OFX Secures Global Growth and Protects Client Data with CrowdStrike

OFX is a leading financial operations company, providing businesses and accounting firms with real-time financial control and visibility to do business across the world. 

From humble beginnings as a startup in 1998, OFX has grown into a global company of around 700 employees across offices in London, Dublin, Sydney, Auckland, Hong Kong, Singapore, Toronto and San Francisco.

For over 25 years, OFX has been providing its clients with 24/7 human support and an innovative platform, the majority of which uses AWS.

In the financial services industry, trust is essential for business, explained Adam Thomas, CTO at OFX. “Clients want to know that their funds are secure and feel confident that we are protecting our security perimeter, our client data, and our transactional data. Clients are placing a lot of trust in us by providing their personally identifiable information.”

Not only does OFX work hard to maintain trust and security for clients, but also with banking counterparties, shareholders, and industry regulators. “If we were to have a security compromise, then our partners are indirectly exposed as well,” said Thomas, “We are in a continuous audit program to regularly review our processes and procedures.”

As part of its growth and expansion as a global financial operations company, OFX needed to scale up its security posture. The challenge was twofold; how to maintain a secure platform at a global level, and how to manage costs.

OFX was looking for a security partner that could provide its compact internal security team with the flexibility and time to focus on department improvements like a strategic security roadmap, and undertaking deep dive investigations.

“We chose to partner with CrowdStrike because they have the expertise and operational support we needed so that our team wasn’t absolutely swamped with the day-to-day operations,” said Thomas.

After engaging CrowdStrike, Thomas was immediately impressed. “CrowdStrike’s onboarding process was extremely professional and success-oriented. It's just light-years ahead of the other provider that we'd previously been using,” he said.

OFX uses a tiered approach to security, with the important first layer being endpoint protection. “Humans are the most vulnerable and open to manipulation, so it is very important that you protect your endpoints,” said Santanu Lodh, CISO at OFX.

On top of endpoint protection, OFX was looking for a next-gen security solution that was able to adapt to an evolving threat landscape. “I'm a big believer that we need to do something which is more forward-looking, and CrowdStrike’s advantage is in being behavioural-based, rather than signature-based,” said Lodh.

In cybersecurity, ‘behavioural-based’ detection identifies threats by analysing their actions and behaviours, while ‘signature-based’ detection identifies threats by matching them to already known patterns in a database. CrowdStrike’s AI and machine learning capabilities ensure it is more proactive in responding to new threats, rather than reactive.

OFX is rolling out its new business products, providing clients with global business accounts, payments to 170 countries, in 30+ currencies and currency risk management solutions. Corporate cards, spend management and integrations with popular accounting and human resources information system (HRIS) software to support businesses and accounting firms to thrive.

This brings with it a new set of security challenges for the company with money held in global business accounts.

Now that threats are becoming more sophisticated, “having CrowdStrike onboard has become critical for us in ensuring that we have comprehensive security coverage of our servers and endpoints,” said Lodh.