Case Study: SIDE Securities Industry Data Exchange

About the customer

SIDE Securities Industry Data Exchange provides a data exchange platform to the regulated investment industry, including investment managers, broker-dealers, and custodian banks. Regulatory authorities such as CSA/CIRO in Canada and SC/FINRA in the U.S. demand rigorous vulnerability management practices. The platform operates as a Software as a Service (SaaS) to enable SIDE Industry Participants to manage their operational risk, lower costs, enhance their end-client experience, and reduce their carbon footprint through a single and innovative service platform.

Industry

Financial Services

Customer Since:

2024

Services Used

PTaaS Managed OutscanNX

The challenge for SIDE

As a service partner to some of North America’s most stringent financial services participants, SIDE must meet high standards of cybersecurity hygiene, data protection, and incident response preparedness.

We spoke to CEO John Packwood and CIO Yogi Golle about how Outpost24 solutions have helped protect their platform, stay compliant, and reduce risk since 2024.

Enhancing vulnerability management for a community-led market infrastructure platform

For organizations delivering services in highly regulated industry sectors such as Financial Services, staying ahead of cyber threats is paramount. SIDE faces this daily challenge to proactively keep their platform secure for their participants and ensure its Internal Controls and processes are aligned with ISO 27001 and SOC compliance regulations. They are passionate about their industry community and have a security first mindset. To meet their vulnerability management and application security needs, they approached Outpost24 for support in two areas: Managed Services and Penetration Testing.

Optimizing security controls for SIDE

SIDE, which hosts its industry platform in a private cloud-based infrastructure, was looking to further enhance their information security program to meet industry and client-mandated security controls. Their primary goals were to gain continuous visibility into system and application-level vulnerabilities, while adhering to increased levels of formal vulnerability management processes required by their clients and integrate vulnerability detection with their incident management and remediation planning.

John, CEO, comments, “Prior to being introduced to Outpost24, SIDE’s approach to ongoing cyber security detection was primarily based upon our own processes and tools, including maintaining strict Internal Controls policies and procedures. SIDE was looking to involve an independent third-party beyond just performing annual penetration tests. SIDE was looking for continuous detection measures that involve a robust technology and reporting platform accompanied by expert cyber security personnel. Outpost24 was identified as the best candidate to meet the needs of SIDE’s evolving Information Security program.”

Managed vulnerability management and pen testing as a service

Outpost24 delivers fully managed vulnerability scanning and PTaaS solutions for SIDE, enabling them to better understand their network and application security posture and align with industry best practice. Our solutions provide them with actionable insights into a single pane of glass view, driven by in-depth findings from our managed services team to prioritize the biggest risks for remediation. Our solutions are fully integrated with SIDE’s existing ticketing systems and workflows to optimize efficiency and reporting.

Yogi adds, “The onboarding process was efficient and professionally managed. Outpost24 assigned a dedicated managed services consultant who provided tailored guidance as we scoped critical infrastructure, configured scans, and established secure reporting protocols. Given our role in the regulated investment industry, it was vital that onboarding aligned with our operational security standards — and Outpost24 delivered.”

Why Outpost24?

Since implementing Outpost24’s Managed OutscanNX and PTaaS solutions, SIDE has realized significant benefits:

1. Managed detection and remediation: Continuous vulnerability detection with risk ratings enabling them to prioritize and remediate high-risk findings more efficiently without any additional resource burden.
2. Improved audit process: Solution-based reports have enhanced audit readiness, demonstrating an active remediation process and historical vulnerability management for network and applications.
3. Streamlined workflows: Integration with ticketing systems and workflows to simplify vulnerability remediation and reduce security exposure time.
4. Enhanced security posture: Significant reduction in the number of days that findings were exposed. Specifically, SIDE achieved a 25% reduction in the exposure period, underscoring the effectiveness of its enhanced security posture.

Penetration Testing: From point-in-time to continuous

With the Outpost24 PTaaS solution, we helped transform SIDE’s existing application security process into a continuous, integrated activity providing actionable insights and remediation guidance. This shift has not only reduced the time required for pen testing but also provided SIDE with an annual snapshot of vulnerabilities, complete with exact remediation advice.

SIDE now enjoys a fully mature, structured approach to vulnerability management and application security, supported by our managed services team. They have achieved improved compliance readiness, reduced manual effort in remediation, and gained valuable insights into their security posture.

By adopting Outpost24’s Managed OutscanNX and PTaaS solutions, SIDE has not only met but exceeded their security and compliance goals, positioning themselves for security maturity and growth.

Find out more about our Managed Services here.