PAR Technology

/

PAR Technology Uses Nightfall to Detect and Protect PII & API Keys

PAR Technology is a leading global provider of software, systems, and service solutions to the restaurant and retail industries. With technologies like their scalable POS, inventory management, and a customer rewards platform they help restaurants improve operations and enhance the customer experience.

Industry
Technology
Integrations
Slack
Region
US, East
On this page

Challenge

  • PAR Technology’s customers include large B2C retail and dining companies like Yum! who process significant amounts of customer information through PAR’s systems. This requires PAR to take proactive steps to protect customer PII (CCPA, GDPR, etc.) and other sensitive data in Slack, like API keys, which can be used to exfiltrate customer data outside of Slack.

Solution

  • With Nightfall, PAR’s cybersecurity team can easily set custom policies to monitor for sensitive data that could lead to reputational harms, correct employee mis-sharing with no disruptions with security notifications for users, and demonstrate to current and potential customers how their data is safely held and managed by PAR.

Ensuring visibility for safe and secure cloud collaboration

Mike Roane, senior cybersecurity engineer at PAR was concerned early on about the risk of sensitive data, like customer PII or API keys proliferating in his company’s Slack instance. While managing PAR’s security posture to mitigate data breach risk was always a concern for Mike, this issue came to the fore when PAR became party to several mergers and acquisitions. This M&A activity led to the sharing of data from PAR’s Slack instance with a wider number of third parties who never previously had access to PARs systems.

“When we started getting involved in a number of mergers and acquisitions we started opening things up and letting data in and out externally. This process really highlighted for us the need for a tool that could both manage risk and provide greater visibility of what was in our environments.” 
Mike Roane

Senior Cyber Security Engineer

As a IT and security veteran of over 25 years, Mike was familiar with technologies like data loss prevention (DLP), and so he began searching for a DLP solution for Slack. That’s when he came across Nightfall.

Managing data security risk quickly at scale

Mike knew exactly what he needed in a solution. He wanted something that allowed for easy policy creation to track the types of sensitive data PAR wanted to monitor, like API keys being shared between engineers, and CSVs containing large volumes of customer data. Additionally, he wanted to be able to automate the process of scanning for these issues in Slack and remediating them. Mike found everything he wanted in Nightfall.

Nightfall is a cloud-native data loss prevention solution that integrates as an API-based application with cloud platforms like Slack. Nightfall uses machine learning to scan messages and over 100+ file types in real time. Within Slack, messages containing sensitive content or files with sensitive content can be redacted, deleted, or quarantined while notifying end users of the action in Slack. Using these features, Mike and his team have saved hundreds of hours by not having to ingest data from Slack and manually identify high-risk content that could lead to potential data breaches. This is valuable time that they use to strengthen other fundamental aspects of their security operations and help underwrite ROI for the finance team.

“During the POC we got to see the full-featured product, everything worked as advertised. The one thing that really stood out was how fast and accurate Nightfall was. You could put something in Slack and watch Nightfall redact or quarantine it instantly.”
Mike Roane

Senior Cyber Security Engineer

Communicating success to continue enabling what works 

In addition to being an easy to use high-accuracy platform, Nightfall has provided PAR Technologies with detailed analytics both in exportable reports and through the dashboard. This lets the team identify specific users who are increasing risk as well as trendlines detailing the types of sensitive data most frequently exposed by employees. Mike loves the fact that Nightfall provides graphs illustrating changes in what types of data security violations are occurring over time, and the impact that his remediation policies are having across Slack.

“The UI is so good, I can actually show stakeholders in leadership meetings or security reviews what’s going on in real time. There’s no question about what we’re doing or how we’re addressing risk.”
Mike Roane

Senior Cyber Security Engineer

Mike also finds Nightfall valuable in enabling him to elevate the culture of security at PAR. A core aspect of Nightfall’s user experience is sending customized messages to end users in Slack in order to educate them about appropriate data security practices, like how to properly share files like CSVs that contain high volumes of sensitive data. Mike says the number of security incidents have gone down substantially since adopting Nightfall

“All the end users, I call them sentinels for the company. You can build Fort Knox but if the door is left open, it’s no good. Nightfall has made it easy to create natural, teachable moments without disrupting anyone’s work or needing to create elaborate training sessions.”
Mike Roane

Senior Cyber Security Engineer

Nightfall Mini Logo

Getting started is easy

Install in minutes to start protecting your sensitive data.

Get a demo