Aviv Zisso

The recent webinar, featuring SoFi’s Director of Product Security, Pritam H Mungse, along with Senior Staff Application Security Engineer, Zachary Schulze, and Sentra’s Director of Customer Success, Aviv Zisso, provided valuable insights into managing data security in cloud-native environments. This discussion is crucial for organizations grappling with the challenges of data sprawl, security, and compliance in the ever-evolving digital landscape.

Understanding the Challenges

The webinar kicked off by exploring complexities faced by security teams in cloud-native environments. Pritam highlighted issues such as data duplication, lack of visibility, and the risks of unauthorized access and compliance violations.

These challenges emphasize the importance of developing robust strategies for data management and protection in cloud environments. Businesses need to be smart about how they manage and protect their data in the cloud. It's not just a one-and-done thing; it's an ongoing process of figuring out the best way to keep your data safe in the ever-changing world of cloud computing.

Proactive Data Protection: The Starting Point

A significant portion of the discussion centered on proactive data protection. The speakers emphasized understanding where and how data is stored and accessed in the cloud. Pritam noted, “understanding where your data is...is the first step for you to be able to say, now I can protect that data.” This statement encapsulates the essential first step in any data security strategy: gaining visibility into data creation and storage.

Prioritizing Risks: Aligning with Organizational Goals

Addressing the challenge of risk prioritization, the conversation shifted to aligning security measures with the organization's goals and risk appetite. Pritam elaborated on the importance of this alignment and the need for a well-defined internal policy framework to guide the prioritization process effectively.

Action and Remediation: Building a Framework

The panelists then delved into the processes of taking action and remediating potential data security issues. They discussed the need for systematic and repeatable approaches to address data security concerns, emphasizing the significance of a structured remediation framework within organizations. This makes it clear that building a robust framework is also an investment in the ongoing health and strength of an organization's data security. This strategic focus helps organizations navigate current challenges while also positioning them to proactively address future threats in an ever-evolving digital landscape.

Leveraging Sentra for Enhanced Data Security

SoFi's experience with Sentra formed a core part of the discussion, highlighting three main usage aspects:

• Data Catalog Creation: Utilizing Sentra's discovery and classification capabilities, SoFi developed a centralized data catalog, enhancing the visibility and management of their data. Zach shared, “The next almost natural step to that is like the creation of a single place to understand and direct you to where all this data actually exists.”

• Compliance Adherence: The webinar explored how SoFi used Sentra to map data to various compliance frameworks. Zach discussed the importance of custom data classes and policies, allowing for alignment with both industry standards and internal requirements. Sentra's capabilities extended beyond mere automation, becoming an integral part of SoFi's proactive approach to meeting and exceeding compliance expectations.

• Data Access Governance: The conversation also covered how Sentra improved SoFi’s data access governance. Pritam highlighted, “being able to go from a different lens and answer those questions is super nice.” This reflects the depth of insight and control that Sentra provided in managing data access.

The Critical Role of Accurate Data Classification

Accurate data classification was a key topic, with the speakers discussing the challenges and importance of correctly identifying sensitive data. They stressed that accurate classification is foundational to successful data security programs, as it directly impacts the effectiveness of protection strategies. Further, they discussed how automating data classification with Sentra proved crucial in their diverse data ecosystem, spanning various stores and cloud environments. Manual classification, given the complexity, would have taken a very long time, making the automated approach significantly valuable in streamlining the process and ensuring timely and accurate identification of sensitive data.

Integrating Sentra into SoFi’s Security Framework

The webinar concluded with reflections on the integration of Sentra into SoFi's existing security workflows and policies. The speakers underscored how Sentra's capabilities have been instrumental in SoFi's efforts to tackle data security challenges comprehensively, from discovery and classification to compliance adherence and governance.

‍

The insights from SoFi’s journey provide valuable lessons for organizations looking to enhance their data security in cloud-native environments. The discussion highlighted the importance of visibility, accurate classification, and a structured approach to data security, underlining the benefits of integrating advanced tools like Sentra into security strategies.

‍

Watch the full SoFi webinar recording.‍

As the Director of Customer Success at Sentra, I've embarked on an amazing journey witnessing the transformative impact our Data Security Posture Management (DSPM) platform has on organizations, particularly in the dynamic landscape of Fintech and e-commerce. Today, I'm excited to share some firsthand insights into the benefits our customers have experienced, demonstrating the core use cases that set Sentra apart.

Online Retail Leader Ensures Regulatory Compliance with Ease

In an era of ever-evolving data security and compliance regulations like GDPR, PCI-DSS, and local ones like CCPA and India’s DPDPA, Sentra has emerged as a steadfast ally for organizations in their quest for improved data security. The core of what Sentra does—discovery and accurate classification of cloud data—is the cornerstone of maintaining a data security policy in growing complex environments. I've seen our customers better align their data security practices with the latest regulatory standards, gaining not just compliance but also a competitive edge by demonstrating a commitment to safeguarding sensitive information.

Example:

A strong example was when I worked closely with a leading e-commerce provider facing a GDPR compliance challenge. Unbeknownst to them, sensitive customer Personally Identifiable Information (PII) data was being duplicated across regions. Within a few hours of deploying Sentra, our platform discovered this critical data residency issue, allowing the organization to swiftly rectify the situation and fortify their compliance stance.

Global Payment Processing Company Reduces Data Attack Surface and Costs

Sentra's expertise in the ability to reduce the data attack surface by mitigating shadow data and enforcing data lifecycle policies has become a game-changer in a cost aware environment. The accurate classification of cloud data not only enhances security but also leads to substantial savings. Our customers have reported streamlined operations, reduced storage costs, and a more efficient use of resources, thanks to Sentra's proactive approach to data management.

Example:

A Fintech startup witnessed a significant reduction in storage utilization and costs by leveraging Sentra's data lifecycle policies. The platform's unique ability to group objects on Blob storage (such as S3, GCS and Azure Blob) provides a one-of-a-kind high level view of groups of objects which are not being used and are stored in an expensive storage tier. Sentra detected multiple cases of inefficient storage for such archives, which resulted in an increase of $50,000 a month in their monthly cloud bill, and this was quickly remediated.

Fintech Startup Implements Least Privilege Access and Access Governance

In the realm of sensitive data, implementing Least Privilege Access and Access Governance is paramount. Sentra empowers organizations to fortify their defenses by ensuring that only authorized personnel have access to sensitive information, and by creating a crystal clear data access graph for every identity. The accurate classification of cloud data enhances control over data, supporting routine access reviews, reducing the potential blast radius of a security incident.

Example:

In response to a suspected security incident, one of our forward-thinking financial customers leveraged Sentra to enhance their access governance. Sentra's detection capabilities pinpointed unnecessary permissions, prompting the organization to swiftly reduce them. This proactive measure not only mitigated the risk of potential breaches but also elevated the overall security posture.

‍

Global Payroll Solution Provider Enriches Metadata Catalogs for Robust Data Governance

Sentra can also help enrich metadata catalogs for comprehensive data governance. The accurate classification of cloud data provides advanced classification labels and automatic discovery, enabling organizations to gain deeper insights into their data landscape. This not only enhances data governance but also provides a solid foundation for informed decision-making.

‍

Example:

I'm thrilled to share the success of an ongoing cataloging project with another customer, a prominent player in the finance sector. Prior to Sentra, they were manually classifying data within Snowflake using tags. However, Sentra's automatic classification process and Snowflake integration has become a game-changer, saving tons of time for their data owners and engineers. This efficiency not only expedites their cataloging project but also positions them for future audits with unparalleled ease.


At Sentra, I believe we go beyond providing a solution; we're here to help you build a secure and compliant data environment. The success stories shared here underscore the dedication and innovation our customers bring to the table, and I’m honored to be a part of it.

‍

If you are eager to explore how Sentra can elevate your data security posture, don't hesitate to reach out. Let's embark on this journey together, where security meets success.

The Growing Challenge for Enterprise Data Security

Enterprises are facing a unique set of challenges when it comes to managing and protecting their data. From my experience with customers, I’ve seen these challenges intensify as data governance frameworks struggle to keep up with evolving environments. Data is not confined to a single location - it’s scattered across different environments, from cloud platforms to on-premises servers and various SaaS applications. This distributed and siloed data stores model, while beneficial for flexibility and scalability, complicates data governance and introduces new security and privacy risks.

Many organizations now manage petabytes of constantly changing information, with new data being created, updated, or shared every second. As this volume expands into the hundreds or even thousands of petabytes (exabytes!), keeping track of it all becomes an overwhelming challenge.

The situation is further complicated by the rapid movement of data. Employees and applications copy, modify, or relocate sensitive information in seconds, often across diverse environments. This includes on-premises systems, multiple cloud platforms, and technologies like PaaS and IaaS. Such rapid data sprawl makes it increasingly difficult to maintain visibility and control over the data, and to keep the data protected with all the required controls, such as encryption and access controls.

The Complexities of Access Control

Alongside data sprawl, there’s also the challenge of managing access. Enterprise data ecosystems support thousands of identities (users, apps, machines) each with different levels of access and permissions. These identities may be spread across multiple departments and accounts, and their data needs are constantly evolving. Tracking and controlling which identity can access which data sets becomes a complex puzzle, one that can expose an organization to risks if not handled with precision.

For any enterprise, having an accurate, up-to-date view of who or what has access to what data (and why) is essential to maintaining security and ensuring compliance. Without this visibility and control, organizations run the risk of unauthorized access and potential data breaches.

The Need for Automated Data Risk Assessment 

In today’s data-driven world, security analysts often discover sensitive data in misconfigured environments—sometimes only after a breach—leading to a time-consuming process of validating data sensitivity, identifying business owners, and initiating remediation. In my work with enterprises, I’ve noticed this process is often further complicated by unclear ownership and inconsistent remediation practices.

With data constantly moving and accessed across diverse environments, organizations face critical questions: 

• Where is our sensitive data?
• Who has access? 
• Are we compliant? 

Addressing these challenges requires a dynamic, always-on approach with trusted classification and automated remediation to monitor risks and enforce protection 24/7.

The Scale of the Problem

For enterprise organizations, scale amplifies every data management challenge. The larger the organization, the more complex it becomes to ensure data visibility, secure access, and maintain compliance. Traditional, human-dependent security approaches often struggle to keep up, leaving gaps that malicious actors exploit. Enterprises need robust, scalable solutions that can adapt to their expanding data needs and provide real-time insights into where sensitive data resides, how it’s used, and where the risks lie.

The Solution: Data Security Platform (DSP)

Sentra’s Cloud-native Data Security Platform (DSP) provides a solution designed to meet these challenges head-on. By continuously identifying sensitive data, its posture, and access points, DSP gives organizations complete control over their data landscape.

Sentra enables security teams to gain full visibility and control of their data while proactively protecting against sensitive data breaches across the public cloud. By locating all data, properly classifying its sensitivity, analyzing how it’s secured (its posture), and monitoring where it’s moving, Sentra helps reduce the “data attack surface” - the sum of all places where sensitive or critical data is stored.

Based on a cloud-native design, Sentra’s platform combines robust capabilities, including Data Discovery and Classification, Data Security Posture Management (DSPM), Data Access Governance (DAG), and Data Detection and Response (DDR). This comprehensive approach to data security ensures that Sentra’s customers can achieve enterprise-scale protection and gain crucial insights into their data. Sentra’s DSP offers a distinct layer of data protection that goes beyond traditional, infrastructure-dependent approaches, making it an essential addition to any organization’s security strategy.

By scaling data protection across multiple clouds and on-premises, Sentra enables organizations to meet the demands of enterprise growth and keep up with evolving business needs. And it does so efficiently, without creating unnecessary burdens on the security teams managing it.

How a Robust DSP Can Handle Scale Efficiently

When selecting a DSP solution, it's essential to consider: How does this product ensure your sensitive data is kept secure no matter where it moves? And how can it scale effectively without driving up costs by constantly combing through every bit of data?

The key is in tailoring the DSP to your unique needs. Each organization, with its variety of environments and security requirements, needs a DSP that can adapt to specific demands. At Sentra, we’ve developed a flexible scanning engine that puts you in control, allowing you to customize what data is scanned, how it is tagged, and when. Our platform incorporates advanced optimization algorithms to keep scanning costs low without compromising on quality.

Priority Scanning

Do you really need to scan all the organization’s data? Do all data stores and assets hold the same priority? A smart DLP solution puts you in control, allowing you to adjust your scanning strategy based on the organization's specific priorities and sensitive data locations and uses. 

For example, some organizations may prioritize scanning employee-generated content, while others might focus on their production environment and perform more frequent scans there. Tailoring your scanning strategy ensures that the most important data is protected without overwhelming resources.

Smart Sampling

Is it necessary to scan every database record and every character in every file? The answer depends on your organization’s risk tolerance. For instance, in a PCI production environment, you might reduce the amount of sampling and scan every byte, while in a development environment you can group and sample data sets that share similar characteristics, allowing for more efficient scanning without compromising on security.

‍Delta scanning (tracking data changes) 

Delta scanning focuses on what matters most by selectively scanning data that poses a higher risk. Instead of re-scanning data that hasn’t changed, delta scanning prioritizes new or modified data, ensuring that resources are used efficiently. This approach helps to reduce scanning costs while keeping your data protection efforts focused on what has changed or been added.

A smart DLP will run efficiently and prioritize “new data” over “old data”, allowing you to optimize your scanning costs.  

On-Demand Data Scans

As you build your scanning strategy, it is important to keep the ability to trigger an immediate scan request. This is handy when you’re fixing security risks and want a short feedback loop to verify your changes. 

This also gives you the ability to prepare for compliance audits effectively by ensuring readiness and accurate and fresh classification.

Balancing Scan Speed and Cost

Smart sampling enables a balance between scan speed and cost. By focusing scans on relevant data and optimizing the scanning process, you can keep costs down while maintaining high accuracy and efficiency across your data landscape.

Achieve Scalable Data Protection with Cloud-Native DSPs

As enterprise organizations continue to navigate the complexities of managing vast amounts of data across multiple environments, the need for effective data security strategies becomes increasingly critical. The challenges of access control, risk analysis, and scaling security efforts can overwhelm traditional approaches, making it clear that a more automated, comprehensive solution is essential. A cloud-native Data Security Platform (DSP) offers the agility and efficiency required to meet these demands. 

By incorporating advanced features like smart sampling, delta scanning, and on-demand scan requests, Sentra’s DSP ensures that organizations can continuously monitor, protect, and optimize their data security posture without unnecessary resource strain. Balancing scan frequency, sensitivity and cost efficiency further enhances the ability to scale effectively, providing organizations with the tools they need to manage data risks, remain compliant, and protect sensitive information in an ever-evolving digital landscape.

If you want to learn more, talk to our data security experts and request a demo today.