Using Open Raven, Sauce Labs is able to execute a data-centric approach to cloud security, restoring visibility and control amid an explosion of sensitive data from their customers, their own business growth, and acquisitions.
Sauce Labs is the provider of the world’s largest, cloud-based platform for live, automated, and continuous testing of web & mobile applications, including the renowned testing automation tool, Selenium. Serving customers from all industries (financial services, banking, healthcare, etc), SauceLabs must maintain a secure environment in which organizations can confidently use the testing platform without fear of a breach. Chief Security Officer (CSO), Justin Dolly, discusses how OpenRaven helped overcome challenges faced in cloud data security amidst business growth, acquisitions, and an explosion of customer data.
We asked Justin what his biggest priority for 2021 is, and security was the answer. To elaborate, he went into detail on 3 major areas of cloud data security, here’s what he had to say:
“There’s no choice but to move to the cloud. Devs just started using the cloud to be more nimble and to be ‘technology first’ and no one asked security/IT about it in advance, leaving those teams to catch up. It’s inevitable that almost everything ends up in the cloud.”
“Customers will continue to demand more integrations and more flexibility in services, and we must be able to satisfy those demands...”
“Traditional methods don’t address the biggest issue, the data. Identity and endpoints (etc.) are good, but making sure that the security program is data-centric and data-focused is critical.”
Cloud data security, compliance, and control start with visibility across your cloud estate. “Open Raven gives us that confidence that we know what we know, across AWS.” See where your data lives. Easily answer questions about your data: regulated, customer, IP, and developers’ secrets. Use default or custom classes to see and understand the relationships between your infrastructure and data.
“From protecting customer data to the ingestion of technology and data via integrations, there is a lot of risk to manage, and it’s not easy.”
“Data has never been more mobile than it is right now...lots of folks feel like they’ve got less control and visibility into their environments. It’s challenging to build their confidence in the security of the data that they have. You have
to constantly ask yourself, ‘Where is it? Where is it going? Who has access to it?’ Important questions. And, the breaches continue. Data is the biggest target.”
There are many tools and services for on-prem environments, or for privacy teams and data scientists, but virtually none built exclusively for security and cloud teams. For Sauce Labs, the difference was night and day, “With Open Raven I can literally just select all AWS accounts and look for those parameters and it’s right there in the view. It shows you right there on a map.”
Justin described the struggles faced in managing the risk of data management in general. “The challenge is large enough on its own, and can only be exacerbated by acquisitions and the challenges inherent in a growing business. The challenge is vast whether the data is unencrypted or not, and whether it is backed up or not. It’s difficult to gauge the scope of this challenge. As you can imagine, it would be hard to go ‘door to door’ to find out what we need to know. To get this visibility, it took us a very long time to scan and gather the data we needed.” He went on to describe the massive gap in tools for cloud security teams to do what they need, easily, “you literally get on the phone and go person to person to attempt to find out what you need to know, and they won’t have all the answers... being able to look for all sensitive data types is incredibly useful to discover, as you may not have any other way to know that it’s actually there.”
From visual mapping to data classification and monitoring at petabyte scale, we restore visibility and control to cloud and security teams while automating otherwise time-consuming compliance efforts. As Justin put it, “Once I know what my environment looks like, I can ensure that my team and I are systematically notified if it changes.”
Having restored confidence in the security of the data, Sauce Labs’ security teams are able to maintain pace with the business, with less time and resources than before. In addition, Justin discussed that many of their clients, and Sauce Labs included, know that more regulatory changes are coming and the threat landscape is always moving. However, the flexibility and power of the Open Raven platform engenders confidence for the long term. “Open Raven easily provides me with a level of granularity to be able to adjust to future, undefined changes.”
Visualize and track your data and infrastructure, bringing CMDBs and SIEMs up to date with your cloud
Track where sensitive data sits, who has access, and how it can flow across VPCs and regions
Automate finding leaks of developer secrets, customer data, and other data types at scale – without breaking your budget
Dynamic, accurate data inventory with default reports for regulations and monitoring rules flexible enough to match custom needs
Off the shelf policies for standards such as CIS Benchmarks or write your own rules using policy as code (OPA-based)