When Canyon needed a thorough third-party assessment to fulfill their Google Partner security requirements, they turned to Bishop Fox to meet an aggressive deadline without sacrificing quality.
As a new business looking to reinvent the way people interact on legal matters, Canyon understands that security — including attorney-client privilege — is a top priority for their users. Their plug-and-play contract management software connects with existing tools and workflows, including Google Drive and Gmail, and centralizes legal data in a single location to enable multiple teams to seamlessly collaborate on business-critical projects. Given the sensitivity of the data they manage and the collaborative nature of their LegalOps platform, they needed to ensure that their systems provide enterprise-class security.
With these goals in mind, Canyon wanted more than a check-box assessment when it came to validating their security posture and fulfilling the security requirements for Google’s partner program. However, with Google’s deadline fast approaching, they needed a security provider that could deliver a thorough assessment in under a month.
Having never worked with a third party on this type of security assessment, the Canyon team worried that the experience would be slow and cumbersome – so they sought an agile partner that could deliver an efficient engagement and provide them with guidance throughout the process. After speaking with several Google-approved providers, they selected Bishop Fox for their security assessment.
"Bishop Fox was the most empathetic when it came to our context and need for speed, while offering a compelling package.”
– Adrien van den Branden, Co-founder and CEO, Canyon
Canyon engaged Bishop Fox to assess the security of their application, external perimeter, and Amazon Web Services (AWS) cloud environment, and review Canyon’s responses to Google’s required Self-assessment Questionnaire (SAQ).
Specifically, Bishop Fox was tasked with:
The engagement consisted of three key parts: an application penetration test, an assessment of the external perimeter, including a cloud security review, and an evaluation of Canyon’s Self-assessment Questionnaire.
During the web application assessment, the Bishop Fox team discovered two issues with how the application handled untrusted inputs. The issues, though important to flag, were straightforward to address. Armed with detailed remediation recommendations, the Canyon team was able to rapidly implement the fixes.
"The Bishop Fox security consultants have brought critically interesting insights on the security of our systems, which has enabled us to improve them in very actionable ways."
– Adrien van den Branden, Co-founder and CEO, Canyon
Bishop Fox’s review of Canyon’s AWS environment and external attack surface determined that Canyon was maintaining a small external footprint and consistently following industry best practices for a secure infrastructure configuration.
Finally, through an analysis of Canyon’s SAQ responses, the assessment team determined that Canyon deployed effective security practices, which greatly enhanced the organization’s global security posture.
The engagement – from kick-off to remediation – took only two weeks to complete.
The Canyon team invested the time up front to prepare documentation around their policies and infrastructure, which allowed Bishop Fox to hit the ground running. Their efforts paired with Bishop Fox’s extensive experience delivering Google Partner security assessments and providing thorough reports with actionable recommendations allowed Canyon to meet Google’s security deadline and continue to leverage Google’s various APIs, an essential component of their business.
“The whole Bishop Fox team has been very reactive and professional, often exceeding our expectations in terms of turnaround time to submitting (revised) reports. The whole project was practically delivered in the course of 2 weeks, although we had planned a month for it.”
– Adrien van den Branden, Co-founder and CEO, Canyon
For Canyon, the engagement went beyond just meeting Google’s partner program requirements. Serving a target market of enterprise clients, they understand that robust security is an important differentiator for their product. The results of the engagement gave them the confidence that they were indeed delivering on their promise to provide enterprise-class security and compliance for their customers.
“The engagement not only increased our confidence in our systems but is also proving very valuable in discussions with prospects.”
– Adrien van den Branden, Co-founder and CEO, Canyon
Canyon is a plug-and-play contract management software that integrates seamlessly with your existing tools. No disruptive process change. No lengthy implementation. Simple and ready-to-use.
Gravity-Defying Security: An Apollo.io Story
Apollo selected Bishop Fox to perform a Google Security Assessment to evaluate the security of its application, external perimeter, and Google Cloud Platform (GCP) environment, as well as conduct a review of its responses to Google’s required self-assessment questionnaire (SAQ).
John Deere Digital Security Journey: Securing Products Against Cyberattacks
To help ensure John Deere products are ready to withstand security threats, John Deere chooses Bishop Fox's Cosmos platform and product security reviews.
August: Built-in Security in IoT Devices
This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.