Video: How Bluecore protects PII, secrets, and credentials on Slack, Jira, and 1,500+ GitHub repos. Watch now ⟶
Bluecore protects sensitive information and manages data leak risk in their SaaS environments with Nightfall
Bluecore provides multi-channel personalization for large retail organizations with a focus on driving eCommerce revenue through customer acquisition and retention. Any time you walk through a shopping center or browse online, you’ll see some of the over 400 brands that Bluecore empowers to build superior shopper experiences, including Express, Teleflora, Bass Pro Shops, Jockey and NOBULL.
Security is a top priority for Bluecore, as they manage a portfolio full of the world’s biggest retail brands. To efficiently manage the customer data within their SaaS platforms like GitHub, Slack, and Jira, the security team at Bluecore relies on Nightfall to accurately detect personally identifiable information (PII), credentials, and secrets. Nightfall allows the team to identify the data that does not belong in those systems, and take the proper actions to classify and protect sensitive data at risk.
Data privacy starts with security
One of Bluecore’s security priorities is to achieve high standards for data privacy within their SaaS platforms. CISO Brent Lassi and his team view data privacy as critically important for the retail industry they serve at Bluecore. While trying to classify and protect data in their GitHub repositories, the Bluecore security team became concerned about the possibility of credentials that might be resident in source code or infrastructure-as-code repositories. Brent and his team needed a solution that could accurately detect large amounts of sensitive data which is why they decided to purchase Nightfall.
“Our CEO identified Slack as another area of concern for data loss,” says Brent. “There’s a lot of data out there in SaaS platforms, and it’s all in somebody else’s hands. Many people don’t think that when they post something in Slack, they’re posting it to someone else’s servers that are beyond the organization’s control and incident response. So I started looking at ways to manage this risk with a custom solution.”
Nightfall provides the data loss prevention (DLP) coverage Bluecore needs to perform regular data hygiene assessment in their SaaS applications across GitHub, Jira, and Slack with custom scans and rule sets.
Cloud-native security for a cloud-first organization
Bluecore is a 100% cloud-first organization. All applications they run are SaaS based, and they have no on-prem systems. Speed and efficiency are upsides of this configuration for Bluecore, but without a traditional security perimeter, the Bluecore team must define their data hygiene policies in new, more flexible terms.
“To do data hygiene well, we need to keep our systems squeaky clean. We need a tool that can inspect a given platform without being directly in the path of data flows,” says Brent.
The Bluecore security team uses Nightfall to monitor secrets storage and sharing across their GitHub, Slack, and Jira. As a cloud-native data security solution, Nightfall consolidates everything into one platform so Brent and his team can manage alerts and detect sensitive data where it doesn’t belong. Each solution is configured to classify and protect sensitive information based on Bluecore’s unique needs and requirements for data security: protection of secrets and credentials in GitHub, improper sharing of sensitive data Slack, and correctly flagging potential data risk in Jira.
The flexibility of Nightfall helps the Bluecore security team craft a topnotch security and compliance program for their employees. As part of enforcing better data protection, Brent and his team are leveraging the insights from Nightfall to educate their employees on how to be mindful of what sensitive information to not share.
Speed makes securing their SaaS easier for Bluecore
Over the course of the long-term utilization of Nightfall, Bluecore has seen the impact of protecting sensitive information and managing data risk in SaaS environments. The benefits show up in unexpected places — such as building trust with their customers and generating more business.
“Nightfall helps us prove to our customers that we have a high level of hygiene diligence. Our clients want to know that we’re responsibly managing their data,” says Brent.
The ease of use and especially speed of Nightfall’s detection provides indispensable value for Bluecore. “The Nightfall console is really straightforward and has allowed us to put together some new ideas, like combining rule sets between integrations. The speed with which Nightfall can assess a GitHub repository is mind-blowing. We have over 1,500 repositories at Bluecore and some of them hold a significant amount of data. I expected these scans would take 12-plus hours. Nightfall’s scans usually finish in less than an hour,” says Brent.
“Nightfall has consistent detectors so I can create rule sets that work across all my integrations. I don’t have to wonder how Jira or Google Drive handles their DLP algorithm. I know how Nightfall’s classification and detection algorithms work. I have a lot more clarity when managing my DLP with Nightfall.”
Nightfall is the industry’s first cloud-native DLP platform that discovers, classifies, and protects data via machine learning. Nightfall is designed to work with popular SaaS applications like Slack, Google Drive, GitHub, Confluence, Jira, and many more via our Developer Platform. You can schedule a demo with us below to see the Nightfall platform in action.
Schedule a Demo
Select a time that works for you below for 30 minutes. Once confirmed, you’ll receive a calendar invite with a Zoom link. If you don’t see a suitable time, please reach out to us via email at firstname.lastname@example.org.