Customs Bridge is a French software startup that helps buyers and manufacturers manage international import and export taxes. President and co-founder Loïc Poisot has a mission to redefine how companies work with and understand customs. “Everyone knows what customs are, but it’s a confusing subject,” Poisot explains. “They exist to protect a country’s economy and they’re the primary vehicle for economic sanctions. Our goal is to simplify this by being the Google Translate of the customs world.”
Poisot was an IT team lead for HSBC and IBM when he discovered a passion for creating new technology. He later joined Alacrité France, where he led the effort that eventually became Customs Bridge. As a hands-on leader at Customs Bridge, he sees proactive information security as a competitive advantage. “Security isn’t about what you build, but the way you think. You can be strong with security, but the way you’re secure depends on your strategy,” notes Poisot. “Don’t take security lightly. You cannot be 100% secure, so you have to find smart ways to reduce your attack surface and vulnerabilities. RapidFort is the path we’ve chosen.”
RapidFort proactively hardens and optimizes Customs Bridge’s containerized infrastructure and protects its customers from malicious attackers.
Securing a Cloud-First, Containerized Infrastructure
Customs Bridge is a cloud-first company built during the pandemic. Poisot’s top infrastructure priorities were scalability and repeatability given his remote team’s inability to meet in person. “We built everything around Docker containers,” says Poisot. “We tried infrastructure as a service (IaaS) solutions, but we didn’t want to get locked into any providers. It was important that we could move from one provider to another because we love freedom.”
Poisot and his team quickly sought security solutions to protect their growing footprint. “As a startup, security is very important. You’re not well known, so you can quickly destroy your credibility. Having strong product security can build your credibility.” However, it quickly became clear that team could not control the open-source dependencies upon which Customs Bridge software was built.
“We had a lot of issues with OpenSSL and Log4j,” Poisot notes. “We used a lot of libraries, OSes, and building blocks that may have had security holes. You can do your best to secure your top-level code, but if the underlying code isn’t secure, you have a problem. I was looking for a way to control that and understand flows and issues to make a good decision. That’s how we discovered RapidFort.”
Data Sensitivity
Customs Bridge gathers, merges, and marries public and private data. Much of the data may begin as public, but gets processed by proprietary methods, after which it requires protection. Their processing results are part of their competitive advantage, so it’s very important to mitigate any risk of unauthorized access. “Our clients input data in our service and declare their importations with our systems. The importation data includes vessels, projects, sellers, and pricing, which is really sensitive for our customers.”
RapidFort was the go-to choice for proactively protecting sensitive data. Poisot did not want to be in a position of reacting to security intrusions. “As a startup, we try to be proactive in every way, even in the interface and functionality. This also applies at the security layer. You have to always be a step ahead of the person who could attack you.”
Because of RapidFort’s native capabilities, Poisot didn’t feel the need to look for other solutions. “There are some solutions that can help you discover issues in your stack, but I didn’t need a lot of that. The big advantage of RapidFort is that it tells you what might be wrong and what issues exist. It also helps you to reduce problematic flows in your stack. You can do both in one run and it’s very easy.”
Three Advantages: Visibility, Automatic Correction, and Size Reduction
Beyond the ability to understand potential issues in Customs Bridge’s infrastructure, Poisot found three business advantages to using RapidFort:
- Visibility. “You can understand what’s going on [in your infrastructure] and take action.”
- Automatic correction. “Reducing the image size based on what you use, you eliminate a lot of vulnerabilities. More than 90% of the known vulnerabilities were taken out of our infrastructure.”
- Size reduction. “Images greater than 1GB are okay on fiber networks. But when working from home with slower connections, the difference between 1GB and 100MB is very important because it saves time.”
Initially, Poisot felt some skepticism around eliminating 90% of the code within his containers. “Of course, I was curious whether it was really working. Could I be missing something that my clients need and they discover it?” After using and understanding RapidFort more in-depth over time, he came to realize, “If I have any problems, it’s because my coverage tests aren’t strong enough. You have to run a test on every functionality of your image. RapidFort sees what you use and removes what you’re not using. It’s helped us to build stronger tests for our deploy pipelines.”
Onboarding, Documentation, and Partnership
Technical product onboarding presented few challenges for Poisot. Once he understood RapidFort, he was able to onboard quickly. “I had difficulties in the beginning because I was lacking time. At a startup, time is money—and money is running out as much as time. Once I could give time to it, it was flawless.”
Poisot was impressed with RapidFort’s strong technical documentation, which was essential for Customs Bridge’s implementation. “The documentation is really well-written. A strong solution is good, but if the documentation is poor, it’s useless. They have quick start templates with example containers, so you can grasp how it works very quickly.” The documentation and implementation examples served another benefit for Poisot as he built Customs Bridge: “[RapidFort] helped me to rethink my pipelines and make them even stronger.”
As a small startup, strong product support was imperative. “Every time we had to discuss an issue with RapidFort, we were able to get in touch with the tech team. We’re based in France and there were no issues talking with the U.S.-based team.” Despite the nine-hour time difference, Poisot and his team could quickly interact and troubleshoot any scenarios.
Poisot especially appreciates RapidFort’s commitment to Customs Bridge’s success. “RapidFort stands out because it is a startup like us. You have dedicated teams and proximity to the technologists. RapidFort is willing to help you grow and succeed. They have a strong customer success strategy. They want to make sure that they don’t simply sell something, but that you get value for your money.”
“Don’t take security lightly.”
RapidFort played a key role in the building and implementation of Custom Bridge’s proactive product security. By reducing the attack surface by over 90%, RapidFort helped Poisot’s team to operate more securely and efficiently. The strong product documentation helped the team develop a quick and deep understanding of stronger CI/CD pipelines and product coverage tests. RapidFort’s commitment to customer success and value delivery helped Customs Bridge easily troubleshoot any stumbling blocks on the path to container optimization.
Poisot’s final note to anyone considering RapidFort: “Don’t take security lightly. If you don’t want to waste too much time trying to fight the wind like Don Quixote, try automating your work. RapidFort is the path we’ve chosen. In my view, RapidFort is the go-to solution.”
RapidFort has a free scanner, a free community edition, and paid products available for commercial enterprises and government agencies. Get started today with a free download or a product demo.