg followed a two-phase, client-side, security program implementation plan
Phase 1: Deploy Inspector to Inventory and Clean Up Quickbase’s Digital Ecosystem:
Phase 2: Establish Governance and Accountability:
As a result of Zach and Greg’s fantastic teamwork, Quickbase now has a solid client-side security program in place. By continuously scanning their digital ecosystem, the Quickbase team has been able to:
“The beauty of Feroot Inspector is that it covers a clear and present attack vector. Over 5% of attacks come via supply chain and third-party scripts, and most security teams are blind to these with their current security tools. This particular attack vector is becoming more and more prominent. We’re seeing more real-world client-side attacks coming. So, from a security perspective, it’s in the news and it’s real. From the privacy perspective, everyone is aware how important it is to align with privacy best practices and regulations.
“We’re on a mission to be the trusted low-code vendor in the industry. Our number one priority is to establish trust with our customers and ensure the security of our entire digital ecosystem. Feroot Security Inspector has provided us with an automated technology to uncover our client-side attack surface and protect it in real-time.”
Request a demo today and we’ll show you how to implement client-side security practices.