Aikido
LoginStart Free
Story
7 min read

Security in Digital Agencies: getting proactive like CORE

"With modern web frameworks comprising numerous components and dependencies, the threat of a third-party plugin or dependency having a known issue that is exploitable kept me up at night. From an agency point of view, Aikido provides a high level of coverage while spreading the cost across different clients and projects."

Ceri Richmond
Founder & Managing Director
Table Of Contents
TOC Item
Website
https://wearecore.co.uk/
Founded
2002
Industry
Agencies
Funding Raised
Headquarters
Cardiff, UK
Development Team Size
100+
Repositories across clients & projects secured

About CORE

CORE is a UK-based digital agency specialized in branding, web design, digital marketing, and paid advertising. Since 2002 they have collaborated with a diverse range of clients, including those in regulated sectors like finance and law and they are Cyber Essential Plus (audited) and ISO27001 accredited. Initially starting out using Ruby on Rails v1 and LAMP stack, their current focus is on modular, modern architecture such as Next.js, custom APIs and headless content management systems, while still working with Wordpress and other Ruby/PHP based frameworks and systems.

The challenge: making Security a proactive priority

In the digital agency landscape, many firms outsource technical builds to local, nearshore or even offshore contractors. CORE, however, believes in building a stable, long-term team that can own and manage security concerns throughout the stack in a timely fashion. They are accustomed to dealing with third-party security testers, often appointed by clients as part of annual auditing processes. However, waiting for external parties to identify issues wasn't sufficient. Being proactive in addressing security concerns as they arise is crucial to protect clients and maintain trust.

"With modern web frameworks comprising numerous components and dependencies, the threat of a third-party plugin or dependency having a known issue that is exploitable kept me up at night. When these vulnerabilities become exposed, it's a race to patch them before a bad actor or automated script exploits the weakness, potentially leading to site compromise, defacement, code injection, or worse."

Ceri Richmond, Founder and Managing Director, CORE

The solution: high-level of coverage for a small outlay

"From an agency point of view, Aikido provides a high level of coverage for a relatively small outlay. We manage around 100 project repositories in Aikido, so the cost is spread across many different clients and projects."

CORE sought a tool that could consolidate their security operations into a single service or dashboard. After evaluating options, Aikido emerged as the best fit in terms of functionality and pricing. Aikido's competitive pricing model allowed CORE to efficiently spread costs across numerous clients and projects. The platform delivered enterprise-grade security capabilities without straining their budget, making it a clear value-driven choice. Ceri notes, "From an agency point of view, Aikido provides a high level of coverage for a relatively small outlay. We manage around 100 project repositories in Aikido, so the cost is spread across many different clients and projects."

During the evaluation and rollout, two things stood out:

  • Seamless Onboarding: Integrating Aikido into their workflows was straightforward, allowing CORE's team to quickly adapt. Ceri highlights the rollout and ongoing collaboration with the Aikido team as "very friendly and responsive".
  • Weekly Digest Reports: Aikido's weekly updates became a favorite feature, offering clear visibility into vulnerabilities and their resolution status.

Aikido's weekly digest report, a staple in CORE's security operations.

The result: securing 100+ project repositories across clients & projects

  • Unified Security Operations: Managing over 100 project repositories from a single dashboard, ensuring comprehensive oversight across clients and projects.
  • Proactive Vulnerability Management: Identifying and patching vulnerabilities before they can be exploited, enhancing security.
  • Increased Client Confidence: Demonstrating proactive security measures enabled CORE to approach clients early for budget approvals to address emerging issues, strengthening relationships and creating new revenue opportunities. “We work on a time and materials basis so if we’re fixing issues, we’re generating revenue for our business as well as legitimately doing the right thing for our clients.”, according to Ceri.
"With Aikido, we can take a proactive stance, protect our clients' interests, and even create new business opportunities while doing so."

Ceri emphasizes, "Security is a fact of life on the internet. With Aikido, we can take a proactive stance, protect our clients' interests, and even create new business opportunities while doing so."

A word of advice for fellow Digital Agencies looking into security? “Be aware, be active, patch continually or suffer the consequences when they happen (it won’t be pretty)”.

A word of advice for fellow Digital Agencies looking into security? “Be aware, be active, patch continually or suffer the consequences when they happen (it won’t be pretty)”.

Download Case As pDF

Other great stories told by our customers

Agencies
Securing 100+ repositories across clients and projects.
View story
CORE
PE & Group Companies
Delivering SCA and beyond to 6,000+ developers.
View story
Visma
FinTech
Minimizing false-positives, while keeping GitHub as the single source of truth.
View story
Bound
HealthTech
Birdie's fastest time to resolution? 30 seconds.
View story
Birdie
Software Development
Marvelution weaves security into its one-word business plan: "fun".
View story
Marvelution
HealthTech
Realizing efficiency gains, from one intuitive interface to pentests behind the login wall.
View story
Mediquest