iDeals uses UpGuard to improve its security posture and create a culture of security awareness.
Read more
Arrow down
Vendors continuously monitored by the UpGuard platform
Risk vectors continuously monitored
Digital assets continuously monitored
UpGuard empowers iDeals to manage its third-party risk, elevate cybersecurity strategies, and improve its security posture.

About iDeals

iDeals provides a secure collaboration solution with their industry-leading virtual data rooms. The iDeals platform enables global financial services firms, such as investment banks and private equity funds, to ensure secure document management and real-time collaboration during high-value transactions, including mergers and acquisitions (M&A). 

Julien Penalba is the Director of Information Security at iDeals, managing a team focused on compliance and technical security improvements. 

Ivan Boto is iDeals’ Senior Security Analyst. Ivan focuses on technical security—from internal and external penetration testing to vulnerability management and overseeing security ratings.

iDeals is ISO/IEC 27001:2013 Certified, SOC 2 & SOC 3 Certified, GDPR Compliant, and HIPAA Compliant.

The Challenge

The company needed to maintain a security program that would cover a variety of compliance needs and information technology tools, all while managing customer queries about potential risks identified by external scanning systems.

The security team recognized the importance of having complete visibility across their IT infrastructure to continue to mitigate cybersecurity risk while enabling their colleagues in the product team to roll out new features rapidly.

Keeping track of everything while identifying potential issues would be difficult to manage with manual processes and varying departments’ needs.

The Solution

To ensure they could rapidly and efficiently identify potential vulnerabilities, Julien and his team implemented an automated process for scanning their infrastructure. They evaluated available solutions on the market to compare findings and benchmark between the options.

Ultimately, Julien determined that a package with UpGuard Vendor Risk and BreachSight would provide the bulk of the needed information. With simplified features and daily scanning, the team can review their security posture quickly with both BreachSight updates and automated integration to their communication platform. With Vendor Risk, they can manage vendor assessments for their most critical suppliers with automated reminders and an intuitive interface.

The Results

The iDeals security team has experienced massive success with their use of UpGuard. In addition to increased visibility across their public attack surface and the security improvements they have made, Julien, Ivan, and the team can also keep track of their most critical suppliers.

Improved security and decreased customer concerns

UpGuard’s daily scanning updates and real-time notifications have become an integral part of the team’s process. In addition to using Slack and email integrations for notifications, Ivan reviews their BreachSight risk profile daily in the UpGuard platform. He also reviews any risk waivers that have been created to assess if they are resolved or if they need additional work.

When they first began using UpGuard for risk identification, the team was able to resolve 50% of the initial findings in the first six months, including the most pressing security issues. Then, they resolved the next 30% of the findings over the following year. Now, they have the last 10-20% of improvements, which they manage through compensating controls for anything they cannot modify.

Instead of the hundreds of issues that came up before they used UpGuard to identify and mitigate security concerns, the iDeals team now only handles a handful. The iDeals team can quickly follow up on issues because there are fewer security concerns to track.

“In terms of pure security improvement across our company, we now complete hundreds of maintenance tickets, which is a massive advancement we couldn’t have achieved without UpGuard. We previously wouldn’t have detected at least 10% of those tickets, so UpGuard has enabled us to work faster by detecting issues quickly and providing detailed information to remediate these issues."

Julien and his team maintain visibility across technical issues while lowering the amount of time it takes to resolve problems across departments. Any issues or concerns now get resolved quickly and efficiently, with issues identified and raised as a ticket on the same day.

“By seeing the issues instantly, we can ping our DevOps team when they implement a new test instance about the issues. We say, ‘Hey, something looks wrong, what happened?’ to chat with them and sort out the issues in minutes instead of hours.”

Julien and his team are confident that working with UpGuard has helped them to identify security improvements they might not have otherwise discovered.

Time and resource efficiency with automated assessments for critical suppliers

The iDeals team also uses UpGuard Vendor Risk to improve the review process for their critical suppliers. Before using UpGuard, Julien, Ivan, and the team conducted manual vendor reviews.

The iDeals team conducts annual vendor assessments for their top 50 most critical suppliers directly in Vendor Risk. The assessment workflow includes automated reminders to inform the team when a vendor is due for review. They can then evaluate any risks impacting that supplier and contact the procurement team to facilitate resolution.

“We can quickly browse through all the issues, risks, and vulnerabilities to see if anything impacts our business. If so, we contact our procurement team or application owner so they can negotiate if there’s a renewal coming up. If there are no particular issues, we say it looks good, and we’ll reassess in a year.”

Vendor Risk provides a view into supplier risks and enables the iDeals team to track supplier contact information and compliance documentation, as well as to store contact information that might otherwise be difficult to find later. This way, they can pay attention to expiration dates and contact suppliers for updated documents.

“We use the note feature with the relevant expiration date and who to contact if you need a certain report. It can be frustrating when you work with vendors, and they give you a pen test, for example, but you forget how you got it. So we put the contact information in a note because these tiny details make life easier. You save 10 minutes or 20 minutes per hour times 50 vendors. That’s several hours or even a few days of work that we save.”

Keeping track of these details across the portfolio of critical suppliers ensures that the iDeals team can be more productive with anything they still do manually, such as quick checks for their non-critical suppliers.

Proactive security posture to build trust with prospective customers

Alongside security improvements and supplier management comes an exciting and unexpected use case: helping the sales team build confidence and trust with prospective customers.

“We have a security profile with our rating, and we store some documents like questionnaires. Our Sales team will show the profile to a prospect, so the information gives confidence to customers. Customers can see that everything is under control and don’t really have follow-up questions because everything is already so well done.”

Their customers can also access security documentation and compliance reports in the on-demand platform, saving valuable time that would otherwise be spent emailing questions back and forth.

With hundreds of new leads each month, the iDeals team–both the security and sales teams–sees a strong return with time saved for new revenue opportunities.

“Instead of having to email back and forth with a prospect, you send a single link, and in 30 seconds, the customer has most of their security questions answered. Multiply that with 150 sales reps, and you save dozens of hours of valuable time from the sales reps, and then those reps can reach out to more customers.”

The iDeals team finds a competitive advantage in these conversations because their prospective customers can evaluate the security ratings across their potential options. Meanwhile, Julien, Ivan, and the team can keep the company’s security posture strong by using UpGuard features daily.

"In terms of pure security improvement across our company, we now complete hundreds of maintenance tickets, which is a massive advancement we couldn’t have achieved without UpGuard. We previously wouldn’t have detected at least 10% of those tickets, so UpGuard has enabled us to work faster by detecting issues quickly and providing detailed information to remediate these issues."

We’re experts in securing data breaches and data leaks

We’ve helped Facebook, Dow Jones, Verizon, Ford, the RNC, GoDaddy and many other companies secure customer data. Don’t just take our word for it.
As featured in

Book a free demo

Book a free, personalized onboarding call with one of our cybersecurity experts.