In January 2019, Google initiated a mandatory security assessment for all of its 1,000+ G Suite Marketplace partners to pass by the end of the year. For Salesflare, an intelligent sales CRM startup based in Belgium, it was crucial that they continue their integration with G Suite by addressing any vulnerabilities found in their first ever external assessment.

Salesflare Partners with Bishop Fox for Google Assessment

In order to keep their application within the G Suite Marketplace, Salesflare knew they needed to complete the new, required security assessment. They chose Bishop Fox to facilitate the assessment quickly and painlessly so that they could continue building and developing products for their customers.

Salesflare was in good hands — Google chose Bishop Fox in 2019 to help design, build, implement, and scale their security assessment program, in an effort to secure their customers’ data across all approved applications within their marketplace. With more than 1,000 applications to test, Google and Bishop Fox created a streamlined process for application penetration testing, external penetration testing, and reviewing the cloud deployment of every vendor.

Together, Salesflare and Bishop Fox partnered to secure the CRM product and verify their compliance to stay in the G Suite Marketplace, and they completed the entire assessment in two weeks.

“We decided to go with Bishop Fox because they were willing to work with us within a very tight timeframe. Together, we were able not only to confirm that our products are secure and can continue to integrate with the G Suite, but also that our development team was building secure applications from the ground up.”

— Jeroen Corthout, Co-Founder of Salesflare

Keeping in Touch and on Track

To efficiently work through the assessment together, the teams established a live chat channel (on Slack) to share any security issues or misconfigurations as they were discovered, which enabled Salesflare’s small team to address them immediately instead of waiting for the final assessment report. This allowed them not only to fix those issues as quickly as possible, but also helped Salesflare complete the security assessment within two weeks during the holidays.

The live chat across time zones kept team members aligned and updated, allowing for quick turnarounds between the disclosure of issues and their remediation. By keeping communications channels open, the teams on each side of the Atlantic were unified in their goals and clear on next steps.

“The constant communication allowed us to remediate any security issues during the process. At the end of the process when we received our report, nothing was a surprise and we’d already been able to fix most of the few issues found. That was huge for us.”

— Jeroen Corthout, Co-Founder of Salesflare

The clear communication between the teams during testing and Salesflare’s internal focus on security meant that the final assessment report only included three low-risk findings. The report also included one informational finding to guide Salesflare in strengthening their security posture even more going forward.

Security from the Inside Out

As a small company full of security-minded developers, Salesflare had already implemented their own internal assessments before this push from Google, so they were prepared for the rigors of Bishop Fox’s testing. Their business was already set up to keep data secure in Google Mailboxes in a way that both prioritized customer privacy and allowed them to easily scale as they grow.

“Easy-to-use is an important feature for us, but we wanted our product to be secure as well as functional. We’ve always tried to strike the right balance between security and ease of use.”

— Jeroen Corthout, Co-Founder of Salesflare

Some companies only strive for baseline compliance, but through this assessment, Salesflare has strengthened their security posture far above Google’s program requirements. One excellent example of this is their new public vulnerability disclosure policy, which keeps them aware of emerging critical-risk threats without overloading their team.

Application Security as a Competitive Advantage

Using a comprehensive yet lightweight assessment methodology and open communication channels, Bishop Fox confirmed that Salesflare’s security practices were ready for the G Suite Marketplace. By thinking about security earlier in the development process, Salesflare had integrated it more fully into its applications and could move beyond basic foundational requirements to best practices like their new disclosure policy.

Salesflare has also noticed through this assessment that compared to their competitors, they now know their product is both more secure and easier to use. That peace of mind emboldens them to continue on their path, adjusting per Bishop Fox’s remediations, and maintaining their close relationship with the G Suite Marketplace environment.

About Salesflare

Salesflare is an easy-to-use CRM for small B2B businesses that helps you sell more with less work.

Salesflare reminds you of who you should contact, collects information on customers, logs all your customer interactions for you and gives you insight into how your team is connected to a company. It does this by surfacing data from email, phone, calendar, social media, the web, and more.

Salesflare works everywhere you work: it’s integrated in Outlook & Gmail and works on desktop, mobile and tablet devices.

For a product tour with features and screenshots, check salesflare.com.