Perforce Tackles a High Volume of Security Reviews

Security questionnaires are getting more complicated across industries,” Gerg says.” The questions are more complex and require more evidence. Questionnaires used to take 10 minutes, where now they can take hours interpreting questions and searching for up-to-date answers.

Perforce Tackles a High Volume of Security Reviews

Perforce Software, a leading provider of DevOps solutions, empowers businesses and institutions to develop, build, and maintain high-stakes applications without compromising quality. Founded in 1995, Perforce has grown to provide a suite of scalable solutions, including version control software, infrastructure automation, developer collaboration, and more. Trusted by more than 1 million users, Perforce partners with 75% of Fortune 100 companies to accelerate time to market and reduce risk in environments where the cost of failure is high. 

Facing an overwhelming influx of over 300 security questionnaires annually, Perforce’s Information Security (InfoSec), Sales, and Customer Success teams were encumbered by the demanding pace and precision required for their security review process. The partnership with SecurityPal introduced a transformative approach, optimizing Perforce's ability to manage security reviews efficiently and allowing the company to enhance its security program significantly as it continues to expand.

The Challenge: An Overwhelming Volume of Security Reviews

The magnitude of security reviews Perforce encountered yearly placed a considerable strain on their resources. With 300+ security questionnaires coming in each year, Perforce’s InfoSec, Sales, and Customer Success teams were burdened with security reviews that each required efficient turnaround times and accuracy, despite ever-evolving questions and answers. 

"Before working with SecurityPal, our security review process was manual and tedious,” Christopher Gerg, CISO at Perforce Software says. “This boils down to the nature of our business. We have 20 product lines. Let’s say we have 50 reviews per year for each product line — that’s an unmanageable pile of security questionnaires."

Because of the breadth of Perforce’s business, they needed a single source of truth for accurate answers that could be continuously updated over time. Not only that, but they needed to be able to seamlessly disseminate up-to-date information across every team that touched security questionnaires, including InfoSec, Sales, and Customer Success.

“With security questionnaires, it’s always the same questions but they’re written differently for each one,” Gerg says. “Reading, interpreting, and searching for the most up-to-date answer takes a long time. Multiply that by hundreds of reviews each year, and the time requirement is astounding.”

Further adding to the challenges, there has been increased requests for and complexities surrounding the security reviews themselves, as more enterprises prioritize security, customer assurance, and third-party risk. 

"Security questionnaires are getting more complicated across industries,” Gerg says.” The questions are more complex and require more evidence. Questionnaires used to take 10 minutes, where now they can take hours interpreting questions and searching for up-to-date answers."

Heading 1

Heading 2

Heading 3

Heading 4

Heading 5
Heading 6

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.

Block quote

Ordered list

  1. Item 1
  2. Item 2
  3. Item 3

Unordered list

  • Item A
  • Item B
  • Item C

Text link

Bold text

Emphasis

Superscript

Subscript

Key Challenges

  • Manual processes for completing security questionnaire
  • High volume of security reviews
  • Ever-evolving complexity of questionnaires
  • Managing and updating a secure knowledge library 

Perforce sought a solution to automate their security questionnaires and disseminate accurate, up-to-date information across the company, allowing their InfoSec, Sales, and Customer Success teams to focus on high-impact work.

The Solution: Expediting Security Reviews at Scale

Understanding the complexity and depth required for a comprehensive security review process, Perforce sought a solution that went beyond conventional software tools. Their search led them to SecurityPal, a choice motivated by the need for a dynamic, intelligent approach to managing security questionnaires.

Gerg provided insight into the decision-making process, stating, “We looked at other tools but they were not much more than a searchable database of question answer pairs. SecurityPal has human analysts that took a lot of the heavy lifting from our team.” This acknowledgment highlights the unique value SecurityPal brought to the table—combining human expertise with AI-driven processes to significantly reduce the burden on Perforce’s team. 

The partnership with SecurityPal introduced a revolutionary change in how Perforce tackled the challenge of security questionnaires. Through SecurityPal’s Questionnaire Concierge service, which leverages both AI and seasoned analysts, the process became more efficient and accurate. Submissions were streamlined via a dedicated portal, leading to a systematic, first-pass review that ensured only the most relevant questionnaires reached Perforce's InfoSec team for final validation.

Echoing the benefits of this collaboration, Gerg remarked, “We no longer have the time-consuming task of going question by question. The longer we partner with SecurityPal, the more and more complete our questionnaires are by the time we see them. SecurityPal is so effective and accurate, which has saved our team a lot of time.” 

This feedback underscores the transformative impact of SecurityPal's services on Perforce's operations, emphasizing efficiency, accuracy, and the progressive improvement in the completeness of security reviews over time.

The Impact: Fostering a Roadmap for InfoSec Maturity

Before the alliance with SecurityPal, Perforce often spent weeks on a single security question, which greatly hindered the InfoSec team's ability to focus on strategic initiatives for security program maturity.

Gerg highlighted the predicament and the transformation post-partnership, saying,“Any InfoSec program will say there’s always more to do. They get bogged down with security questionnaires and are forced to adopt a reactive approach to security. Now, we’ve been able to build a deeper roadmap to actually improve the maturity of our program, which is necessary as we acquire businesses and increase our security footprint.”

This partnership has enabled Perforce to navigate through the challenges of scaling, particularly as the number and complexity of security questionnaires have surged. Despite this growth, they have successfully maintained their review queue at a manageable level, consistently returning questionnaires within five to ten days — thereby alleviating undue pressure on their team.

Reflecting on the journey with SecurityPal, Gerg shared,“So many times you do due diligence for new tools, make a decision, and there’s some kind of compromise, often with implementation or deployment. SecurityPal works as advertised. Plus, we can evolve the partnership to make it work even better as we grow. SecurityPal is receptive to our feedback and develops solutions around our needs. Our partnership has been such a positive experience.”

SecurityPal has emerged as an invaluable ally for Perforce, delivering on its promise to expedite the security review process without sacrificing the precision or compliance standards essential for today’s digital landscape. Through this collaboration, Perforce's InfoSec team has not only streamlined their operational workflows but also embarked on a path to significantly mature their security protocols and practices as the company expands. This, in turn, provides Perforce's customers with assurance that their high-stakes applications are secure from development to deployment.

To discover how SecurityPal can elevate your security questionnaire process with efficiency and accuracy, reach out today. 

About company
Perforce Software, a leading provider of DevOps solutions, empowers businesses and institutions to develop, build, and maintain high-stakes applications without compromising quality. Founded in 1995, Perforce has grown to provide a suite of scalable solutions, including version control software, infrastructure automation, developer collaboration, and more. Trusted by more than 1 million users, Perforce partners with 75% of Fortune 100 companies to accelerate time to market and reduce risk in environments where the cost of failure is high.
Ready for more?
Connect with a specialist
Ready to Elevate Your Security Strategy?
Connect with a SecurityPal Expert Today.
Discover how SecurityPal can transform your security posture and accelerate your business growth.
Get started now