Customer Experience Pioneer Directly Protects Customer Data and Reputation With Bugcrowd

About Directly

From self-parking cars to smart personal assistants, AI is changing the way we live. All AI systems rely on data as the lifeblood that enables them to learn, but as it’s often of a personal or sensitive nature, this data must be secure.

Customer experience pioneer Directly is transforming how organizations deliver customer service by harnessing the power of the crowd and best-in-class AI. The company’s platform leverages machine learning and a community of thousands of independent experts to answer and automate common customer questions  delivering reliable and effective customer service that consumers love.

By working with Directly, organizations are able to reduce contact center volume up to 40%, improve customer satisfaction ratings, and save millions of dollars per year.

To safeguard the sensitive customer data that powers its AI platform, security is of paramount importance to Directly. The company prides itself on its commitment to cybersecurity, with protection against threats built into every facet of the business. Bob Zinga, Director of Information Security at Directly, explains, Our business is built on trust. To achieve our goal of being the leader in customer experience automation, our customers have to know that their data is safe in our platform.

As agile practices are key to Directly’s business development strategies, it needed a security approach that would align with their agile workflows and processes. As a tech company, speed is key to our competitive advantage, adds Zinga. We develop code in two-week sprints as we have to be able to bring new software capabilities to market very quickly.

A Streamlined Approach to Crowdsourced Security

To maintain its dynamic culture while protecting customer information, the company has had a bug bounty program with Bugcrowd since 2016. A great vulnerability management program combines two key components: crowdsourced security and quarterly penetration testing, says Zinga. The bug bounty program we have with Bugcrowd maps very well to our agile development methodology. It’s the only way we can ensure all our new code is secure without causing delays.

Via a streamlined process, researchers provide input on vulnerabilities discovered within Directly’s sandboxed environment, and then the Bugcrowd team validates and triages their findings before passing them on to Directly’s engineers. Depending on the impact of the potential vulnerability, Directly then either issues an emergency patch or includes the remediation in the next sprint cycle.

With Bugcrowd, it’s been easy for us to implement, monitor and update our vulnerability management program. And as they deduplicate and verify all the reported bugs, we’re free to focus on resolving them, comments Zinga. We have a very collaborative relationship with regular meetings that help us constantly develop and improve, so we’re always getting the most benefit from the program.

Keeping Code Secure Without Slowing Innovation

From 2016 to 2020, Directly received more than 460 submissions from 447 researcher participants, which have helped the company safeguard the security of its code without hampering agility. The intel we receive from Bugcrowd is tremendous, says Zinga. In the last year, we’ve been made aware of a couple of potential vulnerabilities and a bug that was due to the misconfiguration of an online application. Armed with the right information, we were able to resolve any issues very quickly.

The partnership with Bugcrowd has also helped justify portions of the security budget at Directly. The Return On Investment (ROI) has been significant as demonstrated by the validation and mitigation of several high-level exploitable vulnerabilities brought to light only by partnering with Bugcrowd. Security has always been a huge priority for Directly, concludes Zinga. By working with Bugcrowd, we’ve been able to continuously improve our security metrics and maturity, ensuring we maintain customer trust in the Directly platform, which is vital for our reputation and continued growth.

To find out more about Directly and its pioneering approach to customer support, go to www.directly.com.

More About the Interviewee

For over two decades, Bob has worked in complex environments at the intersection of people, processes and technology. With an outstanding record of successfully establishing globally recognized technology risk management and cybersecurity programs, he has been setting the vision, driving the strategy and governance framework, establishing effective policies and standards, and managing the cybersecurity risk and compliance functions within Higher Education, State and Federal Governments, the Department of Defense and Technology Industries.

Bob has been recognized within the information security community for knowledge, vision, leadership and the collaborative nature of effectively approaching a constantly evolving and complex area of information security and risk management. He has a proven ability to establish positive internal and external C-level and boardroom relationships to effect significant change and drive a cybersecurity risk management strategy forward while enabling organization growth.

Bob is a firm believer in personal growth and development and is dedicated to continuous growth in the areas of leadership, goal setting, productivity and communication. www.linkedin.com/in/bobfabienzinga