Channel 4 cuts penetration test costs by 60% after partnering with Invicti
For more websites, we now don’t need to go externally for security testing. We can fire up Invicti, run the tests as often as we like, view the scan results, and mitigate to our hearts’ content. As a result, the budget we were spending every year on penetration testing decreased by approximately 60% almost immediately and went down even more the following year, to about 20% of our initial spending.
Brian Brackenborough, Chief Information Security Officer, Channel 4
Headquartered in London, UK TV brand Channel 4 began its first transmission in November 1982. Freely available to all of the UK, it operates the country’s biggest free streaming service, All 4, plus a network of 12 television channels.
Its unique model – commercially-funded but publicly-owned – means it is able to offer independent and distinctive, universal content reflecting the interests of different communities across the UK.
A large organization with thousands of web assets, Channel 4 is responsible for securing the data of 26 million All 4 viewers, alongside staff details as well as their next of kin, and all of the company’s intellectual property.
Part of this entails testing Channel 4’s defenses, a complex and costly task, taking up a huge amount of the organization’s security budget.
Seeking a solution to test Channel 4’s defenses
In line with regulation such as the General Data Protection Regulation (GDPR), Channel 4 must be able to demonstrate data is safe and secure. Taking this into account, the firm needs to ensure robust security protocols and technology are in place to protect it from the threats it is facing now and in the future.
In order to be able to do this, Channel 4’s CISO Brian Brackenborough was looking for a solution that would allow the company to test its defenses efficiently and within its security budget.
Prior to using Invicti, Channel 4 was spending significant sums every year on numerous penetration tests using multiple third party companies.
We would perform a penetration test and get the results; we’d then have to fix the issue and pay for another penetration test. That could be quite a cycle depending on how complicated the particular project was.
Invicti helps Channel 4 gain control over assets
To increase efficiency and cut costs, Channel 4 needed a simple way to gain control over its assets so it could secure them. This meant first having visibility into all its applications, including any that were lost, forgotten, or hidden.
Invicti has helped Channel 4 do just that, allowing the firm to make a determination about how important particular websites are.
We can now identify whether sites are collecting personally identifiable information (PII) – and if not, we can immediately scan them using the Invicti platform.
Using Invicti, Channel 4 can now perform continuous, automated vulnerability scans on websites where it doesn’t store PII, or on sites for any new shows released on linear platforms such as Channel 4, E4, or All 4.
Efficiency gains and cost savings
There are clear efficiency gains, and the cost savings are huge. Partnering with Invicti allowed Channel 4 to reduce its spend by 60% in the first year alone, with further savings into the second year.
It makes our lives a lot easier and allows us to ensure we are delivering projects on budget and on time.
Overall, the Invicti product makes things easier for the lifecycle of any project. Using Invicti, Channel 4 can now start performing automated penetration tests or vulnerability scans against systems at certain milestones of a project to make sure it stays on track.
This allows Channel 4 to catch any issues early on in the process, prioritizing vulnerabilities that put the company at risk and fixing them with less manual effort – without the need to go back to redesign or redevelop.