How BentoBox Launched Their First InfoSec Program and Offered Security Assurance to 6,000 Customers

“We support an industry that’s adopting technology at an unprecedented rate and they depend on us to be security experts. Having a best-in-class solution like Tugboat Logic on our side enables us to be a stronger partner to the restaurant industry. It makes all the difference.” –

Pierre Drescher, CTO and Co-Founder at BentoBox


Creating a security program without a security team

BentoBox is a website, eCommerce and marketing platform that serves over 6,000 restaurants worldwide. They wanted to provide customers with a level of security that matched their industry-leading products. But as a startup, they didn’t have the resources to bring on a VP of Security or Chief Security Officer.

“Launching an InfoSec program without a security team can be a challenge. You need to implement the right policies, security controls and ensure you have a governance structure in place that inspires confidence. To empower our team, we decided to look for a vendor who could provide us with support and the necessary expertise.”

The restaurant industry is adopting technology at speeds greater than ever, accelerated further due to a pandemic. Supporting an industry that’s less technologically savvy, BentoBox’s customers depend on them to be the experts in security. They needed a solution that provided the knowledge, resources and tools to set them up for success.

That’s when BentoBox reached out to Tugboat Logic.

“I think the tugboat team invested a great deal of time walking us through the different intricacies of InfoSec projects and really educating us on how things need to happen and what needs to happen. So that built up a lot of trust.”

Pierre Drescher, CTO and Co-Founder at BentoBox


Automating InfoSec from start to finish

BentoBox didn’t think they had the resources to build and maintain a market-leading InfoSec program—but they expected nothing less.

Using Tugboat, they scoped out a security program designed to fit their immediate needs without breaking the bank. The platform offered step-by-step guidance, with a library of over 40 prebuilt policies and a list of controls to implement. BentoBox even automated cybersecurity training across their team of 100+ people. Best of all, they didn’t have to do it alone.

“Having an account manager who could refer us to security experts whenever we needed them was really, really useful. They were informative but also essential in helping us structure our project.”

Now, BentoBox can easily track the status of their InfoSec program in one place and modify it as their security requirements change. Having one system of record for all their security initiatives has provided stakeholders—from investors, to leadership, to employees, to customers—with the confidence they need. While BentoBox isn’t currently seeking to get SOC 2 compliant, they know the work they’ve done today will save them time and money as they develop a compliance program further down the road.

“To be able to keep track of what we’ve implemented and how we implemented it in order to eventually prepare for a SOC audit provides our different stakeholders with the confidence that we’re taking care of our InfoSec policies.”

Pierre Drescher, CTO and Co-Founder at BentoBox


Instilling Confidence and Building

BentoBox is thrilled about the time they’ve saved on security and due diligence. They’ve been able to leverage their program to empower their sales team and provide prospects with security assurance.

“Being able to easily prove that we have the right policies in place has been a game-changer. It’s built trust and strengthened our relationships with prospects and customers.”

BentoBox understands just how important security is, especially in today’s landscape. In CTO and Co-Founder Pierre Drescher’s words:

“There’s a trend now where smaller companies are starting to take security very seriously, very early on. So many deals require suppliers to be compliant. It’s becoming a business imperative.”

There’s no doubt that BentoBox is one of these companies. Despite their size and maturity, they’ve managed to kickstart a credible InfoSec program. Thanks to these efforts, they can demonstrate they’re doing everything they can to protect their customers. More than that, they’re building and cultivating trust in the marketplace.

Tugboat Logic takes the misery and mystery out of passing security audits like SOC 2 and ISO 27001 so you can slay more deals and stay secure. From start-ups like BentoBox to Fortune 500 companies like Schneider Electric, we’ve got your back like chiroprac.

Check out the PDF version: BENTOBOX – Case Study FINAL.