Video: How Bluecore protects PII, secrets, and credentials on Slack, Jira, and 1,500+ GitHub repos. Watch now ⟶
Klaviyo creates a more secure environment for their GitHub repos and strengthens customer trust with Nightfall
Klaviyo is a leading customer data and marketing automation platform dedicated to accelerating revenue and customer connections for online businesses. Klaviyo makes it easy to store, access, analyze and use transactional and behavioral data to power highly targeted customer and prospect communications. The company’s hybrid customer-data and marketing-platform model allows companies to grow by fostering direct relationships with customers, without giving up their valuable data to popular big-tech ad platforms.
Searching for sensitive data that could have been written to any one of their many code repositories is a huge task that eats up a lot of time and resources for Klaviyo’s Security Operations team. This takes away from other initiatives like building tools, running simulated attacks, and helping secure the rest of the company’s cloud infrastructure. Nightfall for GitHub is the secrets detection solution that’s streamlined, automated, and was easy to implement for Klaviyo.
Open source solutions alone were insufficient for secrets detection
Shaun DeWitt is Klaviyo’s Director of Security Operations. The Security Operations team monitors Klaviyo’s internal systems for potential issues such as security anomalies, misconfigurations, and risks, and has built alerting and automations to take actions to continuously improve and respond to security events. They started using open-source software to search for secrets within their code repos. This quickly became an untenable option as the tools couldn’t handle the large sizes of Klaviyo’s repos, and they didn’t integrate well enough with GitHub’s API to run efficiently.
“We couldn’t scan our repos as fast as we wanted,” says Shaun. “Even if we had code that was working 100 percent of the time, it was only able to scan all of our repositories as historical scans. To make this work the way we wanted, we would have to build tooling on the backend.”
Shaun’s team compared the open source solutions with what Nightfall for GitHub could do. Nightfall’s automated scans for secrets & credentials in Klaviyo’s GitHub repos outperformed the previous options they used, streamlining their entire detection and remediation process and reducing resources and bandwidth costs, all in one platform.
A seamless solution for protecting secrets & credentials in GitHub
“We tasked Nightfall to solve a few of our key initiatives,” says Shaun. “The first was to continuously monitor our repositories for secrets. It worked flawlessly. We can identify sensitive information and get alerted on it so we can review the findings and take action.”
“The second was historical repository investigations. With Nightfall, we can look back at alerts and identify events that may have been introduced into our environment that were deleted, so we can clean up any data we don’t want in our code base.”
“The third, which is the biggest proof of value for us, is reducing risk for the company. We removed the need to develop and maintain this hybrid solution ourselves. We no longer have to do ongoing support and maintenance on it. Nightfall removed that cost and added value as security support for our environment.”
The team receives Slack notifications on alerts so they can manage their remediation workflows in real time within the infrastructure they built. “We can login to our Nightfall dashboard when we see something that we think is worth a closer look from our Slack alerts,” says Shaun.
Nightfall also provides fast and easy remediation options for Klaviyo by allowing the team to send support tickets to engineering teams, directly from the Nightfall GitHub alerts. “Nightfall gives us a preview of lines of code where the sensitive data is flagged. We have the ability to go into there, get it, send it, or resolve it immediately. We appreciate that because it’s a seamless triage and resolution process,” says Shaun.
Nightfall DLP is a trust symbol for Klaviyo
Nightfall solved the immediate need for Klaviyo to manage their secrets detection and remediation in GitHub more efficiently. Shaun’s team also gets added value from integrating data loss prevention (DLP) into their overall security strategy — and the associated symbol of trust that comes with DLP.
“For us, DLP is a risk reduction tool,” says Shaun. “It allows us to reduce exposing sensitive data in our repos. We also prevent data from leaking when someone leaves our organization.”
Klaviyo’s customers can trust that the security team is working with the strongest data security standards and putting platforms in place to ensure Klaviyo’s code bases are protected against secrets disclosure. Nightfall for GitHub makes this trust symbol attainable for Klaviyo and other companies looking to build custom solutions to prevent data sprawl and leakage.
“By preventing sensitive data from reaching our code repositories, we reduce the chances of data exposure. For us, DLP is the ability to reduce risk for the company and allows us to build customer trust.”
Nightfall is the industry’s first cloud-native DLP platform that discovers, classifies, and protects data via machine learning. Nightfall is designed to work with popular SaaS applications like Slack, Google Drive, GitHub, Confluence, Jira, and many more via our Developer Platform. You can schedule a demo with us below to see the Nightfall platform in action.
Schedule a Demo
Select a time that works for you below for 30 minutes. Once confirmed, you’ll receive a calendar invite with a Zoom link. If you don’t see a suitable time, please reach out to us via email at email@example.com.