.webp)
.svg)
Challenges
As a leading health tech company, Notable prioritizes patient data security. However, they were dissatisfied with their original DLP tool due to its lack of visibility and high volume of false positive alerts. “Our previous DLP solution would provide alerts, but there wasn’t anything actionable,” explains Vivian Lee, a Security Analyst at Notable. “It was difficult to trace a document, and would take a lot of time to figure out what an alert was about.”
“The first step in information security is inventory—we needed to know where our sensitive data is stored. If you don’t know where your data is, it’s hard to protect it.”
Notable was also in search of a way to streamline manual data security workflows while maintaining compliance with standards like HIPAA, PCI-DSS, ISO 27001, and more. “Our compliance standards influenced our choice of DLP tool,” Vivian says. “We need to make sure that sensitive data is protected at all times, and that it isn’t stored longer than it needs to be.”
More specifically, Notable needed to ensure that Personally Identifiable Information (PII) and Protected Health Information (PHI) were kept out of apps like Slack and GitHub. Ultimately, they chose Nightfall for its next-level visibility and time-saving automation features.
Solutions
Security policy enforcement
After integrating Nightfall across business-critical apps like Slack, GitHub, Google Drive, and Confluence, Notable saw a significant uptick in visibility. “With Nightfall, we got a much better idea of what data was living where,” Vivian observes. “Nightfall also helped us by identifying sensitive data in these apps. Nightfall gives us more actionable alerts, while notifying the end user their document is sensitive and giving them self-service actions to remediate the policy violation.”
“Nightfall does a good job of capturing and alerting on violations with minimal false positives.”
With other DLP tools, an increase in visibility might come with an onslaught of false positive alerts. However, after a few short weeks of fine-tuning, Notable attained a true positive rate over 90%. With this high true positive rate, Notable was able to leverage Nightfall’s industry-leading automation features for even further time savings.
Automated security workflows
“We chose Nightfall because of its automation,” Vivian says, referring to Nightfall’s automated remediation and “Human Firewall” features. With these features in place, Notable has the option to automatically remediate any sensitive PII, PCI, PHI, or passwords across the cloud—all without interrupting employee workflows.
“Nightfall gives us metrics on where our employees are making errors. This helps us come together as an organization to resolve that.”
In addition to combating data sprawl in real time, Notable also wanted to strengthen their already robust security culture. This is where Nightfall’s “Human Firewall” feature comes into play. In short, this feature notifies employees when they violate a security policy, and then instructs employees on how they can remediate their violations themselves.
“The ‘Human Firewall’ feature helps employees to be more aware of our security policies. Like ‘Hey, are you sure you want to put a password there?’”
As a result of this highly customizable, real-time coaching, Notable saw a 90% reduction in alerts. This isn’t just from fine-tuning; it’s also a marker of employees gaining a better understanding of security policies and best practices.
Conclusion
As Notable scaled from 50 employees to 300 employees, Nightfall was instrumental in maintaining their security culture, along with their rigorous compliance standards.
Vivian chimes in with her personal recommendation, stating that she’d refer Nightfall to “Any organization that wants a better idea of where their data is, and how their users are behaving. After all, I’m sure that any organization has plenty of data living somewhere they’re not aware of.”
.svg)
.svg)
.svg){kind=small}
.svg){kind=small}
