Customers

Flo Health

How Flo Health uses Snyk to rapidly scale application security during hypergrowth

Customer Spotlight

Leo Cunningham

CISO

Dmitry Yackevich

Cloud Security Engineering Lead

Industry: Tech
Location: United Kingdom

Highlights:

Scaling automated vulnerability scanning to 300+ repositories and 600+ containers

Decreasing the security issue remediation cycle from one month to just minutes

Implementing Snyk Infrastructure as Code to ensure baseline security for 20+ AWS accounts using Terraform

Increasing security fixes by 4000% every month since Snyk adoption

Eliminating security issues backlog ensures faster release of roadmap features

150% increase in code commits even after introducing security checks

The Challenge: Keeping sensitive health information safe

Ensuring robust security and data protection practices is one of the key priorities for the company given the sensitivity of the data they collect. Given the incredibly fast pace of product development, Flo Health needed a way to implement application security processes without slowing down its engineering team.

The Solution: Integrating Snyk into DevOps processes

When Flo Health decided it needed a security tool to gain greater visibility into application security during development, the company chose Snyk. The first step Flo took was to integrate automated vulnerability scanning with existing development tools. Through this effort, both security and development velocity has increased for over three hundred code repositories and six hundred containers.

“We have 15 development teams and they’re each responsible for their code and pipeline,” explained Dmitry Yackevich, Security Engineering Lead at Flo Health. “As the security team, we helped them integrate Snyk into their development lifecycle by providing documentation, examples, and basic images.”

After the initial success of adopting Snyk Container and Snyk Open Source, Flo implemented Snyk Infrastructure as Code to ensure a baseline level of security for over 20 AWS accounts using Terraform. Snyk enabled the company to set up consistent policies and automatically check these codebases for vulnerabilities.

“Snyk provides world-class customer service,” Leo Cunningham, CISO at Flo Health described.  “This has covered various aspects, from producing tailored reports, to running education events, to developing materials for installations.”

Scaling Application Security During Hypergrowth

Since Flo Health is rapidly growing, introducing a security tool that slowed down its development teams wasn’t an option. In the past, Flo’s manual approach meant that fixes could take months to get back to the security team. With Snyk’s automated checks for every code commit, however, developers could immediately remediate issues within minutes without waiting on the security team.

“Prior to working with Snyk, our approach was to have external penetration testing every six months and to have an internal assessment every quarter, so we had quite a long feedback loop for finding and resolving vulnerabilities,” stated Yackevich. “With Snyk, we were able to change this approach and start to test these things continuously.”

Despite integrating security checks with Snyk, the number of code commits increased by 150% and deployment times remained less than a minute. By providing actionable security insights earlier in the development process, Snyk has helped Flo’s development teams shift security left and more efficiently remediate vulnerabilities on the spot when they’re discovered. As the company experiences rapid growth, the ability to improve security and development speed at the same time is essential.

“Partnering with Snyk was definitely a good decision for us because it’s not only about scanning, but also about implementing security in the right manner,” Yackevich added. “Snyk helped us establish a proper approach to security within our company.”

The Impact: Delivering security and speed together

After implementing Snyk, developers have gone from fixing five to ten security flaws per month to between 300 and 1900 fixes each month. Flo Health has estimated that matching the current volume of security fixes using the previously manual approach would require at least twenty new security staff members.

“With Snyk we’ve started doing security checks with each code commit,” said Yackevich. “This has definitely helped us shorten the feedback loop and shift security left.”

Snyk has enabled Flo Health to not only improve the security posture of its mobile app, but also to ship new features faster than before. Developers can now spend less time dealing with a backlog of security issues and more time building innovative features that drive the growth and adoption of Flo Health. This has led to an enormous boost to security while providing customers with a better, more secure product in less time.

“At Flo, continuous development of a security framework with a robust set of policies and procedures is of highest priority,” Cunningham concluded. “Given the deeply personal nature of our user’s data, we are committed to minimizing any potential security risks. Snyk has quickly become one of the most important security tools here at Flo. It is vital we have secure containers and infrastructure as code. Snyk scans all of our code pipelines in record time and captures items before they go into production, helping us shift left.  All in all, Snyk has helped us to mobilize our security-first approach and allows us to do so at scale in record time.”

About Flo Health

Flo Health is the most popular women's period-tracking app globally, with over 220 million downloads and 45 million monthly active users. The company is on a mission to build a better future for female health by helping women harness the power of their body signals. Flo provides best-in-class period, ovulation and symptoms predictions, health trends, as well as tailored insights and actionable health feedback. Flo is co-created with 100+ acclaimed medical doctors and health experts who ensure medical credibility of content and functionality.

Patch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo Segment

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer’s toolkit.

Start freeBook a live demo