Bluecore protects PII and manages data leak risk with Nightfall

Bluecore provides multi-channel personalization for large retail organizations with a focus on driving eCommerce revenue through customer acquisition and retention. Any time you walk through a shopping center or browse online, you’ll see some of the over 400 brands that Bluecore empowers to build superior shopper experiences.

US, East
On this page


  • As a veteran with over 20 years of experience in Security, Bluecore CISO Brent Lassi understood the need for visibility into the types of data employees put in SaaS environments.
  • Legacy tools Brent had used in his career were ill suited for finding, classifying, and remediating inappropriate content, like employees sharing sensitive customer information or even API keys and passwords.
  • Brent understood that he wanted a cloud-native solution that could identify these incidents in real-time to limit this risk for Bluecore.


  • Nightfall serves as a single pane of glass for Bluecore, allowing visibility into what employees have shared across GitHub, Jira, and Slack.
  • Bluecore is able to set up a single, consistent set of rules for the types of data permissible across all their SaaS apps.

Securing data in a post-perimeter world

Security is a top priority for Bluecore, as they manage a portfolio full of the world’s biggest retail brands. To efficiently manage the customer data within their SaaS platforms like GitHub, Slack, and Jira, the security team at Bluecore relies on Nightfall to accurately detect personally identifiable information (PII), credentials, and secrets. Nightfall allows the team to identify the data that does not belong in those systems, and take the proper actions to classify and protect sensitive data at risk.

One of Bluecore’s security priorities is to achieve high standards for data privacy within their SaaS platforms. CISO Brent Lassi and his team view data privacy as critically important for the retail industry they serve at Bluecore. While trying to classify and protect data in their GitHub repositories, the Bluecore security team became concerned about the possibility of credentials that might be resident in source code or infrastructure-as-code repositories. Brent and his team needed a solution that could accurately detect large amounts of sensitive data which is why they decided to purchase Nightfall.

“Our CEO identified Slack as another area of concern for data loss,” says Brent. “There's a lot of data out there in SaaS platforms, and it's all in somebody else's hands. Many people don’t think that when they post something in Slack, they're posting it to someone else's servers that are beyond the organization's control and incident response. So I started looking at ways to manage this risk with a custom solution.”

Nightfall provides the data loss prevention (DLP) coverage Bluecore needs to perform regular data hygiene assessment in their SaaS applications across GitHub, Jira, and Slack with custom scans and rule sets.

Cloud-native security for a cloud-first organization

Bluecore is a 100% cloud-first organization. All applications they run are SaaS based, and they have no on-prem systems. Speed and efficiency are upsides of this configuration for Bluecore, but without a traditional security perimeter, the Bluecore team must define their data hygiene policies in new, more flexible terms.

“To do data hygiene well, we need to keep our systems squeaky clean. We need a tool that can inspect a given platform without being directly in the path of data flows,” says Brent.

The Bluecore security team uses Nightfall to monitor secrets storage and sharing across their GitHub, Slack, and Jira. As a cloud-native data security solution, Nightfall consolidates everything into one platform so Brent and his team can manage alerts and detect sensitive data where it doesn’t belong. Each solution is configured to classify and protect sensitive information based on Bluecore’s unique needs and requirements for data security: protection of secrets and credentials in GitHub, improper sharing of sensitive data Slack, and correctly flagging potential data risk in Jira.

“Nightfall has consistent detectors so I can create rule sets that work across all my integrations. I don't have to wonder how Jira or Google Drive handles their DLP algorithm. I know how Nightfall’s classification and detection algorithms work. I have a lot more clarity when managing my DLP with Nightfall.”
Brent Lassi

The flexibility of Nightfall helps the Bluecore security team craft a topnotch security and compliance program for their employees. As part of enforcing better data protection, Brent and his team are leveraging the insights from Nightfall to educate their employees on how to be mindful of what sensitive information to not share.

Speed makes securing their SaaS easier for Bluecore 

Over the course of the long-term utilization of Nightfall, Bluecore has seen the impact of protecting sensitive information and managing data risk in SaaS environments. The benefits show up in unexpected places — such as building trust with their customers and generating more business.

“Nightfall helps us prove to our customers that we have a high level of hygiene diligence. Our clients want to know that we're responsibly managing their data,” says Brent.

The ease of use and especially speed of Nightfall’s detection provides indispensable value for Bluecore. “The Nightfall console is really straightforward and has allowed us to put together some new ideas, like combining rule sets between integrations. The speed with which Nightfall can assess a GitHub repository is mind-blowing. We have over 1,500 repositories at Bluecore and some of them hold a significant amount of data. I expected these scans would take 12-plus hours. Nightfall’s scans usually finish in less than an hour,” says Brent.

Nightfall Mini Logo

Getting started is easy

Install in minutes to start protecting your sensitive data.

Get a demo