We can see results everywhere, but Tenable’s support alone earns my recommendation. It’s simply stellar.”
Key Business Needs:
JUST EAT needed a comprehensive and scalable custom security program with better visibility to provide protection in an ever-changing and sophisticated threat landscape.
JUST EAT selected SecurityCenter Continuous View™ (CV), which provides one security platform with customized, easy-to-use dashboards that enable visibility and automate understanding of its high volume of data and assets.
A global company headquartered in London, England, JUST EAT is the world’s leading online and mobile takeaway ordering service. From humble beginnings in a Danish basement in 2001, to its 2014 listing on the London Stock Exchange, the company now operates in nearly 20 countries worldwide.
The organization’s mission is to deliver the quickest, easiest way to order takeaway. JUST EAT does this with a global team that provides consumers with choices – from the range of food and type of restaurants available, to how they place, pay, and receive their takeaway. Orders are transferred in real-time to nearly 62,000 restaurant partners via state-of-the-art systems developed by the JUST EAT Technology teams. From their game-changing JCT boxes, to their recent Apple Watch app, they’re providing their restaurant partners with top technology to make running a successful takeaway business even easier than ever.
“It was all about visibility,” said Shan Lee, Head of Information Security at JUST EAT. When he joined the organization in 2013, he was already familiar with Nessus and reasonably familiar with SecurityCenter, Tenable’s comprehensive security platform. A seasoned security veteran, his directive seemed simple enough: protect the fast-growing organization from an ever-changing and sophisticated threat landscape.
It was a familiar story to Lee, but he knew immediately that he needed to lay the foundation for a scalable security program and achieve total visibility into the IT environment, which was distributed globally and included internal systems, millions of users, and cloud applications. These objectives were core to not only his security strategy, but for JUST EAT’s ability to achieve business outcomes. The problem was compounded due to JUST EAT’s rapid expansion and the need to increase the organization’s security maturity. He needed to move fast and communicate results to the executive team at the same time.
“There’s a sentiment out there that we’re just a fast food company, but the reality is that we’re technology company. We have a start-up atmosphere and are much more of an open environment in terms of technical professionals,” explained Lee. The combination of services-driven solutions and cutting edge technology and professionals with diverse skill sets created complexity among the many IT teams.
Additionally, as Lee noted, “The diversity of our IT environment meant that we couldn’t follow a one-size-fits-all security model for all areas of the business. We needed a centralised solution with the flexibility to address different business areas and technologies appropriately.” The JUST EAT team needed to tie businesses processes together in a way that was unobtrusive but collaborative, especially given the rapid pace at which the organization was integrating new technologies and acquiring companies, the latter of which included less effective security practices.
Lee also noted, “The impetus is on growth.” It is often difficult to get security on the agenda. The important thing is to keep the focus on business—support and drive business rather than acting only as the police. Lee needed a way to ensure the actions his team takes are relevant and stop threats in their tracks by removing vulnerabilities.
A crucial component of that relevance is visibility. Lee and his team can’t defend or protect assets they’re not even aware of, and with a dynamic, rapidly-growing environment one of the primary challenges is simply ensuring that you’re aware of all network resources and data. Cloud services, mobile devices, and BYOD policies expose the organization to many variable and transient factors that contribute to the overall risk. Ensuring comprehensive visibility is the foundation of an effective plan to address and resolve security concerns.
The Tenable Solution
Lee and his team chose Tenable SecurityCenter primarily for the support they receive from Tenable. That support is “simply Stellar” in Lee’s words, and provides an invaluable extension of the in-house security expertise.
The JUST EAT team includes a couple people dedicated to working closely with Tenable—paying attention to dashboards and directing actions necessary to address security concerns. Lee noted that he often wants or needs to do things that are outside of Tenable’s capabilities, but Tenable support doesn’t hesitate to work with him and his team to get it done.
One example Lee cited was AWS. JUST EAT relies heavily on AWS, and Tenable support worked with his team to extract useful metrics and effectively monitor both environments.
Tenable also gives JUST EAT the context it needs to take decisive action and make better business decisions. Lee pointed out that one of the biggest negatives is data overload. “The sheer amount of data is difficult,” claimed Lee, “But, the dashboard functionality and the tuning of alerts is great.”
“SecurityCenter gives us a nice, holistic view of what’s going on,” explained Lee. “ARCs [Assurance Report Cards] are proving to be very useful and with the addition of agents, they’ve helped tremendously. We can see what’s coming in and out and that’s helped us manage our “road warriors” because it gives us a holistic view of the guys out there and what’s going on and how they’re accessing and using the network.”
Lee also shared that ARCs give him a nice starting point to talk to the executive team, and determine what they’re interested in. He can give them a state of the union report that includes relevant and bite-sized metrics that help all levels of the organization take action. Lee stressed, “We can drill down into areas of concern.”
JUST EAT enjoys a collaborative partnership with Tenable experts that enables the organization to innovate and stay secure while rapidly expanding at the same time. The context and the ability to cut through data overload equip Lee and his team to communicate effectively with the executive team. Lee has succeeded in getting security on the agenda—security effectiveness is a priority now.
Lee and his team operate on a concept of a services wrapper. It brings new companies it acquires into the Tenable fold within a few weeks—implementing LCE, Nessus Network Monitor (formerly Passive Vulnerability Scanner® or PVS™) and other components. The visibility provided by SecurityCenter enables JUST EAT to integrate quickly and seamlessly with the new acquisitions.
Tenable has allowed JUST EAT to streamline its process to an extent. Lee said, “We’re actually allowing other teams direct access into the Tenable setup.”
JUST EAT enables the network teams from new acquisitions to have access and they’re spotting issues with logging and traffic and opening up to other teams. “They love being hooked into SecurityCenter,” declared Lee. The indicators are very helpful, and the wealth of information we get out of it is more than security.”
“The support alone earns my recommendation,” says Lee. “While it’s difficult to quantify security ROI for any distributed and highly complex IT environment, we can see results everywhere. Our internal IT teams are working more closely together and because Tenable partners with us on our security posture, we’re happy to be in the public eye for Tenable.”