InCountry accelerated Salesforce security and DevOps with DigitSec.
View and download the full case study or read it below.
Background on InCountry, a leading global data privacy service provider
InCountry is the leading data residency-as-a-service platform, enabling global data compliance for international business. They certify private customer data managed via dozens of Salesforce Orgs by country and AppExchange Offerings.
Compliance, privacy, and information security are of paramount importance to InCountry’s core business. When they expanded their service to support Salesforce via an app on AppExchange, security was top priority and so was accelerating time to market.
Announcing InCountry for Salesforce on AppExchange – June 2021
The InCountry app for Salesforce expands a company’s data storing and processing possibilities without making any changes to Salesforce regardless of location. That means if a company has offices in the U.S., China, and Indonesia, regulated information can stay within each of those countries, keeping the company compliant and trouble-free.
InCountry's Challenge
But before InCountry could offer this convenient and valuable service to its customers who use Salesforce, it had to develop an app that was secure enough to pass Salesforce AppExchange’s stringent security review process.
The process is notorious for causing costly deployment delays due to the high rates of false-positive security vulnerabilities found during testing. Each of these false alarms must be manually reviewed and exempted to pass the Salesforce security review.
As InCountry began its development, they soon experienced delays due to false positives found by general-purpose static application security testing (SAST) tools.
InCountry had customers eager for their Salesforce App. They needed to accelerate development and pass the infamous AppExchange security review on their first time. Failing the security review was not an option as it would undoubtedly cause a substantial delay.
In order to streamline development, InCountry needed to embed comprehensive security testing into their existing vulnerability management process. They required a solution that was highly accurate for Salesforce development but also easily integrated into their CI/CD pipeline and DevOps tools.
InCountry Embeds Security in its DevOps Process with DigitSec
When Renne’ Devasia heard about DigitSec and its SaaS Security Scanner platform for Salesforce, he immediately called his colleagues together to consider this unique Salesforce DevSecOps solution.
With two decades of IT compliance and security experience at software leaders like Adobe and Microsoft, Renne’ intuitively knew how important it is to embed comprehensive security testing into the software development lifecycle (SDLC), so that you don’t have to sacrifice quality for speed or vice versa.
While InCountry is more focused on security than most fast-growing startups, getting the product to market quickly is also a priority for this customer-focused business.
When Renne’ learned that DigitSec combined four security scanners into a single process that was purpose-built for Salesforce, he had high hopes that InCountry’s new app would not only be highly secure upon release but that it would quickly pass the AppExchange security review and soon be available to its awaiting clientele.
DigitSec Automation, Integration, and Ease of Use
With native integrations for Jira and Jenkins, embedding DigitSec into InCountry’s CI/CD pipeline proceeded quickly. However, InCountry did require some additional custom integrations to fully accelerate its SDLC with DigitSec’s security testing.
As DigitSec offers a fully exposed API, InCountry was able to easily make the custom calls needed to complete a full integration with their workflow.
InCountry ROI: The Results of Integrated Testing with DigitSec
“Due to the streamlined security testing in our development pipeline, InCountry ran DigitSec four times daily, with each and every release commit. This empowered our developers to remediate application security bugs minutes after coding them.
The quick cycle of finding vulnerabilities and fixing them on the same day was key to accelerating our SDLC and at the end of day, our app’s secure deployment in the AppExchange,”
– Renne’ Devasia, InCountry Chief Compliance & Security Officer
“We estimate that DigitSec saved us over 1000 hours of precious development time in a period of only 5 months.”
The final result of leveraging DigitSec throughout its app development, was that InCountry passed the Salesforce AppExchange security review with flying colors & its new app was available months ahead of schedule.
