Clickability Finds Powerful, Simple Security

For this global leader in on-demand Web Content Management (WCM), SaaS-powered vulnerability and risk assessments not only improved security, it also proved to be green, and good business.

For on-demand WCM provider Clickability, the benefits of Software-as-a-Service (SaaS) and Infrastructure-as-a-Service (IaaS) aren’t just the fact that they’re more efficient and affordable than traditional software; they’re a way of life. In an effort to reduce its carbon footprint and create a greener enterprise, Clickability supports the reliability and sustainability of the green Software-as-a Service (SaaS) model. In fact, the company runs its entire business via SaaS delivered solutions.

“Qualys is the most accurate [vulnerability assessment solution] we’ve used, and the SaaS model makes it easy and transparent because we don’t have to maintain the server or the software, or manage updates.”

Tom Cignarella,
VP of Technical Operations at Clickability

Tom Cignarella

So, it should come as no surprise that when Clickability sought a way to secure its infrastructure - which houses and delivers content for a spectrum of global brands in financial services, technology, broadcasting, and publishing - that it turned to Qualys and its on-demand SaaS IT risk and compliance management platform, Qualys.

Chain of Trust

Clickability always has taken the security of its infrastructure seriously. Yet, as a result of the rising number of publicly disclosed worldwide data breaches and increased security regulations, customers are more often inquiring about the IT security efforts that Clickability has in place. Additionally, Clickability recently completed building a second, fully-redundant data center designed to assume all of Clickability’s peak-load traffic seamlessly, with no disruption of customer bandwidth delivery. Clickability’s service record is impressive: 99.99 percent uptime for the past nine months, even as traffic exceeds 500 million page views a month.

For more than a year, Clickability has relied on Qualys to help keep its existing IT infrastructure and WCM platform secure and to ensure a secure rollout of the new datacenter. Qualys, delivered as an on-demand service over the Web, simplifies the typical time-consuming deployment, maintenance, and updating of vulnerability management servers and software. Using the efficient and cost-effective SaaS approach, Qualys delivers industry-leading vulnerability management and comprehensive IT policy compliance as a simple, fully turnkey service. For Clickability, and thousands of other companies around the globe, Qualys automates the process of vulnerability management and policy compliance across the network, including network discovery, detailed mapping, asset prioritization, vulnerability assessment reporting, and remediation tracking.

“Qualys has been an easy win for us. We were able to get the appliance in place and running very quickly. Soon, we were monitoring our security processes and trending our progress through its reporting,” says Dave Anderson, senior systems administrator at Clickability.

Systematic Risk Mitigation

When Clickability first started assessing its infrastructure with Qualys, it began with its external perimeter. “That’s the part of our infrastructure that we wanted to know about immediately,” says Anderson. From that initial assessment, Qualys provided immediate, pragmatic security benefits. “It identified settings that we needed to change, including potential problems in a number of router configurations,” explains Tom Cignarella, VP of technical operations for Clickability.

“Qualys’ assessments do an excellent job of identifying things like system misconfigurations. These conditions are easy for a person to miss while doing a security check. And Qualys’ reports provide us an actionable level of detail that is extremely valuable,” he says.

The IT team also leveraged Qualys as an integral part of securely building out their secondary data center. “Once we had a server built, we would perform a scan to make sure that it was a secure configuration. Qualys was very helpful for this, as we built different classes of machines, from application servers to caching servers and our database servers,” Cignarella says. “As we finished our new data center, we realized this would be our model for adding new systems to our infrastructure in the future,” he says.

This due-diligence is not only important for Clickability as a security best practice; it’s also essential for its customers. “It’s critical for them to know that the sites that we host for them are secure,” he says.

For part of that effort, Clickability recently began introducing data on its security posture into the key performance data it shares with its customers. “It’s extremely assuring for them to know that we scanned our entire data center facility and that the results show that there are no level five, four, or three vulnerabilities, and that the facility is as secure as possible,” says Cignarella.

Qualys has proven to be not only a highly accurate, easily managed way to build and maintain its secure infrastructure; it also turned out to be good business. “As we explain our business to prospective clients, we show them that we scan both our internal and external networks,” says Cignarella. “And, because Qualys is the leading vulnerability assessment provider, most of our customers are familiar with Qualys’ reputation and are happy to know that it’s part of how we keep their information secure,” Cignarella says.