Challenge
- As a digital health company that allows providers to provide personalized experiences for patients, Vital takes PHI security seriously.
- Vital is a fast growing cloud-first organization that was looking to avoid cumbersome security solutions that would impact its growth and efficiency.
Solution
- Nightfall serves as a single pane of glass for Vital, simplifying security to a single dashboard where Vital can control where Nightfall is deployed and what it detects across all its cloud apps.
- Nightfall's high accuracy detection has helped Vital prove its HIPAA compliance policies and program as the company contiunes to grow.
Building a remote-first & HIPAA-compliant org
Vital serves to not only make patient care easier to manage on the provider side, but it enhances the patient experience by giving patients up-to-date, real-time information about their visit. Because Vital integrates and closely interacts with healthcare providers to enable its service, the company has PHI and other sensitive data in its systems, which Vital’s security team must monitor closely to protect against cyber threats and ensure compliance with HIPAA.
As an early stage startup disrupting a legacy industry, communications within Vital must keep pace with the speed at which internal teams operate. As such, it’s no surprise that Vital is a remote-first organization, leveraging a wide range of cloud applications like Slack, Confluence, and Jira for instant collaboration. Akhil Sharma, head of security and compliance at Vital, identified these tools as an especially important area of risk, given the role they play within the organization.
“We wanted to handle PHI in a sensible way and Nightfall DLP helps us in doing this because those three tools don't provide DLP out of the box. Also, because we are going for SOC 2 and HITRUST, Nightfall enables us to meet those control objectives.” says Akhil.
Being a healthcare technology provider, HITRUST is of special importance to Vital, especially when it comes to aspects like HITRUST’s Data Protection & Privacy control domain.
For Akhil, Nightfall is an integral part of remaining inline with controls and practices recommended by the framework. This is because Nightfall leverages machine learning detectors explicitly trained on common types of PII and PHI, as well as the contexts this data is often found in. This lets Nightfall search for sensitive data in messages, files, and images. Connecting to popular cloud apps via API, Nightfall continuously monitors these applications for violations of data security policies you create, allowing you to be in control of when and where PHI is allowed to be shared. Within Slack, this includes both public and private channels, as well as channels shared between organizations.
Additional features, like end-user notifications for policy violations, turn alerts into teachable moments for employees who may unintentionally violate policy. This helps organizations build a more secure remote workforce and ultimately helps towards fulfilling aspects of the HIPAA Security Rule, that requires employees to be informed and educated about policies around the protection and disclosure of PHI.
“Nightfall DLP for Slack is so good that it keeps us in discipline when it comes to the kind of data flowing through Slack. There is a piece of data security awareness that comes with Nightfall because we can do everything within Slack, like notify users. The way it engages with the user is amazing.”
Akhil Sharma
Head of Security and Compliance
Streamlined data security workflows with Nightfall
Nightfall’s powerful detection capabilities comprise just one aspect of the platform. Like any good security application, Nightfall must be able to plug into a security team’s existing processes without disrupting workflows and provide valuable and meaningful alerts. Nightfall easily accomplishes both of these. Akhil was impressed by the ability to both receive violation alerts and remediate them from his team’s security alert channel. Because of this feature, Nightfall quickly became a favorite tool among Akhil’s team.
“The ability to alert, contain, and eradicate issues within Slack is my favorite feature. With any alerts that we get from Nightfall, we actually don't have to leave Slack. We get everything in Slack, and we can close the incident or issue from within Slack. We don't have to hop into different tools to look at one issue. Everything is in there.”
Akhil Sharma
Head of Security and Compliance
Nightfall lets Vital’s security team retain or streamline their data security workflows across Slack, Confluence, and Jira, the three applications Vital is currently securing with Nightfall. This has allowed for effectively one view and one truth within Vital’s security organization. This means that his team sees exactly where PHI is within these systems, and can remediate any policy violations through a singular process.
“Nightfall covers the tools that we use at Vital, like Confluence JIRA and Slack. We don't need to get DLP for Slack with one vendor, then for Confluence with another vendor. Nightfall gives us a DLP solution for all of these, and we can have one rule set and apply to all those different SaaS platform,” says Akhil.
Compliance made effortless
The real power of Nightfall for Vital is its ability as an enabler of compliance. Being responsible for both security and compliance means that Akhil’s team must prepare the organization for compliance audits in addition to managing and triaging security alerts.
“Because we operate in the healthcare industry,” says Akhil, “we handle PHI and Nightfall is part of our line of defenses. It gives us visibility in the tool sets in Slack, Confluence, and JIRA and helps us identify if there is any unintentional or intentional exposure of those data and helps us meet HIPAA and HITRUST, so we can prove our compliance to our customers.”
"Nightfall is part of our game plan for preventing data leaks. When it comes to sensitive information, time is really critical, and you want to be able to respond to those incidents really quickly. And when you see all the information Nightfall provides in front of you, it makes using the platform a no-brainer."
Akhil Sharma
Head of Security and Compliance
As a SOC 2 certified security vendor, Nightfall understands the importance and demands of compliance audits and is designed to help teams prove compliance. Alerts are detailed enough to provide the important information needed to track data security risk over time, something that is extremely useful for organizations that use security frameworks like HITRUST CSF to set their overall security strategy.