TaskUs

Overview

Challenges

• Managing access to a wide range of highly sensitive client data, including financial data, personally identifiable information (PII), and personal health information (PHI)
• Managing compliance with a broad range of global regulations and standards, including PCI DSS, GDPR, HITRUST, and SOC2, as well as custom contract requirements
• A rapidly growing business, with new applications going live weekly

Outcomes

• Near real time visibility into data protection risks
• Fast and easy collaboration with data owners to drive remediation and security posture improvement

TaskUs creates amazing digital experiences for the world's leading brands

As more of our lives move online, digital transactions replace personal interactions. While this transformation brings efficiency, it also loses the personal touch and risks weakening customer relationships and loyalty. TaskUs partners with clients worldwide to deliver next-generation customer experiences, covering diverse areas from digital customer support to content monitoring and training tomorrow's generation of artificial intelligence engines.

TaskUs customers come from a broad range of industries, with a focus on high tech, e-commerce, social media, and financial and medical technology. Each customer has a large user base and volumes of data, and they look to TaskUs to help them transform, protect, and grow their brands. The TaskUs track record of success has driven its high growth, with a continuous stream of customers rapidly introducing new and unique requirements.
‍

Big Data. Big Challenges.

When Gary Miller, DVP Information Security, joined TaskUs in 2015, he immediately recognized the challenges associated with incorporating security into this dynamic business. TaskUs has a large DevOps organization, built to facilitate rapid development and implementation of new, bespoke applications and cloud infrastructure within AWS. Gary recognized that documented service control policies alone would not be enough. He set out to implement and enforce hard security controls and to invest in better monitoring to provide effective data governance at scale. 

{{cs-taskus_quote1="/drafts/style-guide"}}

The rapid growth at TaskUs brought special challenges. Each week new clients introduced their own set of unique security requirements to protect their high-stakes data, including financial data, personally identifiable information (PII), and personal health information (PHI). Different regions of the world imposed overlapping arrays of compliance regulations, including PCI DSS, GDPR, HITRUST, and other policies. 

Miller's top challenge was to ensure information entrusted to TaskUs had the proper protection and was in compliance with regulations and client contracts, all without slowing down business for TaskUs or their customers. 
‍

Taking control of data with Open Raven

After determining that native AWS capabilities did not satisfy their needs, Gary and his team began exploring other options for data governance at scale, and they found the right partner in Open Raven.

TaskUs began their Open Raven implementation with a broad assessment of their AWS environment to immediately catalog the data in their care. Initial discovery scans quickly provided Miller and his team with the first comprehensive map of their global data landscape, ensuring that no unmanaged data stores were lurking in the shadows.

{{cs-taskus_quote2="/drafts/style-guide"}}

Armed with a clear picture of data locations, Gary and his team classified all the data and prioritized remediation actions. Open Raven's automatic data classification gave TaskUs clear visibility into the types of data stored in each repository, shining a spotlight on PII, PHI, and other categories of sensitive data. The visibility gave Miller the context he needed to understand data risk and prioritize efforts to reduce it. 

{{cs-taskus_quote3="/drafts/style-guide"}}

Today, John Albert Clave, Manager, Information Security Compliance, uses the Open Raven Data Security Platform to perform continuous data security assessments across dozens of AWS accounts.

{{cs-taskus_quote4="/drafts/style-guide"}}

Clave focuses on ensuring TaskUs maintains compliance with industry regulations, such as PCI DSS, SOC2, and ISO27001. Clave also remains vigilant for any potential issues related to individual client contracts, which provide detailed provisions around the types of data TaskUs may store, and how it must be protected. Open Raven's pre-built rules and policies help Clave to keep on top of dozens of sets of intersecting data protection requirements across thousands of data stores. 
‍

Open Raven delivers visibility, collaboration, and confidence

By partnering with Open Raven, Miller and Clave achieved continuous visibility into the growing array of sensitive data at an unimaginable scale with manual processes. It further enabled them to validate that proper protection, such as encryption and access controls, were in place and to drive fast action to prevent data exposures, leaks, and compliance issues.

{{cs-taskus_quote5="/drafts/style-guide"}}

Naturally, achieving protection and compliance is not the job of just one team; everyone who touches the data or the customer has a role to play. The Open Raven Data Security Platform facilitates collaboration across TaskUs teams. Each day, Clave works closely with colleagues in the TaskUs security engineering, legal, and DevOps teams, and Open Raven provides the context needed for all parties to have a shared picture of the data, and the requirements for protecting it, and to quickly drive remediation where necessary.

Clave has enjoyed the highly collaborative relationship with the Open Raven Customer Success team. Through regular proactive sessions, they have helped Clave optimize his Open Raven implementation and drive improvements in how TaskUs governs data usage across the organization. With a solid perspective on data risk, Clave is looking forward to leveraging Open Raven to assemble and distribute regular reports on data protection and the TaskUs risk landscape for executives, helping them make informed, risk-based decisions based on the analysis and threat intel that Open Raven provides. 

{{cs-taskus_quote6="/drafts/style-guide"}}

The ultimate payoff for Miller is having visibility into and control over the data entrusted to TaskUs. According to Miller, the breach is the screaming risk, and is what keeps him up at night. With Open Raven as his partner, Miller successfully slashed the risk of data breaches, trading uncertainty for confidence. 

{{cs-taskus_quote7="/drafts/style-guide"}}