/.case_study

+

Sauce Labs

CSP
Framework
Compliance & Certification
Examining Bodies

About

Sauce Labs

Continuous testing is a key enabler of digital confidence — the knowledge that you’re delivering the best possible user experience to your customers. Digitally confident organizations know that their web and mobile applications look, function and perform exactly as intended, every single time they’re used. That’s the value of Sauce Labs.
Industry:
Software
Key Benefits:
Employees:
Headquarters:

Results

No items found.
No items found.
No items found.

Using Open Raven, Sauce Labs is able to execute a data-centric approach to cloud security, restoring visibility and control amid an explosion of sensitive data from their customers, their own business growth, and acquisitions.Sauce Labs is the provider of the world’s largest, cloud-based platform for live, automated, and continuous testing of web & mobile applications, including the renowned testing automation tool, Selenium. Serving customers from all industries (financial services, banking, healthcare, etc), SauceLabs must maintain a secure environment in which organizations can confidently use the testing platform without fear of a breach. Chief Security Officer (CSO), Justin Dolly, discusses how Open Raven helped overcome challenges faced in cloud data security amidst business growth, acquisitions, and an explosion of customer data.

"When it comes to establishing a data-centric approach to cloud security, I need visibility into everything. Our data is our biggest target."

Justin Dolly,
CSO,
Sauce Labs

Challenges in cloud data security

Using Open Raven, Sauce Labs is able to execute a data-centric approach to cloud security, restoring visibility and control amid an explosion of sensitive data from their customers, their own business growth, and acquisitions.Sauce Labs is the provider of the world’s largest, cloud-based platform for live, automated, and continuous testing of web & mobile applications, including the renowned testing automation tool, Selenium. Serving customers from all industries (financial services, banking, healthcare, etc), SauceLabs must maintain a secure environment in which organizations can confidently use the testing platform without fear of a breach. Chief Security Officer (CSO), Justin Dolly, discusses how Open Raven helped overcome challenges faced in cloud data security amidst business growth, acquisitions, and an explosion of customer data.

Like Google Maps for your data

Challenge

“There’s no choice but to move to the cloud. Devs just started using the cloud to be more nimble and to be ‘technology first’ and no one asked security/IT about it in advance, leaving those teams to catch up. It’s inevitable that almost everything ends up in the cloud.”
“Customers will continue to demand more integrations and more flexibility in services, and we must be able to satisfy those demands...”
“Traditional methods don’t address the biggest issue, the data. Identity and endpoints (etc.) are good, but making sure that the security program is data-centric and data-focused is critical.”

Solution

Cloud data security, compliance, and control start with visibility across your cloud estate. “Open Raven gives us that confidence that we know what we know, across AWS.” See where your data lives. Easily answer questions about your data: regulated, customer, IP, and developers’ secrets. Use default or custom classes to see and understand the relationships between your infrastructure and data.

Finding exposed data

Challenge

“From protecting customer data to the ingestion of technology and data via integrations, there is a lot of risk to manage, and it’s not easy.”
“Data has never been more mobile than it is right now...lots of folks feel like they’ve got less control and visibility into their environments. It’s challenging to build their confidence in the security of the data that they have. You have
to constantly ask yourself, ‘Where is it? Where is it going? Who has access to it?’ Important questions. And, the breaches continue. Data is the biggest target.”

Solution

There are many tools and services for on-prem environments, or for privacy teams and data scientists, but virtually none built exclusively for security and cloud teams. For Sauce Labs, the difference was night and day, “With Open Raven I can literally just select all AWS accounts and look for those parameters and it’s right there in the view. It shows you right there on a map.”

Automating business rules

Challenge

Justin described the struggles faced in managing the risk of data management in general. “The challenge is large enough on its own, and can only be exacerbated by acquisitions and the challenges inherent in a growing business. The challenge is vast whether the data is unencrypted or not, and whether it is backed up or not. It’s difficult to gauge the scope of this challenge. As you can imagine, it would be hard to go ‘door to door’ to find out what we need to know. To get this visibility, it took us a very long time to scan and gather the data we needed.” He went on to describe the massive gap in tools for cloud security teams to do what they need, easily, “you literally get on the phone and go person to person to attempt to find out what you need to know, and they won’t have all the answers... being able to look for all sensitive data types is incredibly useful to discover, as you may not have any other way to know that it’s actually there.”

Solution

From visual mapping to data classification and monitoring at petabyte scale, we restore visibility and control to cloud and security teams while automating otherwise time-consuming compliance efforts. As Justin put it, “Once I know what my environment looks like, I can ensure that my team and I are systematically notified if it changes.”

"The term ‘single pane of glass’ gets thrown around an awful lot, but my team was saying Open Raven is great because of the ‘ubiquitous view across the AWS org...they can get everything in a click.’”

Justin Dolly,
CSO,
Sauce Labs

Conclusion

Having restored confidence in the security of the data, Sauce Labs’ security teams are able to maintain pace with the business, with less time and resources than before. In addition, Justin discussed that many of their clients, and Sauce Labs included, know that more regulatory changes are coming and the threat landscape is always moving. However, the flexibility and power of the Open Raven platform engenders confidence for the long term. “Open Raven easily provides me with a level of granularity to be able to adjust to future, undefined changes.”

Schedule a demo

Restore visibility and control of your public cloud data.