Deputy

Customers
/
Deputy

How Deputy Enables Secure AI Innovation While Automating Data Loss Prevention with Nightfall

Deputy is the world’s leading workforce management platform, revolutionizing hourly work for over 1.5 million workers and 375,000 workplaces across over 100 countries. Nightfall has become an indispensable part of Deputy's security stack not just for maintaining compliance objectives, but for truly enhancing their security posture with reduced effort.

Industry
Human Resources Management
Integrations
No items found.
Region
West Coast, U.S.
On this page

Key Stats:

  • 450+ staff protected by Nightfall
  • 90% of identified issues are automatically remediated by Nightfall
  • <24 hours to fully deploy Nightfall and see real violations
  • 75+ hours saved monthly on manual investigation

About the Company

Deputy is the world’s leading workforce management platform, revolutionizing hourly work for over 1.5 million workers and 375,000 workplaces across over 100 countries. For over 15 years, Deputy has helped businesses to effortlessly navigate and comply with complex labor laws while enhancing employee engagement with predictable, transparent and flexible scheduling, and delivering actionable insights to transform labor efficiency into a competitive advantage.

The Problem

Balancing innovation with data protection in a rapidly evolving tech landscape


As a leading workforce management platform serving thousands of workplaces worldwide, Deputy manages employee data across scheduling, time tracking and communications systems. Kyle Marshall, Security Operations Team Lead at Deputy, faced two critical security challenges that legacy tools couldn't solve.

"Finding the right platform to secure data across our environment while enabling AI innovation proved difficult," explains Kyle. "We needed a solution that went beyond compliance to provide real protection without creating friction."

Use Case #1: Enabling AI innovation without sacrificing security

Deputy's teams were eager to leverage generative AI tools to improve productivity, but the Security team worried about sensitive data being inadvertently exposed. Kyle's team needed a way to monitor AI usage without limiting innovation.

"We wanted to unlock AI usage in a responsible manner while maintaining privacy," Kyle notes. "We didn't want to see what employees were entering into chatbots, but we needed a service that would handle auto-remediation when sensitive information was detected."

Use Case #2: Gaining visibility into data movement across endpoints

Deputy's existing DLP solutions primarily leverage existing vendor built-in DLP functionalities, leaving the Security team with some blind spots. They wanted a purpose-built solution that could more broadly monitor file uploads and data transfers, especially to suspicious domains, to gain a comprehensive understanding of data leaving their organization.

"The endpoint solution is really beneficial because we can see where assets are being uploaded to in addition to AI," Kyle says. "If we receive threat intelligence about suspicious domains, we can plug that into our SIEM and correlate it with Nightfall's endpoint events. It's visibility we didn't have before."

Use Case #3: Lowering false positives and reducing manual overhead

Deputy's previous DLP solutions generated a high volume of false positive alerts, overwhelming the Security and IT teams and requiring significant manual effort to investigate and resolve. The challenge was to find a solution that could accurately identify and remediate sensitive data incidents, reduce alert fatigue, and automate remediation actions to minimize manual overhead.

"Prior to adopting Nightfall, the Security and IT teams were getting a lot of alerts that weren't useful," Kyle says. "With Nightfall's automated remediation actions, that saved the Security team around 75 hours per month on manual investigation."

Use Case #4: Meeting ISO compliance requirements with comprehensive DLP

As part of the transition to the ISO27001:2022 standard, Deputy sought to implement a robust solution that went beyond meeting compliance requirements - improved protection is what they were after. Nightfall provided a comprehensive DLP solution that enabled Deputy to meet relevant ISO compliance obligations while also enhancing its overall security posture.

The Solution

Comprehensive protection with automated remediation across the entire tech stack

Nightfall's AI-first, all-in-one DLP platform addressed Deputy's challenges by providing granular visibility and control over sensitive data wherever it resided. The implementation process was remarkably smooth, with agent deployment completed in under 48 hours, and 1 week to set up policies and alerts.

Benefit #1: Secure generative AI usage & User awareness

Nightfall enables Deputy to embrace the power of generative AI tools without compromising data security. Nightfall monitors the data being shared, providing alerts and auto-remediation when sensitive information is detected—directly to the user and to the Security team

"We can monitor and enforce the data being shared with AI chatbots without having to see the content ourselves," Kyle explains. "If there's a risk of sensitive information being shared, Nightfall alerts the user and suggests safer ways to phrase their query—maintaining privacy while still getting work done." This has been especially useful in enhancing user awareness around the responsible usage of generative AI tools. 

Benefit #2: Enhanced data lineage visibility across endpoints

Nightfall's endpoint agent provides a comprehensive view of data movement across Deputy's devices, tracing the journey of sensitive data from its origin to its destination. The Security team can now track user actions, file uploads, and potential data transfers to suspicious domains, creating an invaluable record of data lineage.

"The endpoint solution is really beneficial because we can see where assets are being uploaded to, including but not limited to AI," Kyle says. "If we receive threat intelligence about suspicious domains, we can plug that into our SIEM and correlate it with Nightfall's endpoint events. It's visibility we didn't have before."

Benefit #3: Granular policies tailored to specific use cases

Nightfall offers a high degree of customization through its ability to configure granular policies for different data types and applications. Deputy can set specific rules for how PII and other sensitive data are handled within internal systems and other integrated platforms.

"With Nightfall, what we loved so much seeing the early demo was being able to have really granular policies," Kyle explains. "So not only can we set up a policy for Slack, but we can be specific about what we want it to do for Slack…we can have a Slack policy for PII…If there's a potential policy violation in Slack, we can handle that a different way.”

Benefit #4: Automated remediation actions for streamlined security operations

Perhaps the most impactful feature for Deputy's Security team is Nightfall's automated remediation capabilities, which activate to address potential issues without requiring manual intervention. The auto-redact and auto-delete features were unexpected but have significantly streamlined security operations, allowing the team to focus on more strategic initiatives.

"With Nightfall's automated remediation actions, our Security team doesn't need to build custom alerts or manually respond to every finding," Kyle explains. "The auto-redact and auto-delete features were capabilities we didn't even know we needed, but they've been a game-changer for our security operations because we don't have to go and respond to every single finding or get alerted to it.”

Benefit #5: Low-friction security that educates users

In addition to automated remediation actions, Nightfall helps Deputy educate its employees about proper data handling. It automatically notifies users with guidance on secure alternatives. Nightfall’s agent operates with a minimal footprint, supporting data protection without impacting system performance or disrupting user workflows. This "invisible" approach allows Deputy to educate its employees about proper data handling without introducing friction or hindering productivity.

"The notifications are reinforcing secure behavior in real time," Kyle says. "They serve as gentle reminders for our employees to use approved tools when handling data. It’s helping us strengthen good habits and reduce the need for repeated security training.”

The Results

Enhanced security posture with minimal operational overhead

Within days of implementing Nightfall, Deputy saw immediate results across their security program. False positives dropped to nearly zero, while real security issues were automatically remediated without burdening the Security team.

The impact was quickly apparent in operational metrics. What generated approximately 50 alerts on day one now results in just one or two actionable notifications, a reduction of over 90% in alert volume. This dramatic decrease wasn't from missing threats but from Nightfall's automated remediation handling issues without requiring human intervention.

"Deploying Nightfall was very easy," Kyle notes. "It quickly integrates with our other SaaS platforms, and we were seeing value instantly. The false positive rate is almost negligible, which is incredible."

Perhaps most significantly, Deputy has seen a clear trend in improved security behaviors across the organization, as employees continue to be educated on improved data handling practices from Nightfall's guidance. 

For Deputy's Security team, Nightfall has become an indispensable part of their security stack—not just for maintaining compliance objectives, but for truly enhancing their security posture with reduced effort.

"Nightfall is indispensable for our security team because not only is it a great DLP solution, but it offers features that got us excited about what we could do with it in the future," Kyle concludes. "It's integrated so well into our security stack that we can't be without those features to do what we do well in the DLP space."

Read more Customer Stories

#1b896f
Read how Nightfall enables streamlined HITRUST Data Protection for Vital
quote mark
The ability to alert, contain, and eradicate issues within Slack is my favorite feature. With any alerts that we get from Nightfall, we actually don’t have to leave Slack. We get everything in Slack, and we can close the incident or issue from within Slack. We don’t have to hop into different tools to look at one issue. Everything is in there.
Read Case Study
Akhil Sharma
Akhil Sharma
Head of Security and Compliance
#19458d
Learn how Nightfall AI fuels success at scale with DLP for Slack, Jira, and Confluence.
quote mark
Nightfall helped us to better understand if secrets were being inappropriately shared or stored. Once we got that visibility, we were able to work with teams to improve their secrets-sharing processes.
Read Case Study
Charlie Cam
Charlie Cam
Senior Director of Information Security
#201A19
Discover how NorthOne uses Nightfall to secure customer and company data in Slack and Jira
quote mark
Nightfall has dramatically dropped the time that we spend developing and executing our security fundamentals, so we can think about higher-order problems. It keeps us focused on what we really want to work on. We have a safety net to aggressively pursue whatever our customers need in real-time.
Read Case Study
Blake Edwards
Blake Edwards
VP of Engineering
Nightfall Mini Logo

Schedule a live demo

Speak to a DLP expert. Learn the platform in under an hour, and protect your data in less than a day.

Nightfall Brand Logo
Newsletter

Subscribe to our newsletter to receive the latest content and updates from Nightfall

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

By registering, you agree to the processing of your personal data by Nightfall as described in the Privacy Policy.

© 2025 Nightfall AI. All rights reserved.

Terms of ServicePrivacy PolicySecurity
Twitter LogoFacebook LogoLinkedIn Logo