Content Security delivers cyber security assurance to Omnyfy.
Omnyfy, a marketplace and multi-vendor eCommerce solutions provider based in Melbourne, helps businesses remain competitive and take advantage of new market opportunities by rapidly transforming existing business models with technology-based solutions that power multi-vendor marketplaces, procurement systems and direct-to-customer ordering platforms.
In 2018, Omnyfy was engaged by one of Australia’s largest corporates to implement a multi-channel, multi-vendor commerce solution, using its Omnymart Platform, to drive direct-to-consumer sales of products both domestically and internationally. The solution required comprehensive data security and controls for API based connectivity between multiple channels including Point-Of-Sale and Web.
Ensuring the protection of sensitive data is critical to the success of a marketplace whether it is for a product, service, or a booking-style marketplace, personal information is almost always a key element, which makes information security critical to Omnyfy’s service offering.
The implementation requirements for this particular project dictated significant security controls to be put in place to secure point-to-point data parsing between point-of-sale and the core eCommerce platform, as well as for the eCommerce Marketplace itself. The application, which is delivered as a managed platform, had to be thoroughly assessed for infrastructure hardening and potential vulnerabilities.
“The penetration test needed to show what the issues were and provide clear recommendations for Omnyfy to remediate” said Matt Kroeger, Product Director at Omnyfy.
Omnyfy elected to work with Content Security, an Australian owned IT security consultancy who helps companies on their journey to improve information security, achieve compliance and reduce risk.
Content Security's approach was to first understand the purpose of the application, its features, functionalities and how it fits into the client’s environment. This ensured that not only common web vulnerabilities were uncovered, but also attacks specific to the platform and the business process it supported.
Content Security conducted a comprehensive test, providing Omnyfy with a report, detailing vulnerabilities and prioritising these based on the level of risk and likelihood of an attack. “From the report, we knew exactly where the issues were,” Kroeger says. “And we were able to fix them almost immediately.”
Omnyfy went to work internally to execute the recommendations from within the report. “We take security very seriously, and thankfully the report we got back did not show any critical issues. Instead, they were minor issues that we were able to address rapidly” said Kroeger.
“Content Security were agile and easy to work with from the beginning. They offered a re-test as well, which was important to give both our client and our team the validation that we had solved any issues before the platform went live.”