Scaling security through trust and automation: why Front chose Sqreen
- Prior to having a security team, Front needed something to improve their security standing that was usable by and useful to engineers
- Their users all share the same infrastructure on Front’s side, which means that they need top-of-the-line understanding of suspicious user activity to rapidly prevent bad actors.
- After they brought on their first security engineer, they needed to ensure that security was reliably automated so he could build up their compliance area as well
- Sqreen provides Front with alerting and monitoring capabilities across all their production applications, giving them the ability to stay on top of suspicious users and malicious activity in real time.
- Sqreen helps Front meet the compliance needs of their larger customers
- Ability for a few people to monitor and handle the security of applications that serve over 5,000 customers
- Freed up a super lean security team to focus on compliance and infrastructure in addition to security
- Peace of mind for Front’s customers, as they have confidence that the security of their data and accounts is taken seriously
- Closer working relationship between engineering and security teams, thanks to having a tool that brings value to both teams
Founded in 2013, Front is a SaaS company that offers efficient email for teams. As they’ve scaled up to over 100 employees and become a global company with over 5,000 customers, such as Stripe and Hubspot, they recognized a need to uplevel their security to ensure their customers’ protection.
Front is built on Node.js, with a React frontend. Their customers do a lot of work within the Front app, which all runs over Front’s cloud infrastructure. As they continue to bring on new users, they need to ensure that each customer’s environment remains fully isolated and inaccessible from other customers and outside parties. Today, a lean security team of only a few people is able to handle the security needs of Front, while also handling compliance, and still having time to help out the engineering team on infrastructure work.
So how did they get there?
Scaling security from the beginning
Early on, Laurent, the co-founder and CTO of Front, foresaw the importance of security. Before they had a security team, they wanted to find a solution that could bring them from 0 to 1 on security matters. Since there wasn’t a dedicated security person, the solution needed to be easy to deploy and use, and needed to be something that could provide value for the engineering team.
With an eye to the future, Front set out to find a solution that shared their values and that could scale with them as they grew: something transparent, actionable, and not over-engineered. That’s when they found Sqreen.
“Sqreen supports the most important side of our business: the application. I know that if something goes wrong there, I will be alerted, and have visibility into the issue right away. The peace of mind that brings cannot be overstated.” -- Matthieu Bouthors, Senior Security Engineer, Front
Security from 0 to 1…and beyond
Sqreen fit Front’s cultural ethos of being clear and not excessively complex. The product was very simple to set up. It only took two lines of code to deploy Sqreen’s Node.js agent on their production apps. This was perfect for Front when they were just starting their security journey out. With Sqreen in place, they were able to rapidly get alerting on suspicious users and malicious activities. The engineering team was able to have dashboards and alerting for getting visibility into the security state of production apps.
As Front grew and brought their first security team on board, Sqreen delivered value in a new way. The team expanded Sqreen’s presence across Front, set up blocking mode for certain vectors, and began the process of automating certain security efforts. Additionally, since Sqreen is a tool that engineers could get value out of as well, it was able to help keep the security team and engineering team working in tandem.
Today, the team has peace of mind, and is looking to increase the automation that Sqreen can bring on the security side. When people within Front’s ecosystem start acting suspiciously, it’s only a matter of minutes before Front is aware of it. This makes the team confident that they are on top of the security status of Front’s applications, and ready to find ways to unlock more value.
“We get attacks from all over the world. Early on in my experience with Sqreen, we got a massive widespread effort to attack our application. Sqreen notified me right away. That made me confident that I would always be aware if something goes wrong.” -- Matthieu Bouthors, Senior Security Engineer, Front
When thinking about scaling security, automation becomes more and more important. This is something that the team gets a lot of value out of in Sqreen. Sqreen automates many aspects of security and doesn’t require a lot of time to set up or use. This is very important for them, because they have 1000’s of customers all over the world. With a lean security team, they can’t manage the requirements of best-of-class security without automation. At the scale they’re operating, if they’re not automating things, it’s just not feasible to handle the issues.
“I really value my relationship with the Sqreen team. They’re on top of the latest security issues for the languages they support and are very fast to respond to my questions. For example, whenever I find out about a brand new Node.js vulnerability and reach out the Sqreen team, not only do they already know about it; they’ve usually already updated Sqreen to address it!” -- Matthieu Bouthors, Senior Security Engineer, Front
As Front continues to grow, they know that Sqreen will continue to scale with their security needs in a way that perfectly aligns with their values: transparent, not over-engineered, and built with value in mind.
Start protecting your applications today
Get continuous security monitoring and protection for your apps and scale your security.Get Started For Free