Snappy Navigates Hypergrowth Phase with Security Services from CYE

The challenge 

Bolster cybersecurity and address gaps during period of hyper growth

The solution 

A comprehensive security assessment, incident management, and staff augmentation 

The Value

Immediate and ongoing cybersecurity improvements and planning

The Company

Snappy is an award-winning gifting company with platforms that combine fun, personal experiences with advanced technology to take the guesswork out of gifting. Founded in 2015, Snappy completed a $70M Series C funding round in May of 2021. It was named Inc.’s fastest-growing company in the Northeast in 2021 and 2022 with two-year revenue growth of 5184%. With more than 50,000 five-star reviews, Snappy has become the trusted partner to over 2,500 enterprise customers and has sent millions of gifts worldwide.

Snappy is committed to enhancing the joy of gift giving and recently expanded its suite of offerings to include a consumer-facing gifting platform, as well as Snappy Lite, the self-service solution for small businesses to send gifts to employees and customers.

Snappy is headquartered in New York City and has a team of more than 300 people across four countries. Snappy is featured on Fortune’s “Best Small & Medium Workplaces,” “Best Workplace for Millennials,” and “Best Workplace in Tech” lists. Snappy’s stance on diversity and inclusion, its active focus on give-back programs, and its fundamental mission to spread happiness through fun, thoughtful gifts lead the way in unlocking the power of human kindness.

“The number one thing CYE has helped me with is to sleep better at night – they boost my overall security confidence.”

Dvir Cohen, Co-Founder and CTO, Snappy

The Challenge: Bolster Cybersecurity and Address Gaps During Hypergrowth Period 

As a very fast-growing third-party gifting platform, Snappy was adding large multinational organizations to its customer base. With larger customers come more stringent security demands and additional regulatory requirements due to location. While the company has always embraced a culture of security, it realized it needed to do more to reinforce its cybersecurity posture and demonstrate its commitment to customers of all sizes.

The Snappy platform stores personal information which is subject to various security obligations including relating to the protection of data both at rest and while in transit. Snappy, being a global company, must comply with data protection regulations in countries in which it operates. The challenge is even greater because the company has adopted an advanced architecture, completely cloud-based and serverless.

Like most companies in hypergrowth mode, Snappy is constantly recruiting and onboarding engineers and R&D team members but saw the need to receive external support for some security functions. Snappy co-founder and CTO Dvir Cohen explained that the company had contracted an outside firm to perform penetration testing, which identified areas of focus. At that point, Cohen recognized that Snappy could benefit from additional security expertise – especially given the universal problem of finding and retaining qualified security talent.

The Solution: A Comprehensive Security Assessment, Incident Management, and Staff Augmentation 

Snappy approached CYE to discuss penetration testing, but Cohen quickly gained a deeper understanding of the breadth and scale of capabilities at CYE and the level of security expertise. In his words, “I was immediately convinced” to go with the full suite of services. That meant partnering with CYE not only for penetration testing, but also for application security management, security assessment, incident management, and the Hyver cybersecurity optimization platform. In addition, Snappy utilized the CYE CISO-as-a-service offering.

Three services were especially important to Snappy. First, the CYE security assessment process would uncover any gaps in security that may not be apparent even after external penetration testing. As an example, any misconfigurations and vulnerabilities revealed by the service would provide a roadmap to the team as it tackled any potential gaps.

Second, CYE’s incident management is a 24×7 service that kicks in if there is ever a security incident. With it, Snappy could turn to CYE immediately and bring on a full team to investigate, mitigate, and recover from any incident.

Finally, the CISO-as-a-service offering would help Snappy deal with any security expertise gap felt by many companies. Given the rapid growth of the company, being able to rely on an external, seasoned CISO would give them breathing room to round out their own internal security team.

“I think of CYE as more than just providing features. CYE is more like a partner for us…an extension of our security team.”

Dvir Cohen, Co-Founder and CTO, Snappy 

The Value: Immediate and Ongoing Cybersecurity Improvements and Planning

When Snappy started working with CYE, many things changed almost immediately. The CISO-as-a-service offered help with security awareness, conducting phishing campaigns, assisting the sales process, questioning vendors, and nurturing the culture within the company. Employee security awareness training was tracked diligently to ensure that employees would not fall for phishing attacks or inadvertently introduce malware to the company. As a result, security awareness increased significantly.

CYE presented the findings of its assessment in an easy-to-understand format through its Hyver platform, and Snappy began to implement the recommended action plan. For all of these reasons, CYE has been invaluable.

“We haven’t had to handle a security breach situation, perhaps because we used CYE from the beginning. I sleep better at night, knowing that if we were to have a breach, CYE has my back and would help me,” explained Cohen.

Over the past two years, Snappy has continued its close collaboration with CYE. The Hyver dashboard allows findings to be presented to various teams, guiding them on how to implement any best practices. Every quarter, Snappy receives an assessment report that is used to both guide actions and demonstrate improvements in the security maturity level to the executive team. The relationship is two-way: input from Snappy led to close integration of Hyver with Jira, to increase the connection between engineers and management.

CYE has saved time and money, freeing up staff to focus on more immediate issues. “The CYE team wakes up in the morning and they think security,” said Cohen. “We wake up in the morning and think about how to build our products. Each team can focus on what it does best.”

“CYE is an incredible service. It allows me to make sure that I have professionals that extend my engineering team as security experts.”

Dvir Cohen, Co-Founder and CTO, Snappy