Intopalo security assessment for HappyOrNot Intopalo security assessment for HappyOrNot

Customer

HappyOrNot Ltd. is the global leader in customer and employee satisfaction improvement service. The award-winning HappyOrNot service enables organizations to improve their customer service and performance based on continuous satisfaction measurement. The innovative and well known Smiley Terminals are being used by nearly 2,000 leading retail and service chain organizations in over 70 countries. HappyOrNot customers include global industry leaders such as Carrefour, Dixons Carphone, LinkedIn, Kennedy Space Center, Heathrow Airport, Euromaster, GE Healthcare, Office Depot, and many others.

Goals of the Intopalo security collaboration

The customer wanted to reinforce their security practices already in use to protect customers’ data, business continuity, and the company brand value by efficient management of information security risks.

The scope included also improving the sales process through better documented assurance of systematic security management.

Finally, HappyOrNot wanted to meet the requirements of specific institutional customers who require careful assurance of additional security controls.

Case description

The Intopalo security project started with Intopalo’s business-driven security assessment. Potential threat agents as well as cost and damage scenarios were identified. A threat model was developed based on architectural analysis of the HappyOrNot system that runs on Amazon Web Services (AWS). Vulnerability testing practices were established, and vulnerability scanning of AWS servers was conducted using Nessus, OpenVAS, Burp Suite Pro, Arachni, WordFence, and Qualys SSL Server Test. The AWS configuration was audited against the AWS security audit guidelines.

The existing security-related practices were documented, and new practices were established as a formal security program.

The security project delivered its goals: we created the needed additional documentation for security approvals, produced new security focused sales materials and set up additional security assessment processes and tools. At the same time, we increased the awareness of security in our teams. Intopalo helped us achieve the goals and create tangible business value despite a very aggressive timeline.

Davide D’Incau

Product Director, HappyOrNot Ltd.

Key results
  • HappyOrNot got an official approval to provide the service to the institutional customers.
  • A formal security program was kicked off, consisting of both existing security practices and new practices.
  • The documentation of the security program together with a new security marketing message provided tools for speeding up the sales process.
  • Security awareness of the tech team was raised.