Reltio

/

Learn how Nightfall AI fuels success at scale with DLP for Slack, Jira, and Confluence.

As a leader in AI-powered Master Data Management (MDM), Reltio sought out a cloud DLP solution that would proactively prevent the sprawl of secrets and credentials, while also streamlining their security team’s workload.

Industry
SaaS
Integrations
Slack
Jira
Confluence
Region
U.S, West
On this page

Challenges

Reltio, a cloud-native SaaS company, chose Nightfall to attain two central goals: Advanced secrets scanning and faster security team workflows.

Scanning for secrets and credentials

As a cloud-native SaaS company, Reltio aimed to protect sensitive information like PII, secrets, and credentials in collaboration apps like Slack, Jira, and Confluence. “We’re custodians of our customers’ data,” says Charlie Cam, Senior Director of Information Security at Reltio. “At a high level, we wanted to make sure we protected our secrets—and therefore our customers.”

“Secrets may be shared by internal folks, just because collaboration tools make it so easy. Being able to see and understand what’s going on will give a true understanding of the level of risk.”

Nightfall’s recent "State of Secrets" report revealed that, on average, more than five active keys are leaked in the cloud per every 100 employees—per month. However, it’s not always employees who share sensitive keys; customers can leak them as well. Customers often have a tendency to “over-share” sensitive data as part of the troubleshooting process. For instance, they might submit a ticket in Zendesk that accidentally contains an API key. From Zendesk, that API key could then be sprawled to Jira. Without an effective DLP solution, that API key could proliferate even further in the cloud, ultimately presenting a potential risk to customer data.

Minimizing the cost of monitoring

Without a DLP solution in place, it can be incredibly time-consuming for security teams to manually seek out and remediate sensitive data. For starters, visibility into SaaS apps can be quite limited—which means that any given security team may not be aware of the full extent of their data sprawl. Even if a security team did discover an instance of data sprawl, they would have to reach out to employees individually in order to remediate the sensitive data and educate the employee who violated policy. All in all, these manual efforts can add hours, if not days, to security team workflows.

“We have an endpoint DLP solution, but remediation was a very heavy process for us. Compared to a more manual method, Nightfall is a huge time-saver.”

As a small security team, Reltio was looking for a DLP solution that would effectively discover and protect sensitive data without taking up too much valuable time. “We’d seen some activity that made us think that processes could be improved, but we wanted to have a holistic understanding of the problem before we made changes,” says Cam. “Nightfall helped us identify the scope and severity of the situation.”

“I still have scars from working with other DLP solutions. We’d flip the switch and see tens of thousands of alerts—and tons of false positives. On the flip side, with Nightfall, it was a pleasant experience from the beginning.”

Solutions

Advanced secrets scanning

Nightfall’s generative AI-powered detection engine was purpose-built to pinpoint leaked secrets and credentials that are stored and sent in SaaS apps. From API keys to cryptographic keys to database connection strings and more, each of Nightfall’s specialized detectors were trained to accurately detect secrets in apps like Slack, Jira, and Confluence.

“Nightfall helped us to better understand if secrets were being inappropriately shared or stored. Once we got that visibility, we were able to work with teams to improve their secrets-sharing processes.”

Nightfall also offers several features that help security teams to scrub secrets from their SaaS apps, including real-time alerts, automated remediation, and custom notifications to employees.

  • Real-time alerts contain meaningful context, such as whether an API key is active, expired, or unverified. Each alert also includes a link for security teams to take action without so much as needing to leave the Nightfall console. 
  • Automated actions like redaction and deletion ensure that high-risk violations are remediated swiftly. “If we detect a secret with high confidence, we just let Nightfall delete it,” Cam says.
  • Custom notifications help customers like Reltio to educate employees about best practices for sharing secrets—while also building better overall cyber hygiene.

In short? Reltio trusts Nightfall to detect and remediate secrets to ensure that they stay just that: Secret.

Faster security team workflows

Thanks to Nightfall's low operational costs, Reltio was able to streamline security team workloads while strengthening their overall security posture.

“As far as DLP tools go, Nightfall is very low maintenance. That’s the opposite of my previous experiences, so it’s been a pleasant surprise,” says Cam. But what is it about Nightfall that lightens the load? Let’s start with customized detection and feedback on false positives. 

  • Customized detection: Exclusion rules help security teams to streamline their workflows by allowing them to define specific criteria or patterns to stop them from being flagged as potential violations. This helps customers like Reltio to prioritize high-risk alerts and reduce false positives, all within weeks of onboarding.
  • Feedback on false positives: When customers report false positives, they’re helping to fine-tune Nightfall's advanced AI models. Over time, this improves the accuracy and effectiveness of Nightfall's AI-powered detection engine and reduces alerts over time.

Nightfall's enhanced detection and automated remediation features have significantly minimized the time and effort required for security teams like Reltio’s. By swiftly identifying and remediating violations, Nightfall allows security teams to prioritize high-risk alerts, streamline manual work, and, ultimately, strengthen Reltio’s overall security posture.

Conclusion

By leveraging Nightfall's GenAI detection engine and time-saving features, Reltio is able to protect their customers’ data and streamline their security processes. “We trust Nightfall’s detectors to clean up,” says Cam. “We just let Nightfall do its magic.”

Nightfall Mini Logo

Getting started is easy

Install in minutes to start protecting your sensitive data.

Get a demo