Increasing Agility & Flexibility: How Mercato Solutions tackles the application security vs. flexibility conundrum with Snyk

Mercato Solutions is one of EMEAs fastest growing and most innovative low-code enterprise application providers. The company helps their global clients transform their business processes with bespoke and branded software platforms, applications, and cloud environments that help work flow more efficiently and effectively. And in today’s competitive marketplace, working smarter – and saving time and money – is more important than ever.

One size does not fit all

Mercato is on “the platform side” of a group of related companies, developing a variety of custom software platforms that help their clients simplify complex processes, drive user adoption, and accelerate deployment. 

One of these platforms is a cloud-first low-code platform that allows their customers’ citizen developers to build web, native mobile, micro-service teams, applications, and delivery endpoints without needing to know how to write code. 

It’s an approach that’s working, with satisfied customers in over 150 countries and 27 languages for some of the world's biggest names in the private and public sector.

Staying lean and adapting to an evolving landscape

Neil Tonkin, Mercato Solutions’ Chief Technology Officer (CTO), was brought in 18 years ago to build out and produce the company’s intellectual property. Neil has helped Mercato consistently “punch above their weight” and settle into a niche as a valued software provider and partner helping clients run safer, smarter, and leaner.

A small, efficient organization, Mercato and their suite of software offerings helps a host of large multinational companies and government organizations process billions of dollars in billings and accounts payable each year. 

Tonkin says, “We purposefully build headless infrastructure for our clients. This approach inherently poses security issues and an increased attack surface. And with a small team, we’ve come to rely on [Snyk] to help strengthen our security posture and minimize these complex attack surfaces while maintaining the core flexibility and functionality of our platform and applications.

Tackling the security VS. flexibility conundrum

There’s been a historical give and take between safety and flexibility: in essence, the most innovative applications are useless without the proper security. On the other hand, locking those applications down too tightly can render them virtually inoperable. 

Snyk helps Mercato walk this fine line. “[Snyk] solves a lot of issues for us.” Neil elaborates, “I can integrate it into our DevOps pipeline, I can target unpublished prototypes, and see their security status quite quickly. With millions of lines of code and a rather small team that manages that code, [Snyk] increases our visibility, agility, and flexibility, and helps us keep development teams moving as fast as possible.”

A valued partner

More than just an application security vendor, Snyk has helped Neil, and Mercato, grow their business and do more with the head count they already have. He adds, “I’m very proud of what Mercato Solutions have accomplished; and [Snyk] has helped us provide our customers with more secure applications and platforms while maintaining the flexibility that we need to succeed.  We consider them a valued partner.” 

A little less than two years ago, after searching for a more effective AppSec partner, Mercato chose Snyk over their existing solution, as well as a number of other competitors. 

“When we were doing the POC, [Snyk] was the clear winner against both the usual suspects and some emerging players, and has been a game-changer for us.” Tonkin adds, “ we can integrate our security problem-solving into DevOps. We realize that as innovative as we are, our applications need to be secure first and foremost, and that at the end of the day, security trumps everything.” Neil is proud that Mercato is one of only a handful of companies to achieve CESG security status with what has now become the United Kingdom’s National Cyber Security Centre.

DevOps or SecOps? Yes.

Snyk’s deep mix of DevOps and SecOps experience is evident. “In the two years we’ve been working with them, they’ve really helped our devs and our customers develop far more secure applications,” Tonkin says. “[Snyk] definitely helps to keep us secure and to really decrease our response time and SLAs.”

Measuring success

Neil Tonkin and Mercato measure success by a set of criteria and measurable outputs. They report that Snyk has brought their security incidents to nearly zero. And when Neil’s team has run into a security issue, Snyk’s telemetry has allowed them to quickly isolate the issue, fix it, and put reproducible steps in at the pipeline level to then be able to test for that vulnerability going forward.

When asked about why he’s chosen to stay with Probely, Neil says, “It's a quality bar. It’s the accuracy and the quality of what they’re delivering. And Probely helps keep us honest. And whenever we’ve needed their support, they’ve been right there for us, usually within minutes. Put another way, there have been times when Probely has definitely saved my bacon.” Whatever your dietary regimen, we think that ’s more than a tasty soundbite. It’s a fantastic result. - Neil Tonkin, CTO, Mercato Solutions