Nowadays, data breaches are a common occurrence. Businesses are increasingly turning toward sophisticated solutions to safeguard their sensitive information. To enhance data security and compliance, Sequoia adopted a SaaS-based security platform. The primary objective of this initiative is to enhance data security and ensure compliance across all data stores, with a keen focus on identifying and protecting sensitive data. By leveraging enhanced monitoring tools, Sequoia aims to automate the process of data discovery and classification, thereby reducing the risk of data exposure and loss.

Understanding the Need for Comprehensive Data Monitoring

Our sensitive data monitoring tool represents a paradigm shift in how we handle customer data within our environments. This tool is not just about protection, it’s about proactively identifying and securing customer data. By preemptively detecting opportunities for data loss or exfiltration, we’ve added a layer of security that goes beyond traditional reactive measures. The tool’s scanning process encompasses multiple data sources, offering a three-fold approach:

  • Inventory scans: These initial scans catalog each dataset along with its corresponding roles and permissions, laying the groundwork for a secure data landscape.
  • Data classification scans: Following the inventory, it dives deeper, pinpointing sensitive data within these datasets. This step is crucial for understanding where our most critical data resides and how it’s exposed.
  • Security analysis: The final step involves our security team analyzing the findings, identifying any datasets that are not in conformance or potentially exposed, and ensuring that we stay ahead of any vulnerabilities.

Key Outcomes of Implementation of Data Security Tools

Sequoia’s implementation of data security tools has resulted in comprehensive coverage, including:

  • Comprehensive coverage: By deploying tools across our infrastructure, we aim to create a unified and robust security posture ensuring no data store is left unprotected.
  • Proactive data exposure identification: The operationalization of processes for identifying potential data exposures is a game-changer. It enables us to detect and triage risks before they escalate, ensuring proactive mitigation.
  • Enhanced accuracy: Training the model on Sequoia’s User Acceptance Testing (UAT) data set is a strategic step to minimize false positives. This refinement enhances the accuracy of data classification and threat detection, allowing our security team to focus on genuine threats.
  • Data sovereignty and confidentiality: At the heart of our efforts is the unwavering commitment to maintain the security, confidentiality, and sovereignty of sensitive Sequoia data. Implementing the solution reinforces our defense mechanisms, ensuring that our data, especially PII/PHI, is protected with the latest technologies against unauthorized access and breaches.

Strategic Implementation Steps

To ensuring the effectiveness and robustness of our data security measures, we implemented the following:

  • Data store identification: A foundational step in this initiative is the comprehensive identification of all sensitive data. This ensures that every piece of data, regardless of its location, is accounted for and protected.
  • Data classification: By classifying PII/PHI data, we establish clear demarcations between sensitive and nonsensitive data, enabling targeted security measures where they are needed the most.
  • Ghost data store identification: Uncovering ghost data stores, particularly those containing PII, helps us close gaps in our data security framework, ensuring that no data escapes our vigilance.
  • Access control: Identifying roles and permissions that grant access to PII is crucial for enforcing the principle of least privilege, ensuring that only authorized personnel have access to sensitive data.
  • Public exposure assessment: Identifying data stores that are open to the public allows us to quickly remediate and secure exposed data, significantly reducing the risk of a data breach.
  • Encryption enforcement: By identifying data stores without encryption, we can take immediate steps to secure the data at rest, ensuring that all data is encrypted according to industry best practices.
  • Integration with Jira: Integrating with Jira streamlines the process of issue tracking and resolution, ensuring swift action on potential security threats and vulnerabilities.

Ensuring Data Security with Data Security Tools

When integrating third-party tools, especially those handling sensitive data, maintaining data security is paramount. Recognizing this, we’ve taken significant measures to ensure that the implementation of our data security and DLP tools aligns with our stringent security standards. To begin with, we’ve established a dedicated Infrastructure as a Service (IaaS) account solely for managing our data security scanning infrastructure. This isolated account provides an added layer of security and control over the scanning process, ensuring that our data remains protected within a secure environment.

Moreover, we have adopted the outpost deployment model, which ensures that no data leaves our account. All scanning activities and data analyses are conducted within our secured IaaS environment. This approach offers peace of mind by guaranteeing that our data remains within our controlled infrastructure, further safeguarding it from potential external threats. As an additional precaution, we’ve disabled the viewing of sample data on the tool’s dashboard. This measure ensures that sensitive data remains confidential and secure, preventing unauthorized access and exposure.

By implementing these comprehensive security measures, we have fortified our data security framework, ensuring that our sensitive data is consistently protected. This proactive approach reflects our unwavering commitment to maintaining the highest standards of data protection and confidentiality, reinforcing the trust our clients place in us to safeguard their information.

Moving Forward

Sequoia is constantly investing in more modern technology to proactively shape the future of data security. This commitment goes beyond enhancing our security posture. It’s about reinforcing the trust that our clients place in us to protect their data. As we advance, our dedication to transparency, excellence, and continuous improvement in our data security and privacy practices ensures that Sequoia remains at the forefront of industry standards.

Petros Rotsidis — As VP of Security, Petros is responsible for overseeing the Security Program at Sequoia and supervising the IT function. He works collaboratively across the organization to protect Sequoia’s systems and data, as well as our clients’ data and to support the company’s growth. In his free time he enjoys hiking, playing tennis, running, snowboarding, and experiencing new cultures and landscapes.