Enhancing Data Security at Sigma Computing with Normalyze
Size: 500 employees
Business Problem
Solution
Why Sigma Chose Normalyze
- Normalyze empowered Sigma’s team to identify and mitigate data risks efficiently.
- Normalyze enabled Sigma’s to present data risks to the management via an easy-to-understand dashboard.
- The platform enabled seamless collaboration between IT and cloud teams.
Challenges Faced
1. Understanding the Data Landscape
The first challenge was to gain a comprehensive understanding of the data the company owned. With data spread across different cloud environments, varying data types (customer and internal), and petabyte-scale amounts of data, discovering and classifying data stores became crucial.
2. Tailoring Security Solutions for a Cloud-Native Environment
Being a cloud-native organization implies more data movement and more internal teams having control over when and how data moves, making data visibility challenging for security teams. The existing security controls needed to be tailored more linearly for scalability and efficiency in order to provide the necessary visibility to Gupta’s executive team. For example, enabling end users with a wide range of SaaS applications made it difficult to determine where they store their data. Gupta had to evaluate various solutions to address their challenges, including securing data in motion and data at rest.
3. Assessing Risk with Data Sprawl
The data sprawl that comes with running Sigma’s services in all leading cloud platforms, supporting numerous data warehouses, IaaS, and PaaS environments, on top of all of their in-house software posed a significant challenge. Existing solutions focused primarily on cloud configuration, leaving gaps in understanding data and data security posture. Gupta needed a solution that could provide comprehensive visibility into where data was located, the type of data stored, and the associated risk posture. He undertook a thorough data risk assessment to identify gaps and implemented data governance policies to reduce risks. This involved addressing both software- and infrastructure-level challenges, ensuring a holistic approach to data security.
Head of Security & GRC at Sigma
Solution
Benefits of Normalyze
1. Analysts’ Use Cases
Normalyze’s predefined signatures enabled Sigma’s analysts to identify different types of risks, their likelihood, and their impact. They could quickly determine exactly where sensitive data such as personally identifiable information (PII) or HIPAA or payment card industry (PCI) data resided. This visibility empowered their analysts to focus on protecting the most sensitive data and this helped streamline their analysis, triaging, and remediation processes./p>
2. CISO’s Use Case
Mr. Gupta leveraged Normalyze to present data risks to his management. The platform provided him with an easy-to-understand dashboard, visualizing their data risk posture and their associated frameworks. He could effectively communicate the organization’s data risk posture, data storage locations, and compliance posture, making it easier for management to make informed decisions.
3. Collaboration and Alignment
In addition to the IT, GRC, and cloud teams reporting to Gupta, he also works closely with other teams who have access to Normalyze data. Normalyze facilitates a shared view of data issues, enabling a comprehensive understanding of their significance and allowing teams to align on prioritizing high-risk areas. This collaborative approach ensures seamless coordination in resolving data risks, with regular reviews and prompt remediation actions. The shared responsibility among teams involved in managing the cloud environment further enhances the efficiency and effectiveness of security improvements.
Head of Security & GRC at Sigma
Results
1. Enhanced Data Security
With Normalyze, Sigma achieved a more robust and scalable data security program. The platform enabled them to address configuration and data-related risks, reducing the risk of potential breaches and ensuring data protection.
2. Improved Risk Visibility
Normalyze provided a comprehensive dashboard that showcased data risks, security scorecards, and trend analysis, enabling clear communication with the management /executive team(s). These tools allowed him to demonstrate the progress made quarter over quarter. By presenting data-related risks, data locations, compliance frameworks, and the ongoing progress in addressing security concerns, Gupta ensured better understanding and decision-making within the management hierarchy.
3. Efficient Remediation
Normalyze streamlined their workflow for risk resolution. The platform empowered analysts to identify risks, collaborate with other teams, and resolve issues promptly. Integrating IT and cloud teams under Gupta’s leadership further facilitated efficient remediation actions.
Conclusion
By implementing Normalyze, Sigma Computing has successfully built a robust security program to secure customer and internal data. The platform’s data discovery, risk assessment, and governance features provided visibility and control over their entire data landscape. With Normalyze, Sigma Computing enhanced its data security posture, mitigated data risks, and strengthened its overall security program.