7 PB

of data discovered, classified, and secured

90%

more data visibility

More

efficient incident response

Overview

A global fintech company faced significant challenges in securing its large data volumes on AWS. For a solution, the company turned to Rubrik Data Security Posture Management (Rubrik DSPM), formerly Laminar. Rubrik DSPM offered seamless deployment and comprehensive data visibility, eliminating the need for manual data discovery. It provided actionable insights, improved data visibility by 90%, and enhanced the management of regulatory requirements. The fintech company now enjoys better data management, reduced risks, and improved data security posture.

This tool, like no other, gives you the context of access, it shows who is accessing what sensitive data and not just access at the infrastructure level.

– Data Protection Technical Lead at Fintech Company

Featured Products:

  1. Rubrik DSPM

Challenges

  1. Difficulty tracking and securing data in a dynamic cloud environment

  2. Previous tool required manual data discovery, leading to incomplete insights

  3. Strict financial industry data regulations

Results

  1. 7 PB of data discovered, classified, and secured

  2. 90% more data visibility

  3. More efficient incident response

Challenges

Unraveling data chaos in the cloud

In the cloud, where change is constant, data seems to take on a life of its own. As data proliferates, security teams lose visibility of where it’s stored and how it’s secured. For one global fintech company, the challenge of securing data in the cloud is compounded by the fact that it ingests enormous volumes of unstandardized data from its partners. In search of a DSPM solution that would give them visibility and agile data security in the cloud, the fintech company turned to Rubrik DSPM.

“We need to make sure we know what data we have and where it is, and then we can protect it, which is the final goal,” says the company’s data protection technical lead.

The organization leverages a variety of AWS services, including AWS ControlTower, Amazon DynamoDB, and Amazon RDS. Uncovering all of its data was a challenge, and the company’s previous data security solution wasn’t making the job any easier. The solution took months to deploy, and the team had to tell the solution where to find data. “Because we had to tell the solution where to look, we were missing a significant amount of data,” says the team lead.

The results, based on the limited data the system did find, provided little value. There was too much information and in a form that wasn’t easily consumable.

There are a lot of other monitoring tools, but they don’t know what’s in the asset, so it’s hard to prioritize alerts. Rubrik DSPM adds an extra dimension to the security monitoring, which is the sensitivity of the assets, so you can focus on what really should be sorted today and can’t wait until tomorrow.

– Data Protection Technical Lead at Fintech Company


Solutions

Automated data discovery and classification

The team decided to look for a replacement solution specifically designed to address data security needs in the cloud. “We wanted a data security solution that didn’t require us to point to where to look for data, something that would tell us where the data is, and render the findings in a way that could be easily consumed,” says the team lead.

The organization’s search for a more effective and user-friendly solution led to Rubrik DSPM. Rubrik DSPM provides organizations with the data visibility and control they need to reduce the risk of data exposure and exfiltration across on-premises, cloud, and SaaS environments. This includes known and unknown—structured, semi-structured, and unstructured—sensitive data across on-premises, cloud (AWS, Azure, GCP), data warehouse (Snowflake, BigQuery), and SaaS environments.

Secure scanning

Rubrik DSPM’s architecture was a strong winning point for the organization. For cloud assets, Rubrik DSPM takes an API-only approach, without any agents and without removing sensitive data, which helps avoid regulatory compliance issues. Rubrik DSPM is embedded within the organization’s cloud accounts and analyzes only metadata so source data never leaves their cloud account.

Rubrik DSPM also provides results that are consumable and actionable. The dashboard provides a very simple overview of the data in a user’s cloud account with the ability to do a deep dive to get more details.

“When I saw the Rubrik DSPM dashboard with the number of data assets per type, I almost cried from joy because before Rubrik I could hardly get a decent view of the S3 buckets alone, nevermind all the assets on the account. It was pretty amazing,” says the technical lead.

Results

Reduced risk through data visibility and control

It didn’t take long to get up and running with Rubrik DSPM, which the technical lead describes as a “plug and play” solution. “The deployment was very fast. Within a few days we were getting meaningful results,” she says.

That simplicity extends to data discovery. Rubrik DSPM autonomously and continuously discovers and classifies new datastores in both AWS and AWS Control Tower. As a result, the team has complete and continuous visibility of its data without having to manually point the tool to specific datastores. “I estimate we have 90% more visibility with Rubrik DSPM versus our previous solution. They’re not even on the same scale,” says the technical lead.

Found previously unmanaged shadow data

Rubrik DSPM also successfully finds and identifies data assets that are not necessarily where you’d expect to find them. For example, the platform identified several types of databases on EC2 instances—including PostgreSQL, My SQL, and MongoDB—that were previously unmanaged because the team lacked visibility into them. Rubrik DSPM also determined what was in the databases, enabling the team to secure that data and ensure it was meeting compliance requirements for its protection.

Other teams have become aware of Rubrik DSPM’s value and come to the team lead for insights about the company’s data, such as who has access to which data stores. “This tool, like no other, gives you the context of access, it shows who is accessing what sensitive data and not just access at the infrastructure level,” she says.

Accelerated incident response through risk prioritization

Rubrik DSPM also goes beyond other solutions by prioritizing risk based on sensitivity and data risk posture. “There are a lot of other monitoring tools, but they don’t know what’s in the asset, so it’s hard to prioritize alerts,” says the team lead. “Rubrik DSPM adds an extra dimension to the security monitoring, which is the sensitivity of the assets, so you can focus on what really should be sorted today and can’t wait until tomorrow.”

Rubrik DSPM also helps the team maintain good security hygiene and compliance with regulatory requirements. For example, it provides visibility into the AWS regions where data is stored, which is critical for maintaining data sovereignty. Rubrik DSPM can also identify sensitive S3 buckets that don’t have access logs enabled or are sending access log stores to more destinations than necessary.

The visibility provided by Rubrik DSPM also helps the organization to better manage its assets. The solution identifies abandoned assets, enabling the team to delete unused data and move data it wants to keep to less expensive cold storage. In addition, it helps the technical lead find misplaced data and apply the proper controls.

Thanks to Rubrik DSPM, the fintech company can rest assured that all of its data in the cloud is accounted for—and is safe and secure.