Enhancing Data Security at Sigma Computing with Normalyze

Sigma Computing (Sigma) is a cloud-native data analytics platform that provides services for analytics on various cloud data warehouses. As a data-heavy company, Sigma needed to ensure data security was a top priority. Rahul Gupta, the Head of Security & GRC, was tasked with building a robust security program focused on data protection.
www.sigmacomputing.com
Industry: Information Technology

Size: 500 employees

Business Problem
Sigma’s Head of Security wanted to ensure data security in a cloud-native environment. With data moving across different cloud environments and growing exponentially, it became crucial for the company to prioritize data security and embed it as part of its security strategy. A DSPM solution would provide visibility and control over their cloud data challenges, establish security and mitigate risks.
Solution
With Normalyze, Sigma strengthened its data security program and successfully addressed the challenges a cloud-native environment poses. With enhanced risk visibility, streamlined workflows, and team collaboration, Sigma achieved a higher level of data protection and compliance, ensuring customer and internal data security.
Why Sigma Chose Normalyze
  • Normalyze empowered Sigma’s team to identify and mitigate data risks efficiently.
  • Normalyze enabled Sigma’s to present data risks to the management via an easy-to-understand dashboard.
  • The platform enabled seamless collaboration between IT and cloud teams.
Data-first cloud security
Challenges Faced
1. Understanding the Data Landscape

The first challenge was to gain a comprehensive understanding of the data the company owned. With data spread across different cloud environments, varying data types (customer and internal), and petabyte-scale amounts of data, discovering and classifying data stores became crucial.

 

2. Tailoring Security Solutions for a Cloud-Native Environment

Being a cloud-native organization implies more data movement and more internal teams having control over when and how data moves, making data visibility challenging for security teams. The existing security controls needed to be tailored more linearly for scalability and efficiency in order to provide the necessary visibility to Gupta’s executive team. For example, enabling end users with a wide range of SaaS applications made it difficult to determine where they store their data. Gupta had to evaluate various solutions to address their challenges, including securing data in motion and data at rest.

 

3. Assessing Risk with Data Sprawl

The data sprawl that comes with running Sigma’s services in all leading cloud platforms, supporting numerous data warehouses, IaaS, and PaaS environments, on top of all of their in-house software posed a significant challenge. Existing solutions focused primarily on cloud configuration, leaving gaps in understanding data and data security posture. Gupta needed a solution that could provide comprehensive visibility into where data was located, the type of data stored, and the associated risk posture. He undertook a thorough data risk assessment to identify gaps and implemented data governance policies to reduce risks. This involved addressing both software- and infrastructure-level challenges, ensuring a holistic approach to data security.

“A Security Leader’s job is becoming difficult because data is moving into different spaces, the volume of data is growing, and it’s getting more difficult to understand where data lives and what you need to protect within the cloud environments.”
Rahul Gupta
Head of Security & GRC at Sigma
Solution
Sigma evaluated various solutions and chose Normalyze to address its data security challenges. Normalyze offered a comprehensive platform that provided visibility and control over data and cloud infrastructure risks.
Benefits of Normalyze
1. Analysts’ Use Cases

Normalyze’s predefined signatures enabled Sigma’s analysts to identify different types of risks, their likelihood, and their impact. They could quickly determine exactly where sensitive data such as personally identifiable information (PII) or HIPAA or payment card industry (PCI) data resided. This visibility empowered their analysts to focus on protecting the most sensitive data and this helped streamline their analysis, triaging, and remediation processes./p>

2. CISO’s Use Case

Mr. Gupta leveraged Normalyze to present data risks to his management. The platform provided him with an easy-to-understand dashboard, visualizing their data risk posture and their associated frameworks. He could effectively communicate the organization’s data risk posture, data storage locations, and compliance posture, making it easier for management to make informed decisions.

3. Collaboration and Alignment

In addition to the IT, GRC, and cloud teams reporting to Gupta, he also works closely with other teams who have access to Normalyze data. Normalyze facilitates a shared view of data issues, enabling a comprehensive understanding of their significance and allowing teams to align on prioritizing high-risk areas. This collaborative approach ensures seamless coordination in resolving data risks, with regular reviews and prompt remediation actions. The shared responsibility among teams involved in managing the cloud environment further enhances the efficiency and effectiveness of security improvements.

“I always want Security Engineers and analysts to be focused on true events because, at the end of the day, they need a solution to get the right visibility, which they were lacking. That’s how we concluded on what solution we needed to deploy across the board, and that was Normalyze.”
Rahul Gupta
Head of Security & GRC at Sigma
Results
1. Enhanced Data Security

With Normalyze, Sigma achieved a more robust and scalable data security program. The platform enabled them to address configuration and data-related risks, reducing the risk of potential breaches and ensuring data protection.

2. Improved Risk Visibility

Normalyze provided a comprehensive dashboard that showcased data risks, security scorecards, and trend analysis, enabling clear communication with the management /executive team(s). These tools allowed him to demonstrate the progress made quarter over quarter. By presenting data-related risks, data locations, compliance frameworks, and the ongoing progress in addressing security concerns, Gupta ensured better understanding and decision-making within the management hierarchy.

3. Efficient Remediation

Normalyze streamlined their workflow for risk resolution. The platform empowered analysts to identify risks, collaborate with other teams, and resolve issues promptly. Integrating IT and cloud teams under Gupta’s leadership further facilitated efficient remediation actions.

Conclusion

By implementing Normalyze, Sigma Computing has successfully built a robust security program to secure customer and internal data. The platform’s data discovery, risk assessment, and governance features provided visibility and control over their entire data landscape. With Normalyze, Sigma Computing enhanced its data security posture, mitigated data risks, and strengthened its overall security program.

Contact Us

We thrive on innovation, collaboration, transparency and building great tech, while having fun and creating a community around our customers, partners and employees.

FEATURED

Gartner® Innovation Insight: Data Security Posture Management

FEATURED

DSPM-chat-Richard Stiennon-Ravi-Ithal-Normalyze
Improve Cloud Security: Dark Reading Interviews Ravi Ithal