X

SpareFoot, a listings marketplace for self-storage units, faced the challenge of making it easier for people to find and connect with relevant self-storage facilities in their area. The self-storage industry was traditionally low-tech, with facilities relying on offline advertising methods such as Yellow Pages, billboards, and word-of-mouth to attract customers. On the other hand, customers were increasingly turning to online search engines and social networks to find storage solutions. This left storage facility owners competing with big-budget marketing firms to secure customers online. In 2009, some of the more forward-thinking storage facilities recognized the need for a better way to do business and turned to SpareFoot for help.

The self-storage industry was grappling with outdated lead generation methods, such as Yellow Pages listings, which were not only expensive but also difficult to measure in terms of effectiveness. The industry heavily relied on phone calls, accounting for 90% of their leads, but a majority of these did not convert into reservations. Without concrete data to manage the lifecycle of leads, self-storage companies were left to make educated guesses to maximize their marketing ROI. This was particularly challenging for independent operators who needed a data-driven approach to track leads from the initial phone call to the final move-in.

Strategic Growth, a Salesforce consulting service, was faced with the challenge of integrating their customers' Salesforce.com instances with voice services. One of their customers, a social media marketing company, was particularly dissatisfied with their existing voice provider due to its high cost of over $30,000 per year and lack of flexibility to integrate with their prospecting process. The customer was also paying for services they were unlikely to use. The customer needed a solution that would allow them to make thousands of calls each day to and from more than 500 area codes, and automatically route return calls from prospective clients to the salesperson who had contacted them. This was crucial as calls from local phone numbers were 50% more likely to be answered, and the personal touch of having the same salesperson handle the return call was important for their marketing strategy.

Talkdesk, a company co-founded by Tiago Paiva and Cristina Fonseca, was faced with the challenge of developing a complete call center cloud solution. The existing call center solutions in Portugal, where Paiva had personal experience, were expensive and time-consuming to manage. The idea of a cloud-based alternative evolved in his mind, and the opportunity to participate in a Twilio contest gave him a means to make it a reality. The objectives for their service were straightforward: use web browsers as the only user interface, make it simple to set up a call center, make it easy to send and receive calls, support the product in the cloud, and make it affordable. Despite being predisposed to Twilio through the contest and Twilio Fund, the Talkdesk team researched other alternative services.

Avvo, an online marketplace that connects people who need legal services with qualified lawyers, faced a significant challenge. The company needed to quantify the Return on Investment (ROI) benefit lawyers receive from listing their services on Avvo's marketplace. The challenge was to justify the cost of a premium listing. Avvo needed a way to show attorneys quantitative data about how many calls their website listings were generating. While listing an attorney's pre-existing telephone numbers gave consumers a way to reach the lawyers, Avvo had no way to track the calls passed through those numbers. Without a trackable number, Avvo had no way to measure the leads they send to their clients, and they could only provide a best guess to their impact on their business.

Balihoo, a cloud-based marketing platform, was faced with the challenge of helping companies measure marketing ROI in global campaigns more effectively. The failure to connect with local markets was costing American businesses as much as $50 billion a year. National brands were struggling to make an impact with local advertising, with only 7% of nearly 300 brand marketing executives stating they offered effective campaigns to activate local consumers. Balihoo's mission was to make brand advertising more effective by automating local marketing campaigns. A key part of this was to offer brands local phone numbers in any geography, along with the ability to do call tracking, which would make it possible to determine if calls to those numbers turned into sales.

CallTrackingMetrics, a company that helps businesses and advertising agencies track the sources most likely to convert, faced a significant challenge. They needed to determine the effectiveness of marketing campaigns, lead conversions, and ROI in real-time. The quality of service was a critical factor in their business, as phone sales remained highly relevant despite the increased focus on digital sales. However, setting up reliable call tracking was a complex and expensive task. Most existing solutions were part of larger marketing packages that not all clients needed. Furthermore, the company faced quality issues with their initial platform, including grainy phone conversations and unexplained outages. These issues were detrimental to their clients, as dropped or incomprehensible calls forced them to resort to other communication channels with significantly lower conversion rates.

Datalot, a company that develops pay-per-call advertising solutions, was facing a significant challenge in improving response times for internet leads to increase sales. The online lead generation industry was plagued with costly inefficiencies, making it difficult to convert someone who clicked on an online ad into a paying customer. The average time it took companies to respond to online leads was 42 hours, and 23% of companies never responded at all. The existing web-to-call infrastructure was a patchwork of separate processes and technologies that did not communicate with each other, leading to a loss of valuable information about the lead and a delay in response times. This resulted in sales reps being overwhelmed with too many leads or having too few to work with.

eHarmony, an online dating site, was faced with the challenge of enabling its users to connect over the phone while keeping their personal phone numbers anonymous. The company had previously introduced a private calling solution, but it was found to be difficult to use by subscribers. Users had to initiate phone calls to their matches using their computers, a process that was deemed cumbersome. eHarmony was therefore tasked with finding a calling solution that would provide a better customer experience, while maintaining the privacy and security of its users.

Experience, a technology platform that personalizes live event experiences for attendees, faced a significant challenge. The company wanted to allow customers to make purchases via text message, but integrating this feature without overburdening their development team was a daunting task. Experience's mobile application offered sports teams, venues, and live event promoters the ability to enhance a fan's experience by offering unique rewards. However, these offers could only be delivered through a mobile website, and fans who wanted to upgrade their seats had to navigate through the team's website on their mobile browsers, find the seat upgrades they wanted, and pay for them. Experience knew that text messaging would greatly enhance this offering, but they also needed a short code for high-volume text-messaging applications, a process they knew to be burdensome.

GameChanger Media, a company that creates software to keep amateur sports fans updated about their favorite teams, was in need of a reliable and scalable communications platform. The platform needed to deliver personalized real-time news updates about amateur sporting events to subscribers anywhere in the world. The challenge was to find a solution that could handle the escalating number of SMS alerts, and provide a seamless experience for the users. The company had tried several SMS providers but none met their requirements for competitive pricing, powerful API, and high reliability.

PagerDuty, an incident management platform for IT operations and devops teams, was faced with the challenge of making IT alerts reliable and simple to use. Traditional alerting systems were either complex, capital-intensive enterprise projects or unreliable, jury-rigged hacks that were as likely to fail themselves as the systems they monitored. The founders of PagerDuty, Alex Solomon, Andrew Miklas, and Baskar Puvanasathan, aimed to create an alerting system that was not only highly reliable but also simple and accessible. They envisioned a cloud-based service that could aggregate incidents from multiple IT monitoring systems.

The Philadelphia Police Department, one of the oldest and most forward-thinking municipal agencies in the nation, was faced with the challenge of enabling more citizens to anonymously report minor crimes and nuisance behavior using SMS messages. The goal was to free up dispatchers to focus on emergencies. The department recognized that for many people, text messages are the preferred method of communication. They wanted to make it possible for people to send anonymous tips from their cell phones to help solve crimes. However, bridging the phone and internet was a difficult task. The department also needed a solution that would allow them to respond securely to the sender in case of an emergency, while maintaining the anonymity of the caller.

PhoneUnite, a company offering hosted PBX services to small and medium-sized businesses, faced a significant challenge in finding a scalable, pay-as-you-go communications provider to support their growing business. The co-founders, Henry Weber and Bryan Heitman, initially planned to route calls to their customers' mobile phones, aligning with the BYOD (bring your own device) trend. However, they discovered that their customers also desired traditional business phones, alongside lower communication costs. The challenge was to satisfy these customer needs while also future-proofing their communications infrastructure.

QuoteWizard, a company that connects consumers with insurance agents, faced a significant challenge when their telephony provider experienced an outage that lasted for days. This outage caused their Interactive Voice Response (IVR) and lead generation infrastructure to go offline, severely impacting their operations. The reliability of their phone infrastructure was crucial for their revenue stream, as they get paid for every successful connection between a buyer and an agent. The outage not only disrupted their services but also left the team in a state of uncertainty and stress. The situation was further exacerbated when, even after 24 hours, the outage was not resolved, leaving QuoteWizard's telephony services still down.

Tillster, a global leader in self-service digital ordering, faced the challenge of improving and simplifying its application security. The company needed to incorporate a more active and dynamic vulnerability assessment system to ensure the security of its applications. The challenge also included providing guidance to Tillster’s DevOps team to achieve optimal protection within the entire Software Development Life Cycle (SDLC). The company had to balance internal and external practices, comply with OWASP’s top 10 application security risks and mobile application guidelines, and run scans and penetration tests to meet PCI standards. Patch management was critical for keeping Tillster’s applications safe, as 99% of software exploits are based on known vulnerabilities. Furthermore, Tillster had to deliver secure software on schedule, ensuring that security issues did not cause delays and that the software in production did not pose a risk to restaurants or consumer data.

The North American insurance subsidiary, a part of a global group that ranks among the world’s top providers of both commercial and property/casualty insurance, faced several challenges in its application security. The company wanted to increase awareness among developers about application security risk and safe-coding practices, enable discovery and remediation of vulnerabilities with minimal delays to the development process, reduce the backlog of unaddressed high-risk vulnerabilities, and roll out a global solution to all internal business units and groups. The company's existing application security processes were unsustainable. Vulnerability scanning with the legacy static application security testing (SAST) tool often took hours at a time, and many of the alerts in each report turned out to be false positives, wasting precious time and potentially delaying release cycles.

Floor & Decor, a rapidly growing retailer with over 200 locations and $3 billion in annual revenue, faced the challenge of ensuring comprehensive security for its retail business and development environments. The company needed to protect its business operations, particularly customer data, from potential security threats. The challenge was to implement a solution that could provide robust security for its retail stores and point-of-sale (POS) systems, while also managing strong growth. The company needed to limit false positives and scan for threats and intrusions faster, more seamlessly, and in real-time. The company also sought to reduce the time spent on identifying and handling security vulnerabilities, which was consuming significant staff time and resources.

CM.com, a global leader in cloud software for conversational commerce, was struggling with its application security strategy. The company's primary application security strategy consisted of penetration testing and static application security testing (SAST). However, these tools consumed considerable time on the part of both the security team and the development teams. The reports generated from these tests had to be analyzed by the security team, and a ticket would be created for each vulnerability that needed to be fixed. This process often resulted in days of delay before developers received feedback on what to do. These security-related delays created friction in the development process and increased complications and delays tied to fixing vulnerabilities that were identified in the process. They also resulted in resentment on the part of developers. Furthermore, the scan and penetration reports revealed that there was a great deal of room for improvement in the quality of the outputs of the development process.

One of the world's top 10 banks was undergoing a digital transformation to streamline its domestic and international business. The bank, with over 1,000 branches worldwide, 5,000 ATMs, over 50,000 employees, and millions of customers, was facing challenges in integrating security into its software development process. The bank's Application Security (AppSec) team had been relying on static tools to ensure the security of the software they developed in-house. However, changes in technology and the evolving threat landscape necessitated a more robust, automated AppSec testing solution. The bank was also rapidly moving towards using microservices for its platforms, which were used across multiple business units. The bank's software had been developed and released at an increasingly rapid pace since the development team had combined Agile sprints with DevOps methodologies. This fast-paced rollout of software introduced potential vulnerabilities and greater business risk. The bank's current AppSec tools and processes were found to be inadequate in addressing these issues, causing code release delays, scalability concerns, manual testing delays in development, and time-consuming developer training and education.

Kaizen Gaming, a leading GameTech company, faced significant challenges in its application security. The company's large development operation, which includes 28 fully staffed Scrum teams, was struggling with late identification of vulnerabilities in the software development life cycle (SDLC). This late detection resulted in remediation work being pushed to the end of the development process, causing extra work and stress. The company's reliance on penetration testing did not provide real-time, holistic observability into Kaizen’s overall application portfolio, leading to blind spots and inefficiencies. The company needed an automated, efficient, and scalable solution that could catch vulnerabilities earlier in the process without slowing down their developers. Additionally, the financial team preferred a pricing model that charges by the application rather than by the developer due to the company's large development team and tight margins.

The case study revolves around a large retail and e-commerce company with over 25,000 employees and $5 billion in revenue in the financial year 2015-16. As the company's e-commerce platform became a leading sales channel, it transitioned to an agile development process, moving from 6-week release cycles to 3-week cycles to accelerate innovation. However, the rapid release cycles demanded an intense focus on security to avoid brand damage and customer data loss. The company's existing application security products were a disruption to the release cycle schedule, forcing all those involved in the Software Development Life Cycle (SDLC) to reprioritize their work. The Application Security manager found himself in the critical path for every production deployment, outnumbered in the entire process. The company's traditional application security was done at the integration testing phase, which was one step before the application was released to production. The process either added significant 'rework cost' or postponed security fixes to a later application release.

Envestnet | Yodlee, a leading data aggregation and data analytics platform for digital financial services, faced the challenge of seamlessly and cost-effectively aiding developers in identifying and fixing application security vulnerabilities within their code early in the Software Development Life Cycle (SDLC). The company also aimed to reduce the burden that development and security practitioners encounter by reducing the number of false positives reported. As a fintech company, security is paramount for Envestnet | Yodlee, and they needed to ensure that every product on its platform met the most stringent security and compliance requirements. The company periodically conducted code reviews to ensure there were no vulnerabilities, but they wanted a better solution that could reduce the number of false positives, as triaging them wasted time and reduced efficiency. They also desired a security solution that could scale, augment and seamlessly integrate with the current toolset.

The digital healthcare company was facing a challenge of business and technology innovation being hampered by traditional legacy security and infrastructure tools. The company required a solution that could quickly and seamlessly accelerate the company’s digital future by migrating securely to a cloud infrastructure. The company was also facing the challenge of solving the healthcare access problem. With approximately 6 million patients visiting the company per month to schedule and book doctor appointments, they needed to adapt, innovate, and modernize the healthcare industry by providing a frictionless healthcare experience for healthcare practitioners and for the 21st century patient. The company initially focused on private healthcare practices and building a technology solution optimized for that specific use case. They experienced early success, building momentum, and critical mass. The company soon realized that there was a significant opportunity to turn its focus and expand to a larger piece of the healthcare system by addressing the changes in healthcare demands.

The financial services firm in question was facing significant challenges in achieving comprehensive application security test coverage for its entire software portfolio. The existing application security tools were proving to be inaccurate and ineffective, leading to developer disengagement, product delays, and negative business impacts. The IT Security team was primarily focused on network security, relying on perimeter security solutions to protect their applications and data. The application development team had minimal involvement in application security, and the training they received did not keep pace with advances in application development and hacking. The security team lacked the visibility needed to work efficiently and effectively, with their scanner tool reporting many false positives and lacking the necessary information for developers to find and fix errors. The existing tools and processes were preventing a complete security analysis of their applications, delaying the delivery of new business-critical software functionality.

The U.S. based regional credit union, serving nearly 100,000 customers in rural communities, was facing challenges in delivering and securing modern software applications to protect customers’ private financial data. Prior to working with Contrast Security, the credit union’s application security efforts were ad hoc with periodic penetration testing and content analysis highlighting issues post-development. The credit union’s developers produce a significant amount of custom code that they release relatively frequently. Identifying vulnerabilities with traditional scanning tools was a challenge, as the tools generated a high number of false positives. The company also wanted to deploy Contrast in Dev/QA in order to identify potential vulnerabilities early in the SDLC and create a baseline. Additionally, prior to the installation of Contrast Protect, the credit union was potentially vulnerable to attacks.

The regional bank in the United States was facing a significant challenge in maintaining its network security. The bank was spending considerable resources and man-hours every week to remediate issues caused by malware entering the network and infecting the endpoints. The bank's network security was compromised when internal users visited malicious or compromised websites, which would download malicious content, some of which were unknown, infecting the users' machines. Additionally, spam emails and embedded word documents were bypassing the bank's firewall and reaching the end users. When users opened these malicious files, the executable code in them would enable attacks on the endpoints. The IT security team had to engage in time-consuming remediation procedures. The bank needed a solution that would detect the malicious files before they arrived at the endpoints and reduce the time spent on remediation.

Terma A/S, the largest aerospace, defense, and security company in Denmark, was facing a significant challenge in tightening its security to protect nation-state secrets from targeted cyber-attacks. The company, which works on highly confidential projects for civilian and military applications, was a prime target for cyber-attacks that could potentially disrupt internal operations and pose risks to national security. Terma needed to update to the latest technology on a regular basis to stay ahead of the hackers who were constantly trying to infiltrate their systems. The main challenge was that hackers are very patient, so Terma always had to be on its toes with the latest technology.

Hotel Nikko, a luxury hotel located in San Francisco’s Union Square, was facing a significant challenge in maintaining its network security. The hotel relies heavily on its network to support guest services, reservation systems, property management, and other critical business operations. Any network outage could lead to lost revenue, disappointed guests, and damage to the hotel’s reputation. Despite having a firewall from another vendor, the hotel found it difficult to manage and it provided only limited protection against sophisticated network threats. The situation became critical when a virus invaded the hotel’s network and impacted some of its most critical business systems. The hotel was in need of a comprehensive security solution that could identify and mitigate the latest online threats, and was easy for its small IT team to set up and use.

Starkey Hearing Technologies, a leading developer and manufacturer of hearing aids worldwide, faced a significant challenge in protecting its systems against zero-day threats and ransomware attacks. The company needed to secure the laptops of its mobile users and gain better visibility into incidents without increasing management and maintenance tasks. The challenge was amplified when Starkey was hit by an advanced malware attack, Gatak, a type of Trojan that hides data in image files. This malware led to three or four advanced malware incidents per week, infecting 2,000 machines in just two weeks. The malware gathered valuable data, escalating access privileges to network assets and spreading laterally. When employees took their laptops home, they became much more vulnerable, indicating that Starkey’s antivirus solution was no longer sufficient.