Customer

Skills For Care

Service:

Application Security Testing

Skills For Care

About:

Skills for Care is an independent charity with over 18 years’ experience in workforce development, working as a delivery partner for Ireland’s Department of Health and Social Care. They also work closely with related services such as health and housing and are the membership organisation for registered managers.

Skill for Care’s practical support helps leaders and managers recruit, develop and lead their staff, retaining them from entry level right through to senior leadership and management roles. With around 200 employees across two offices, Skills for Care’s headquarters are located in Leeds, but staff works remotely from a number of UK locations including London and Edinburgh.

Questions & Answers

What Edgescan protects

ISkills for Care uses Edgescan across their applications suite.

These include an in-house developed portal application, which has a 2 way pull and push into their CRM system, and their Adult Social Care Workforce Data Set (ASC WDS) system, an AI powered service that helps care providers run their business and manage their staff training needs. The ASC WDS can also provide access to the Workforce Development Fund, a valuable source of funding for staff training.

What security challenges was Skills for Care experiencing before taking on Edgescan’s solution?

Before bringing Edegscan on board, Skills for Care was relying on the security po0sture guar-anteed by their cloud provider, AWS.

They weren’t experiencing many issues as the ASC WDS adheres to Government Digital Ser-vices guidelines and its security was covered by their licensing with their cloud provider. It was assumed the system was reasonably secure, but in order to go the extra mile to protect the sensitive information processed by the applications, Skills For Care made the decision to put further precautions in place.

Before Edgescan’s solution was deployed on the portal, the security of their posture was tested annually by an external pen tester provider. But given Skills for Care makes month-ly changes to their systems, they felt the need to go beyond just ticking a compliance box. Edgescan’s penetration testing service can run on a monthly basis, which allowed Skills for Care’s security team to have better visibility into any potential issue any time a change was made to the application.

What tipped the scale in favour of Edgescan, over and above the other providers considered?

Edgescan is an easy-to-use product and they are responsive to Skills for Care’s needs. Ed-gescan simply “fitted with them”, and it didn’t hurt that that they had a fair cost model that was within the budget of a charity like Skills for Care.

How well did the integration/adoption process go?

The onboarding process was fast and seamless. All that Skills for Care had to do was fill in an online form and give details on their system, and the applications were then onboarded seamlessly. The API took a little bit longer, but it was still very fast.

How has Skills for Care benefitted from using Edgescan?

The reputational risk of accidentally introducing a vulnerability into the live code of appli-cations funded by the Department of Health is any DevOps and security teams’ worst night-mare. With Edgescan, Skills for Care has the peace of mind of knowing that everything is tested before being deployed.

Furthermore, having a trusted pentesting provider like Edgescan means that Skills for Care no longer has to onboard a new provider each time they need to test their security posture. A penetration test can be initiated from Edgescan’s own user interface at the click of a but-ton. This helps for instances when the Department of Health finds a security issue within its systems: Skills for Care can simply initiate a penetration test and find out whether it affects their applications.

Have you seen a return on investment?

The main return on investment Skills for Care noticed after starting to use Edgescan was the time saved. Any time the security team had to onboard a new penetration testing provider, it would take two members of staff an entire week to collate all the necessary information. Now, this can be done in second.

Being a charity with a small security team, this is a huge advantage. The scalability of Edgescan’s solution is another advantage – should the Department of Health assign more systems to Skills for Care, Edgescan can integrate them immediately and seamlessly into their platform.

Any other comment you would like to make about Edgescan’s service?

Edgescan are very attentive, and they’re good at receiving and taking on board feedback to improve their offering. Their customer success department checks on clients regularly, they are attentive and follow enquiries and request through to completion.

Having a nice product without a team that supports it is just not as good as knowing that your security provider is no more than a phone call away

Never Compromise threat protection:

Request Demo