/.case_study
Sauce Labs
"When it comes to establishing a data-centric approach to cloud security, I need visibility into everything. Our data is our biggest target."
Challenges in cloud data security
Like Google Maps for your data
“There’s no choice but to move to the cloud. Devs just started using the cloud to be more nimble and to be ‘technology first’ and no one asked security/IT about it in advance, leaving those teams to catch up. It’s inevitable that almost everything ends up in the cloud.”
“Customers will continue to demand more integrations and more flexibility in services, and we must be able to satisfy those demands...”
“Traditional methods don’t address the biggest issue, the data. Identity and endpoints (etc.) are good, but making sure that the security program is data-centric and data-focused is critical.”
Cloud data security, compliance, and control start with visibility across your cloud estate. “Open Raven gives us that confidence that we know what we know, across AWS.” See where your data lives. Easily answer questions about your data: regulated, customer, IP, and developers’ secrets. Use default or custom classes to see and understand the relationships between your infrastructure and data.
Finding exposed data
“From protecting customer data to the ingestion of technology and data via integrations, there is a lot of risk to manage, and it’s not easy.”
“Data has never been more mobile than it is right now...lots of folks feel like they’ve got less control and visibility into their environments. It’s challenging to build their confidence in the security of the data that they have. You have
to constantly ask yourself, ‘Where is it? Where is it going? Who has access to it?’ Important questions. And, the breaches continue. Data is the biggest target.”
There are many tools and services for on-prem environments, or for privacy teams and data scientists, but virtually none built exclusively for security and cloud teams. For Sauce Labs, the difference was night and day, “With Open Raven I can literally just select all AWS accounts and look for those parameters and it’s right there in the view. It shows you right there on a map.”
Automating business rules
Justin described the struggles faced in managing the risk of data management in general. “The challenge is large enough on its own, and can only be exacerbated by acquisitions and the challenges inherent in a growing business. The challenge is vast whether the data is unencrypted or not, and whether it is backed up or not. It’s difficult to gauge the scope of this challenge. As you can imagine, it would be hard to go ‘door to door’ to find out what we need to know. To get this visibility, it took us a very long time to scan and gather the data we needed.” He went on to describe the massive gap in tools for cloud security teams to do what they need, easily, “you literally get on the phone and go person to person to attempt to find out what you need to know, and they won’t have all the answers... being able to look for all sensitive data types is incredibly useful to discover, as you may not have any other way to know that it’s actually there.”
From visual mapping to data classification and monitoring at petabyte scale, we restore visibility and control to cloud and security teams while automating otherwise time-consuming compliance efforts. As Justin put it, “Once I know what my environment looks like, I can ensure that my team and I are systematically notified if it changes.”
"The term ‘single pane of glass’ gets thrown around an awful lot, but my team was saying Open Raven is great because of the ‘ubiquitous view across the AWS org...they can get everything in a click.’”
Conclusion
Having restored confidence in the security of the data, Sauce Labs’ security teams are able to maintain pace with the business, with less time and resources than before. In addition, Justin discussed that many of their clients, and Sauce Labs included, know that more regulatory changes are coming and the threat landscape is always moving. However, the flexibility and power of the Open Raven platform engenders confidence for the long term. “Open Raven easily provides me with a level of granularity to be able to adjust to future, undefined changes.”