Their VP of Security and Technology did not just want to secure the cloud infrastructure, but wanted to able to master the following fundamental tenants:
- What data do we have? What are the attributes? What are we collecting? The security team should have visibility into the breadth and scope of data across their entire ecosystem.
- Where can the data be found? Many hands make light work, and we have multiple teams building systems across a highly dynamic environment. When our data falls through the pipe, where does it end up, and what systems touch it along the way?
- Who has access? Which user accounts, engineering accounts, system accounts, and beyond can touch that data, and how can I report this information? In the modern threat landscape, we know that identity is the new perimeter.
As other organizations are realizing more and more, it was clear that the fidelity of their security program should be centered on data, not infrastructure. So they began the search for a solution that could surface the “unknowns” in their data – from identifying the attack surface and reducing the unnecessary blast radius.
As a 100% cloud-native platform built within AWS, this premier food-at-work solution needed to intrinsically understand its entire supply chain and adapt to unforeseen obstacles impacting their suppliers inside and outside their platform.This requires a robust foundation of data-driven engineering built to ensure all its partners – from large-scale catering companies to mom-and-pop restaurants to delivery drivers – can trust that their data is being managed securely and compliant with the requirements of the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).
Similar to handling the logistics of a 300+ person corporate feeding frenzy, the team wanted to have similar strong governance and oversight over all the data it manages to ensure it understands its entire data landscape and could adapt if anything unexpected happens.
The team was not content with only meeting the compliance obligations of data, but was committed to elevating its data security policies to meet the growing guidelines focused on data security and privacy across the US. In their own words – Data security prevents data from falling in the wrong hands. Data privacy governs how data is used when it is in the right hands. This ongoing commitment to full-scope data security and data privacy is aimed at being compliant to the highest bar applicable in any one of the 51 states it operates in. The company also wanted to empower its customers with limitless ability to exercise their data privacy rights; this means that if at any point the end-user would like to remove their information, it will be done across the entire ecosystem.
To do this, they knew they needed a modern data security solution like Symmetry DataGuard, providing them the visibility and observability across all their data.
This leading Online Corporate Hospitality Marketplace chose Symmetry Systems from an increasingly crowded menu of Data Security Posture Management solutions. The speed and seamless deployment to all components of the existing environment within AWS was unmatched, but strategically provided room for the platform to expand to other cloud platforms, like GCP and Azure with comfort on the feature parity across the various clouds. They were blown away by Symmetry’s ability to quickly and accurately surface the location of personal information stored in the various AWS services they use, as well as provide that context in a visualization of the environment that could be easily communicated to the C-Suite.
The team was further impressed at the thoughtful measures that Symmetry Systems had taken to maintain privacy and retain their control over the data – even when analyzing the data, they could be confident that their data never left their environment.
The team also recognized that Symmetry’s approach to data classification resulted in far fewer false positives than other data security posture management solutions they had assessed. This fine-grained accuracy and the speed in which Symmetry DataGuard was able to establish activity monitoring for compliance purposes on the 100+ Relational Database Services (RDS) containing personal information through easy deployment, automated discovery, and seamless integration into the company’s current tool stack made the Symmetry DataGuard solution their signature DSPM dish.
Symmetry DataGuard enabled this online Marketplace to provide the evidence-based data security that they had been missing. What used to take hours of laborious painstaking review of logs, to audit every piece of sensitive data that a privileged user had made in the last three months was able to be reviewed within minutes to meet their compliance requirements.
Symmetry DataGuard was immediately able to identify that over 15% of their data stores had not been accessed in over 90 days, and almost 20% of their current identities were also dormant. With over 12000 permissions within their environment going unused, there was already a large amount for the team to start digesting, but Symmetry DataGuard allowed them to prioritize which identities and datastores to address based on sensitivity and volume of data at risk.
With this insight served on a plate, the team was able to quickly Improve least privilege by systematically reviewing privileges against actual usage over time. Collaborating with product engineers to remove their excess privileges was far easier when you could show evidence of sensitive data in specific transactional data stores, show they have never accessed the data and provide actionable recommendations to secure it quickly.