Veracode enables SchoolCNXT to improve code quality and increase confidence among customers and prospects

The Challenge

The SchoolCNXT application houses sensitive information about students, faculty, and parents, so it needs to be secure. Application security is especially critical in the current economic climate as cyberattackers are exploiting the pandemic for personal gain. In fact, the FBI found that cyberattacks have increased by 400 percent over the past several months. If a security breach occurs, it would not only expose the users’ sensitive information, but damage SchoolCNXT’s reputation, and possibly lead to both the company and the Department of Education being sued.

SchoolCNXT is also challenged with mistrust from undocumented families, which make up a portion of SchoolCNXT’s customer base. “Many of those families are undocumented and their levels of trust with the government, including – sometimes – the school districts is rather low, and that’s understandable,” said Paul Caliandro, Chief Executive Officer of SchoolCNXT. Undocumented families need the reassurance that their conversations in the application are secure and confidential.

The Solution

Paul Caliandro previously worked in IT security and was familiar with Veracode. So, when it came time to select an AppSec vendor, he turned to Veracode. SchoolCNXT is a cloud-based platform, so Caliandro and team were hoping for a cloud-based AppSec vendor. Since Veracode offers the application security industry’s only cloud-native SaaS solution, combined with over a decade of experience helping customers develop effective AppSec programs, it was the clear choice for SchoolCNXT.

Aside from being a native SaaS solution with years of expertise, it was also important to SchoolCNXT that Veracode offers penetration testing in its AppSec testing mix. SchoolCNXT had been scanning its code sporadically prior to selecting Veracode but wanted a penetration test before selecting additional testing types. The penetration test conducted by Veracode exposed some medium-risk vulnerabilities, which were fixed immediately. From there, SchoolCNXT decided to add on static analysis and software composition analysis to scan its first- and third-party code.

The Results

Since implementing Veracode, SchoolCNXT has been pleased with the results. As Paul Caliandro stated, “We found it to be enormously successful, and it’s helped us improve the quality of our code.” With higher quality code comes increased security and decreased vulnerabilities, which gives both employees and customers peace of mind.

“Knowing that we’re entrusted with such private information, security is very important to us, and I don’t know how we would achieve the level of confidence in our security without a tool like Veracode. I know that nothing’s going out to production that hasn’t been scanned by Veracode, and I sleep really well at night knowing that we are not an easy target for malicious attackers,” said Jack Collier, a software developer for SchoolCNXT.

SchoolCNXT customer May Wong Lee, principal of PS 42 Benjamin Altman school, is also at ease knowing that SchoolCNXT is proactively securing its application. “All my families use SchoolCNXT. Whether they are here legally or not, I trust SchoolCNXT to keep all information safe. We are a public school. We serve all in our community. That’s the trust I put into SchoolCNXT, and that’s the trust that my families put into SchoolCNXT,” Lee remarked.

SchoolCNXT has also enrolled in Veracode VerifiedTM, a three-tier program that helps AppSec customers advance their programs to the highest level of security. For each level reached, the customer receives a badge and documentation attesting to the accomplishment. The badge and documentation can be used with prospects and customers to show a commitment to security.

“[Veracode VerifiedTM] is really, really important to us,” said Caliandro. “We speak and interact very often with the highest level in the IT organization of these school districts, and security is always a central topic of discussion. Having Veracode Verified enables us to enter into the discussions with the CIO of the largest school districts in the country with extreme credibility. So, we no longer have to prove ourselves as having achieved security. We can show them, and we can demonstrate through the achievement of Veracode Verified, which gives us a competitive advantage.”

Matt Hausmann agrees, stating, “from the chief marketing officer perspective, it’s something that I know is important to not only our current customers but to our prospects and others that we’re talking about. The ability to say that we are Veracode Verified carries a tremendous amount of weight.”

Overall, SchoolCNXT has “come out of [the process] as a better company with a better and more secure platform,” according to Caliandro. And with new product releases and plans to attain the next tier of Veracode VerifiedTM, the sky is the limit for SchoolCNXT.