TaskUs

Overview

Challenges

• Managing access to a wide range of highly sensitive client data, including financial data, personally identifiable information (PII), and personal health information (PHI)
• Managing compliance with a broad range of global regulations and standards, including PCI DSS, GDPR, HITRUST, and SOC2, as well as custom contract requirements
• A rapidly growing business, with new applications going live weekly

Outcomes

• Near real time visibility into data protection risks
• Fast and easy collaboration with data owners to drive remediation and security posture improvement

TaskUs creates amazing digital experiences for the world's leading brands

As more of our lives move online, digital transactions replace personal interactions. While this transformation brings efficiency, it also loses the personal touch and risks weakening customer relationships and loyalty. TaskUs partners with clients worldwide to deliver next-generation customer experiences, covering diverse areas from digital customer support to content monitoring and training tomorrow's generation of artificial intelligence engines.

TaskUs customers come from a broad range of industries, with a focus on high tech, e-commerce, social media, and financial and medical technology. Each customer has a large user base and volumes of data, and they look to TaskUs to help them transform, protect, and grow their brands. The TaskUs track record of success has driven its high growth, with a continuous stream of customers rapidly introducing new and unique requirements.
‍

Big Data. Big Challenges.

When Gary Miller, DVP Information Security, joined TaskUs in 2015, he immediately recognized the challenges associated with incorporating security into this dynamic business. TaskUs has a large DevOps organization, built to facilitate rapid development and implementation of new, bespoke applications and cloud infrastructure within AWS. Gary recognized that documented service control policies alone would not be enough. He set out to implement and enforce hard security controls and to invest in better monitoring to provide effective data governance at scale. 

{{cs-taskus_quote1="/drafts/style-guide"}}

The rapid growth at TaskUs brought special challenges. Each week new clients introduced their own set of unique security requirements to protect their high-stakes data, including financial data, personally identifiable information (PII), and personal health information (PHI). Different regions of the world imposed overlapping arrays of compliance regulations, including PCI DSS, GDPR, HITRUST, and other policies. 

Miller's top challenge was to ensure information entrusted to TaskUs had the proper protection and was in compliance with regulations and client contracts, all without slowing down business for TaskUs or their customers. 
‍

Taking control of data with Open Raven

The Open Raven Data Security Platform is secure and private by design. No data security solution should create more risk than it aims to reduce by requiring data to be moved or transferred, requiring dangerous changes to security groups, or storing sensitive customer data. The platform employs a single-tenant internal architecture and provisions dedicated cloud infrastructure for each customer. The infrastructure includes a dedicated AWS subnet and a single-tenant Kubernetes cluster, ensuring complete isolation between customers.

Open Raven uses a unique serverless architecture for data location, inventory, deep analysis, and accurate classification of cloud data where it lies. For customers operating on AWS, this architecture uses AWS Lambda serverless functions. The architecture ensures that no sensitive data is removed or copied into the Open Raven Data Security Platform at any time. In addition, AWS Backup is integrated by default to easily identify status and add data to policies to improve resilience.

TaskUs began their Open Raven implementation with a broad assessment of their AWS environment to immediately catalog the data in their care. Initial discovery scans quickly provided Miller and his team with the first comprehensive map of their global data landscape, ensuring that no unmanaged data stores were lurking in the shadows.

‍

Open Raven delivers visibility, collaboration, and confidence

By partnering with Open Raven, Miller and Clave achieved continuous visibility into the growing array of sensitive data at an unimaginable scale with manual processes. It further enabled them to validate that proper protection, such as encryption and access controls, were in place and to drive fast action to prevent data exposures, leaks, and compliance issues.

{{cs-taskus_quote5="/drafts/style-guide"}}

Naturally, achieving protection and compliance is not the job of just one team; everyone who touches the data or the customer has a role to play. The Open Raven Data Security Platform facilitates collaboration across TaskUs teams. Each day, Clave works closely with colleagues in the TaskUs security engineering, legal, and DevOps teams, and Open Raven provides the context needed for all parties to have a shared picture of the data, and the requirements for protecting it, and to quickly drive remediation where necessary.

Clave has enjoyed the highly collaborative relationship with the Open Raven Customer Success team. Through regular proactive sessions, they have helped Clave optimize his Open Raven implementation and drive improvements in how TaskUs governs data usage across the organization. With a solid perspective on data risk, Clave is looking forward to leveraging Open Raven to assemble and distribute regular reports on data protection and the TaskUs risk landscape for executives, helping them make informed, risk-based decisions based on the analysis and threat intel that Open Raven provides. 

{{cs-taskus_quote6="/drafts/style-guide"}}

The ultimate payoff for Miller is having visibility into and control over the data entrusted to TaskUs. According to Miller, the breach is the screaming risk, and is what keeps him up at night. With Open Raven as his partner, Miller successfully slashed the risk of data breaches, trading uncertainty for confidence. 

{{cs-taskus_quote7="/drafts/style-guide"}}