Key Customer Facts
- - Location: Kansas City, MO
- - Size: Startup
- - Industry: Technology
- - Use case: Automating and Securing Pipelines
- - Website: https://leveragelab.com/
- Leverage Lab’s core business expands the depth and breadth of customer data actionable for its clients. In doing so, the Leverage Lab team realized the need to prioritize investment in improving its cloud security competency. User data privacy and security is paramount in today’s business environment. Leverage Lab was looking to validate the security of its existing Google Cloud workloads and solidify a secure foundation on which to scale security processes as its GCP footprint expanded.
Leverage Lab is a first-party data consultancy that advises clients on collecting, enhancing, and leveraging their proprietary data assets to inform personalized marketing strategies that lead to higher customer engagement and increased revenue. As the marketing and advertising analytics industry continues to look for ways to tighten a direct relationship with consumers through privacy-compliant engagements, Leverage Lab increasingly relies on a variety of GCP data analytics services to perform its data processing tasks.
Leverage Lab selected ScaleSec as a partner because of its unique blend of security and application development expertise. While most security consultancies target security operations teams, ScaleSec instead focuses on development teams, helping them integrate security directly into their development workflows. This methodology, often referred to as “DevSecOps,” identifies security vulnerabilities earlier in the process, reduces friction between teams, and allows teams to respond to the changing security landscape more effectively. DevSecOps arms ScaleSec customers with the tools and processes to respond to market forces more quickly with the timely and secure release of code with the ultimate goal of capturing additional market share.
Leverage Lab’s strategic focus on development means it is challenging to dedicate tactical resources to security tasks. ScaleSec’s ability to efficiently integrate security into the development lifecycle was a motivating factor for Leverage Lab. This operating model empowers Leverage Lab to better meet demand from their expanding customer base without adding more internal resources.
The ScaleSec team began the engagement by reviewing the existing Google Cloud environment and looked for adherence to Google Cloud security best practices. The team reviewed various security domains such as IAM, Network Security, Compute Engine Security, and Data Security. The assessment’s output was a report outlining deviations from best practices and a prioritized roadmap of recommendations tailored to the Leverage Lab’s environment and current maturity levels.
Following this assessment, the ScaleSec team worked with Leverage Lab engineers to implement many of the recommendations made in the assessment report. The ScaleSec team started by using Terraform to implement an automated Infrastructure as Code (IAC) deployment pipeline. Using IAC, the Leverage Lab and ScaleSec teams built repeatable, modular templates that could be reused across each environment. These modular templates were combined to create a “secure, foundational baseline” that could be further built upon.
Partner Solutions / Products used
The Infrastructure-as-Code approach immediately improved the environment’s security posture, as there was now a repeatable process in which all changes could be reviewed, tested, and monitored before deployment. Additionally, the IAC deployment pipeline reduced the amount of time it took the Leverage Lab team to build a new customer environment, reducing the duration for environment completion from days to less than an hour.
Results / Impact / Highlights
With an automated deployment pipeline in place, Leverage Lab can be attentive to optimizing and introducing new security capabilities within the environment. The Leverage Lab and ScaleSec teams plan to continue iterating on the deployment pipeline, improving the developer experience, test coverage, and introducing additional security capabilities into the workflow.