Sally Beauty Automates API Security with APIsec

Sally Beauty has fortified its API security with APIsec. APIsec's pre-production, automated, and continuous API testing solution has become a critical component of Sally Beauty’s security strategy, ensuring comprehensive API protection.
Published: 
July 15, 2024
Read Time:
5 minutes

The Business Impact:

30 Days to API Discovery

Security of No Code Platforms

3,515 Security Tests Daily

Josh Franklin

Josh Franklin

Sr. Manager Information Security Operations, Sally Beauty

“APIsec delivered on exactly what we needed; an API security solution that was pretty hands off as much as possible, with strong automation and intelligence, that would allow us to understand our API landscape, and discover and address any potential issues before they reach production.”

About Sally Beauty

Company: Sally Beauty
Founded:
1964
Industry:
Beauty/Retail
Recognitions:

  • Largest beauty supplier in the world with over 4,000 retail stores and 27,000 employees
  • Recognized in Newsweek America’s Greatest Workplaces 2023

Sally Beauty Holdings, Inc. is the largest distributor of professional beauty products in the U.S. and is on a mission to inspire a more colorful, confident, and welcoming world.

Business Challenges

The consumer retail space has advanced rapidly to provide rich web and mobile applications that deliver rich consumer experiences. As API usage expanded to support Sally Beauty’s transformation journey, the CISO and security leaders recognized the need to enhance their mature security program with API-specific solutions.

Key Requirements

  • Give visibility into API catalog
  • Comprehensive testing for known vulnerabilities across different API dev platforms
  • Automated, simple-to-use solution

Solution

After a competitive POC review of multiple API security solutions, Sally Beauty chose APIsec for its ability to quickly deliver visibility into the scope of their API catalog and its robust, automated, API testing capabilities.

Features of APIsec:

  • API discovery at the gateway
  • API definition insights
  • Automated, comprehensive API security testing during development

API Library Visibility

“An initial area of focus was “what do we have?” We didn't know the lay of the land. We reached out to our integration and development teams and realized the majority of our APIs were being developed in centralized platforms. With that knowledge, we were able to easily deploy APIsec at the gateway and very quickly catalog what our API library contained and understand the function for each API.” ~ Josh Franklin

Ease of Use

“As we evaluated different products, a driving factor in our decision was ease of deployment and use so we weren’t creating a huge administrative overhead for our team. With APIsec, we were able to hit the ground much faster, and get it deployed.” ~ Josh Franklin

Speed to Value

“WIthin 30 days or so, we were able to deploy APIsec, connect it to our primary gateway, and gain decent visibility to what API's our applications had. From there, we did some fine-tuning on our test playbooks to understand where we may have some vulnerabilities we wanted to address. APIsec was definitely something that drove value very quickly.” ~ Josh Franklin

Future Focus: Sustaining API Security Excellence

Looking ahead, Sally Beauty is committed to grow their API footprint, and commensurately the the security of these. Leveraging low-code and no code platforms with inherent open configuration models, ensuring air-tight security of applications through APIs is critical.

Conclusion

“APIsec delivered on exactly what we needed; an API security solution that was pretty hands-off as much as possible, with strong automation and intelligence, that would allow us to understand our API landscape, and discover and address any potential issues before they reach production.”

Do you want to join Sally Beauty and some of the world’s most successful companies that rely on APIsec to protect their APIs? Contact our team today to schedule a demo or get a free vulnerability assessment.