Attack Surface Management and Third-Party Risk Management at Superloop
Founded in 2014, Superloop was created to connect Asia Pacific to the cloud, with a legacy-free network capable of fulfilling the growth in the demand for bandwidth.
Today, Superloop is a trusted provider of connectivity and managed services throughout Asia Pacific. Its full suite of offerings appealing to both businesses and homes.
They own and operate over 894 kilometres of carrier-grade metropolitan fibre networks in Australia, Singapore, and Hong Kong, connecting more than 390 of the region’s key data centres and commercial buildings. Superloop have added a competitive Business National Broadband Network(NBN) offering to its portfolio in Australia providing cost effective, high-speed connectivity to organisations. This combined with their other enterprise grade connectivity offerings across the Asia Pacifc region is helping to support their customers with business critical applications through a consistent, seamless experience through its carrier network.
Superloop’s network is the only network that can deliver a seamless cloud-first experience to the major traffic hubs and enterprise buildings across Asia Pacific.
Driven by underlying business growth, a cloud-first consumption model, and increased regulatory pressure in Australia and Asia-Pacific, Superloop’s Chief Information Officer, Andrew Lawrence, looked to develop a comprehensive cyber risk strategy.
As a service provider, Superloop struggled to find a security ratings provider that was able to provide a meaningful cyber risk assessment, and could separate Superloop’s assets from its customers’ online. The team wanted to move away from slow, back-and-forth, spreadsheet-only based security questionnaires that added little value and had no independent assurance.
They needed a solution that was capable of continuously monitoring their vendors’ security posture adding value by calling out high risk areas and providing greater visibility to assess how these might impact their business and ultimately their customers.
Andrew expressed, “We are a service provider for businesses, and in honouring the high level of trust our customers bestow on us we need to ensure our processes and infrastructure provide them with the most secure and reliable services possible.”
Andrew and his team at Superloop leveraged UpGuard to develop a robust, time-efficient vendor management program that allows them to manage their vast number of vendors on a continuous basis, using our security ratings platform complemented with our intelligent security questionnaires.
Andrew reported to us that his team is now able to onboard new vendors in half the time by using UpGuard Vendor Risk. Our platform provides an evidence-based assessment to easily pinpoint critical vendors and based on the score surfaced helps them to effectively prioritise effort to remediate the risk.
“The challenge of traditional Q&A analysis is processing and interpreting the data and doing something with it. UpGuard’s Vendor Risk automates this process of scoring good versus bad against an intelligent and mature scoring model. This provides us with confidence to quickly assess our areas of critical risks and prioritise the vendors we need to monitor more closely.” Andrew stated.
Our platform also gives Superloop overall visibility of a vendor’s security hygiene from a process and focus perspective. It provides them with the same in-depth insight of their own environment allowing them to make informed decisions about their security posture and prioritise resources appropriately.
Layered insight of supply chain
As a telecommunications provider of secure connectivity and networking services, Superloop’s environment is understandably complex. As a result alongside Vendor Risk, Superloop uses UpGuard BreachSight as part of their supply chain security monitoring program.
Andrew says that, “Our complicated environment requires attention to detail when reviewing security risks. We have many cloud-first vendors so the UpGuard platform allows us to be granular and gives us an interesting layered insight on our supply chain that could have a critical impact on our operation. As a telecommunications company providing mission critical services, this insight is vital.”
Chief Information Officer