Projects can be managed on time and on budget, allowing Channel 4 to reduce their spend by nearly 80%, according to Channel 4 CISO Brian Brackenborough.
In a complex cyberthreat landscape, organizations are facing a daily battle to identify and secure vast numbers of web assets. This is all too true for Channel 4, which operates All 4, the UK’s biggest free streaming service – plus a network of 12 television channels.
A large organization with thousands of web assets, Channel 4 is responsible for securing the data of 24 million viewers on the All 4 platform, alongside staff details and all of the company’s intellectual property.
In line with regulations such as the General Data Protection Regulation (GDPR), Channel 4 must be able to demonstrate data is safe and secure. Taking this into account, the firm needs to ensure robust security protocols and technology are in place to protect it from the threats it is facing.
Part of this entails testing Channel 4’s defenses, which prior to using Invicti was a complex and costly task, taking up a huge amount of the organization’s security budget. Channel 4 was spending significant sums a year on numerous penetration tests using multiple third-party companies, says the firm’s CISO Brian Brackenborough.
“We would perform a penetration test and get the results; we’d then have to fix the issue and pay for another penetration test,” he explains. “That could be quite a cycle depending on how complicated the particular project was.”
Invicti helps Channel 4 gain control of its potential attack surface
To increase efficiency and cut costs, Channel 4 needed a streamlined way to gain control over its assets so it could secure them. This meant first having visibility into all its applications, including any that were lost, forgotten, or hidden.
Invicti helped Channel 4 do just that, allowing the firm to discover its web assets and determine how critical each one is. “We can now identify whether sites are collecting personally identifiable information (PII) – and if not, we can immediately scan them using the Invicti platform,” Brackenborough explains.
Using Invicti, Channel 4 can now perform continuous, automated vulnerability scans on websites where it doesn’t store PII, or on sites for any new shows released on linear platforms such as Channel 4, E4, or All 4. “For more websites, we now don’t need to go externally for security testing. We can fire up Invicti, run the tests as often as we like, view the scan results, and mitigate to our hearts’ content,” Brackenborough says.
Efficiency gains and cost savings
There are clear efficiency gains, and the cost savings are huge. Partnering with Invicti allowed Channel 4 to reduce its spend by 60% in the first year alone, with further savings into the second year. “The budget we were spending every year on penetration testing decreased by approximately 60% almost immediately and went down even more the following year, to about 20% of our initial spending,” Brackenborough says.
Overall, the Invicti product makes things easier for the lifecycle of any project, according to Brackenborough. Using Invicti, Channel 4 can now start performing automated penetration tests or vulnerability scans against systems at certain milestones of a project to make sure it stays on track.
This allows Channel 4 to catch any issues early on in the process, prioritizing vulnerabilities that put the company at risk and fixing them with less manual effort – without the need to go back to redesign or redevelop. “It makes our lives a lot easier and allows us to ensure we are delivering projects on budget and on time,” Brackenborough says.
For more stories of customers using Invicti to improve application security and reduce testing costs, see our case studies.