- As a fintech platform that enables on-demand pay, Rain is subject to stringent data privacy and security standards like PCI, CCPA, SOC 1 type 2 & SOC 2 type 2. To comply with these regulations and defend against reputational risks, Rain must take a proactive stance around data security risk.
- Nightfall lets Rain set comprehensive data security policies within collaborative cloud platforms in order to prevent security incidents that could increase data exposure risk or result in compliance violations.
Adopting a proactive stance on data exposure risk
Through the Rain platform, employers can offer workers on-demand pay or earned wage access. As a fintech company, Rain takes a proactive approach to data security stewardship, and wanted to adopt a cloud tool that could monitor sanctioned communications platforms like Slack and Google Drive for data leakage risk of content like credit card numbers as well as secrets and keys. This is to ensure that access to such content remains on a need-to-know basis, and that such data is no longer stored within Rain’s systems once it reaches the end of its lifecycle.
As an organization that works in various time zones, a required capability of their cloud DLP solution was automated actions that would block sensitive information from being shared. Another key requirement was end-user notification so that employees would not only be able to take quick action, but would also be coached on data hygiene best practices so sensitive data exposures would be minimized.
That is when Rain turned to Nightfall. After vetting several other cloud DLP solutions, as well as CASBs and endpoint DLP providers, they chose Nightfall for 3 main reasons:
- Comprehensive Coverage: Rain needed visibility into Zendesk, Slack, Jira and Confluence. While it was possible for them to access native solutions for some of these applications, Rain required a solution that would provide a holistic view of their core cloud environments. This would not only help them save time and money integrating and managing disparate point solutions, but it would also provide a more accurate view into all of the sensitive data. By choosing Nightfall, Rain also now has the ability to add more integrations supported by the Nightfall platform, including Google Drive and Gitlab.
- Automated Actions: As a smaller team, Rain was looking for a solution that could provide automatic remediation so that their security teams would not be burdened with administrative tasks. Additionally, the team operates in several time zones so they need to be aware of data security issues 24x7 regardless of location.
- ROI and Total Cost of Ownership: By using an agentless solution that connects directly with cloud applications at the API level, Rain does not need to expend resources on installing, maintaining, and tuning a DLP solution that connects to the network or endpoint. Because of this easy install and management process, Rain was able to install and configure Nightfall quickly.
Enabling data security at scale through automation
Central to Nightfall’s value proposition for rain is its machine learning technology. Nightfall uses natural language processing, object character recognition, and more to identify items like credit card numbers, bank routing numbers, and API keys in whatever contexts they appear. Using AI, Nightfall identifies sensitive content in over 100+ file types, including within photos and non-text PDFs in real-time with high accuracy. The security team at Rain finds Nightfall accuracy useful enough that they use automated remediation actions that let the platform automatically redact and remove sensitive findings should they occur.
“Nightfall was able to quickly provide us with the security we needed to ensure compliance and reduce sensitive data exposure risk,” says Rafael Souza, Security Team Lead at Rain. Rain has been able to address this risk seamlessly and cost-effectively using Nightfall’s AI-trained detectors that come out-of-the-box for immediate use. Because of the comprehensiveness of coverage, members of Rain’s Security and IT admin team can now be assured that their data is well-protected. In addition, due to the fact that Rain is in the financial services industry, it is held to stringent compliance standards.