Where UX meets AppSec: Gravity’s shift toward embedded, proactive security

Introduction on Gravity and Security in digital product design

Hey Ruben! Can you tell us a bit about yourself and Gravity?

Of course! I’m Ruben de Baat, Digital Consultant at Gravity.

Gravity started as a highly technical agency focused on developing custom platforms, mobile apps, and complex integrations. Since joining the Loyals Group, we’ve expanded our expertise while staying true to our core value: Simplicity moves. No matter how complex the technology behind the scenes, we always ensure a seamless and intuitive user experience.

As a Digital Consultant, I bridge the gap between business and technology, connecting clients and developers by leveraging my expertise in UI/UX, DevOps, and business. I help create scalable and secure digital solutions by translating client needs into technical requirements, ensuring the right architecture, security, and long-term value. 

‍

“My goal is to challenge both clients and developers to collaborate effectively, pushing boundaries to build the best possible digital solution.”

What role does security play within a digital agency like Gravity?

Security is a key part of our work. We develop and manage custom digital solutions for clients, from full platforms and mobile apps to backend tools, admin portals, and integrations with all sorts of SaaS solutions like ERP and CRM systems.

As we take on more projects, security and testing are becoming increasingly important. But simply adding more manpower isn’t a sustainable solution. That’s why we turned to security automation. Previously, security was handled reactively, through periodic checks and contractual agreements with clients. But we saw a growing need for a proactive approach, which led us to Aikido.
‍

How Aikido fits into the day to day workflow

How have you integrated Aikido into your workflow?

We built an internal security monitoring tool that integrates with Aikido. This allows us to share security insights with clients without giving them direct access to Aikido.

Clients receive a clear, concise overview of open security issues, resolved vulnerabilities, and overall platform performance. Think of it as a small viewing window, keeping things simple and manageable for our clients.

This approach not only provides transparency but also reassures clients that they’re staying ahead in security. While we don’t explicitly mention Aikido, security is a core part of our contractual services. This adds value and reinforces our expertise.

‍

"By integrating security directly into our workflows, we make it a natural part of the process, not an afterthought."

‍

You are now working with larger enterprises and government institutions. What does that mean for your security approach?

We originally worked with startups, where speed and functionality were the top priorities. But as those startups grew, and as we started working with larger businesses and government clients, security requirements became much stricter.

To keep up, we’re focused on automating security processes so that every new project starts efficiently and at scale. Security is no longer an afterthought. With Aikido, we’re integrating it directly into our DevOps pipeline to ensure it’s a seamless part of our workflow.
‍

"As we scale, security must scale with us—automation is the key to making that happen."

‍

Why did you choose Aikido, and how has your experience been working with them?

The timing couldn’t have been better, just as we were searching for a solution, we came across Aikido’s website and started chatting. What immediately stood out to us was their agency-friendly model. Unlike tools like Snyk, which are built for end-users, Aikido is specifically designed with agencies in mind. Additionally, Aikido is European-based and GDPR-compliant, aligning well with the regulatory framework our clients in the EU are subject to.

Another key factor was their fast and direct communication. Our questions are always answered promptly, and being able to communicate in Dutch is incredibly convenient. Cost efficiency is also a significant benefit. Thanks to Aikido’s agency model, we can offer even smaller clients high-quality security at an affordable price.

Moreover, Aikido integrates seamlessly with DigitalOcean, our preferred hosting solution for clients without existing infrastructure, making it a perfect fit. Lastly, Aikido's AI autofix feature sounds promising, and while I haven’t tested it yet, I’m eager to explore it further in the coming months.
‍

What are the next steps for security at Gravity?

We’ve laid a solid foundation for better security practices, and now our focus is on refining and scaling our approach. Aikido is a crucial part of this process, helping us keep security top-of-mind without slowing down development. Security is no longer a separate process, it’s now an integral part of our DevOps workflow.

‍