Virtual Cabinet is a secure document management software and client portal system. For 20 years, it has offered businesses a convenient and secure means of sharing documents with their clients, with in-built electronic signature capabilities.
This speeds up business processes and automates core workflows, enabling greater collaboration and productivity. Virtual Cabinet now has around half a million registered users, largely from the legal, financial, accountancy and insurance industries.
The challenge
Virtual Cabinet has committed to delivering continuous improvement and continual security testing as part of its service. The business sectors Virtual Cabinet operates in process a great deal of highly sensitive data, so ensuring absolute security and ongoing responsiveness to emerging cyberthreats and vulnerabilities is critical.
As such, the firm works with third-party penetration testers to ensure an independent, consultative approach to testing its software and portal. The incumbent provider was taking a very scripted approach, whereby Virtual Cabinet sought a stronger hacking mentality and an ability to test its systems in a more exploratory and creative way.
The solution
SureCloud’s CREST accreditation, exemplary testing skills and experience and strong track record were key factors in the decision, as well as its hacking mentality and willingness to ‘test to break’ – that is, to push Virtual Cabinet’s software as far as possible and seek out potential vulnerabilities away from a rigid checklist of tests.
The project began with a scoping call with SureCloud’s testers, reviewing the Virtual Cabinet product and developing a truly bespoke approach to testing it. From there, SureCloud conducted an array of tests, including mobile application testing, web application testing and API security testing, all tailored to the precise nuances of Virtual Cabinet.
SureCloud provided Virtual Cabinet access to its vulnerability management solution from the commencement of testing. This immediately enabled live access to test findings, improved internal reporting and more effective remediation strategies.
The results
These tests sought to identify, analyse and remediate vulnerabilities in Virtual Cabinet’s solution in line with the very latest cybercrime tools and techniques. In doing so, they met the criteria Virtual Cabinet has in place to deliver continual improvement and testing, maintaining its integrity and providing its clients with the core requirement for a secure document management system.
“We work for businesses in many sectors where the security and integrity of data is paramount,” said Nancy Saunders, Security and Compliance Officer at Virtual Cabinet. “We promise our clients a proactive and ever-evolving approach to securing our software, so it’s vital that we achieve this. SureCloud offered us outstanding testing expertise and an excellent consultative approach to the testing process.”
“We’re delighted to be helping Virtual Cabinet ensure the integrity of their software and portal, and the security of all data shared within it,” said Mike Harrison, Cybersecurity Commercial Director at SureCloud.
“Businesses in sectors like accountancy and law can be tempting targets for cybercriminals, thanks to the volume of highly sensitive data they process, and they also have strict regulatory compliance demands to meet. Our testing ensures that Virtual Cabinet is operating to the highest levels of security on an ongoing basis.”