Security Series: A Wazoku Story

This three-part blog ‘Security Series’ sees Wazoku’s Director of IT Chris Bailey discuss our commitment to security. In this first post, he focuses on the journey so far, tracking some of the key events that has led Wazoku to develop one of the most secure innovation platforms on the market today.

Across this series, I want to bring security at Wazoku to life. There isn’t a company out there that would claim that they don’t take security seriously. However, throughout these blogs, I’ll illustrate how, at Wazoku, we don’t just talk this talk: we are constantly walking the walk.

Our journey with security – in its current guise, at least – stemmed from a security incident that happened three years ago. This brought a lot of the work that we had done in this area to date into sharp focus. It became a part of the business that was ripe for not only improvement, but for allowing us to become a business that views security as a point of proud differentiation.

Already having experience with Cyber Essentials, we’ve been able to gain further accreditations, including ISO 27001. This has allowed us to create robust data, security, and continuous improvement processes around employee, customer, community, and suppliers, ensuring the organization runs more smoothly and more visibly. Where our reporting was previously disconnected, we now ensure that everything is tracked, cohesive, and comprehensive.

Around 18 months ago, we also started the Wazoku Bug Bounty program, which works as an invitation for anyone to test our platform, find issues, and report them to us. If they find issues that we both weren’t aware of and are significant threats to our security standards, we pay cash rewards to the person responsible for bringing it to our attention.

We weren’t able to set this up overnight. Significant work went into setting up the Bug Bounty and ensuring it was effective in both locating and resolving security issues. This included gaining critical buy in from those responsible for allocating investment and resources into projects that Wazoku undertakes.

For anyone looking to do something similar with their platform or software, I’d suggest that this is the first – and, in many ways, the most crucial – bridge you need to cross. Our research shows that, whilst this kind of security tactic is becoming more popular, with software like Hibob, Jira, and ThanksBen utilizing it, this remains far from a universally adopted framework for ensuring security standards are maintained across software suppliers.

Even more unique to Wazoku is that we run this through our own platform. This is not borne out of anything other than the firm belief that our platform should be able to support this kind of operation – something which the reality of the last 18 months has proven. This comes with the added advantage of not having to rely on an external supplier or an email inbox to react to and address security issues with Wazoku.

This year, NCC’s annual Penetration Test (Pen Test) has found no ‘high’ or ‘critical’ issues across our platform, a mark of how effective our recent security efforts have been. The Pen Test on our platform works very similarly to the Bug Bounty. NCC tries to hack our system and then produces a security report off the back of the findings. In the next blog in this series, I’ll be discussing the data that our Bug Bounty has produced so far, and what that means for our security efforts going forward.