Open Raven

Apiture migrated to the cloud for improved service delivery speed and quality, but this move presented a challenge for CISO Sean Darragh. He needed to maintain his ability to protect data from attacks and compliance risks. However, the rate and variety at which infrastructure (IaC) and data change in the cloud meant that legacy, non-native, DLP, and governance tools could not keep pace. This reduced visibility rippled throughout SecOps, reducing the confidence in their overall security posture. The security gaps created and accentuated by the cloud set Sean on a search for an automated, data-centric approach to security to solve three problems: Restoring visibility with automated asset discovery and data classification, streamlining risk assessment, detection, and response, and using data insights to define and drive support for proactive defense hardening.

TaskUs, a provider of outsourced digital services and next-generation customer experience, faced challenges in managing access to a wide range of highly sensitive client data, including financial data, personally identifiable information (PII), and personal health information (PHI). The company also had to manage compliance with a broad range of global regulations and standards, including PCI DSS, GDPR, HITRUST, and SOC2, as well as custom contract requirements. TaskUs's rapid growth, with new applications going live weekly, added to the complexity of these challenges. The company needed to ensure that the information entrusted to it had the proper protection and was in compliance with regulations and client contracts, all without slowing down business for TaskUs or their customers.

Sauce Labs, a provider of a cloud-based platform for live, automated, and continuous testing of web & mobile applications, faced challenges in cloud data security. The company had to keep pace with business growth, acquisitions, and an explosion of customer data. Traditional methods of security were not sufficient as they did not focus on data. The company also faced a loss of visibility due to the mobility of data and the risk associated with managing customer data and data from integrations. Scoping data risk was another challenge as it was difficult to gauge the scope of data management risk, especially with acquisitions and business growth.

HealthSnap, a provider of a remote health services platform, was facing challenges in automating data security in the context of HITRUST. The company needed a constant pulse on its infrastructure and the data therein, including both asset inventories and infrastructure diagrams. This required regular, manual work to prove to regulators, partners, and patients that they knew what data they had, where it was, and that it was protected. The company also needed to put proper security controls in place and show how they were enforcing them. The speed of change for both the cloud infrastructure and the data was fast, making it difficult to satisfy these requirements. The company was also concerned about overworking its team and was looking for ways to quickly and effectively scale their throughput with automation.