Pagero offers e-order and e-invoice services. The services are independent of ERP system, industry and transaction volume and suit all types of businesses. Pagero has about 140 employees with headquarters in Gothenburg, Sweden, with local sales offices in Stockholm, Oslo, Helsinki, Brighton, Dublin and Dubai. The company has over 15.000 customers in 50 countries benefit from their services.
Industry: Online invoice services Employees: 140 Customer Since: 2015 Products: SWAT, OUTSCAN, Managed Services, Professional Services
Why did you choose Outpost24?
Information security is a key issue for Pagero since we are a part of our customer’s financial flow and they trust us with sensitive data.
“...when releasing new services Outpost24 will help us to verify and secure that all new functionality is secure and up to date with all security patches.”
What is important to focus on when you chose a vulnerability tool?
Simplicity! Our top criteria was to find a tool or a partner that could help us to understand and prioritize the output from the vulnerability scanning since we in some cases don’t have the competence to prioritize the findings correctly and therefore we need help from experts. We want to focus on implementing the corrections rather than prioritizing them.
Which benefits have your vulnerability management program brought to you?
We have more attention on security when building new services and we got a verification that our cloud service had a good security level. In the future when releasing new services Outpost24 will help us to verify and secure that all new functionality is secure and up to date with all security patches.
Lessons to share to others planning to invest in vulnerability management?
Talk to different vendors on the market and compare their different solutions then you have to decide what is important for your company and what you want to spend your time on, i.e. prioritizing the findings by yourself or get everything served on a “silver plate”? Using an external vendor is the best solution for finding vulnerabilities as I see it since they are experts (and they love it) in finding weaknesses in our solution. Our own internal teams “don’t” want to find any errors since it means that they have done mistakes when building the stuff.
How did you prepare for adapting a vulnerability management program?
Pagero initiated a security program a few years ago in order to focus more on information security and to be compliant with the international standard ISAE 3000 SOC2. A vulnerability management program is an important piece to verify that our cloud service is secure, to guarantee high availability, and that our customers can feel confident that their electronic business documents will be delivered in time, and are not accessible by unauthorized users.