RingCentral Deploys Data Theorem to Automate Security Inspection of Modern Apps and Identify and Address Vulnerabilities Prior to Production

Data Theorem, Inc., a leading provider of modern application security, today announced that RingCentral has deployed its automated API discovery and security inspection solution seamlessly into RingCentral’s DevOps and continuous integration/continuous delivery (CI/CD) program to identify and address vulnerabilities in its modern application environment. As a result, RingCentral has found and fixed critical security flaws before releasing into production and closed more vulnerabilities faster than previously possible.

RingCentral, Inc. (NYSE: RNG) is a leading provider of global enterprise cloud communications and collaboration solutions empowering today’s mobile and distributed workforce to communicate, collaborate, and connect from anywhere, on any device. RingCentral unifies voice, video, team messaging and collaboration, conferencing, online meetings, and integrated contact center solutions. Its open platform integrates with leading business apps and enables customers to easily customize business workflows. RingCentral is headquartered in Belmont, Calif., and has offices around the world.

"Knowing that Data Theorem continuously scans and tests our mobile applications is important to us,” said Michael Machado, Chief Security Officer for RingCentral. “We want to ensure that our customers are communicating and collaborating in a secure ecosystem, and Data Theorem’s testing of our mobile apps and APIs is an important part of our software security testing program. In addition to their security testing, which is industry leading, the team there is a great partner to work with. Data Theorem is extremely focused on making their customers successful and this goes beyond their product, which is itself world class."

Previously RingCentral used pen testing for gauging the security of its mobile apps. As the company’s Unified Communications as a Service (UCaaS) solutions evolved to heavily incorporate mobile applications, RingCentral needed a better solution for its product security activities that delivered scalable, flexible and continuous security testing of its mobile apps. While traditional pen testing is a relevant part of mature software security testing programs, its limitations include being slow and inefficient, and often results in only periodic, point-in-time testing.

With Data Theorem, the RingCentral team receives fully automated security reviews of its apps in app stores. RingCentral’s developers and security teams can log in at any time to check status, review flaws and alerts, and receive coding-level recommendations for how to address discovered issues. Apps are analyzed in pre-production, allowing critical issues to be detected and addressed prior to release, as well as tested in post-production. Data Theorem’s App Secure product performs static and dynamic analysis on any iOS and Android application in search of security vulnerabilities and privacy gaps.

“RingCentral is one of the world’s leading providers of enterprise cloud communications and collaboration solutions, and we are pleased to work with them to help identify issues related to privacy and application-layer attacks,” said Doug Dooley, Data Theorem COO. “Companies turn to Data Theorem to address threat models related to modern mobile applications with continuous mobile application and API security testing in production environments.”

Data Theorem’s API Discover and API Inspect together address security concerns such as Shadow APIs, Serverless Applications, and API Gateway cross-check validation by conducting continuous security assessments on API authentication, encryption, source code, and logging. The API security solutions support Amazon’s Lambda and API gateway tools to discover modern APIs and to enumerate the specification using standards such as Swagger and Open API 3.0.