Case Study
HR Tech Company Transforms How Companies Accelerate Talent Performance
Fast Growing HR Tech Company Uses Cyral to Build Trust and Keep Customer Data Secure
Highlights
Highlights
About the Company
Cyral provides production data security for one of the YC top 100 fastest growing software companies in the country. They offer an innovative cloud-native HR Platform that helps more than 2500 customers drive more engagement with employees resulting in a measurable impact on performance and culture.
Their Challenge
For the founders, security has been top of mind from the start. They understood that security protects the company from known and unknown future risk. With access to sensitive customer data, one breach or even a curious employee browsing performance data could be very costly for their reputation and client safety.
Eliminating Sleepless Nights About Shared Accounts
As the company scaled their engineering team, getting visibility and controlling database access to customer data and providing data assurance for customers was a top priority. With a growing number of people needing access, managing SQL credentials was a manual and unscalable process and giving the security and compliance teams many sleepless nights. While there were some controls in place to know who had access to what customer data, it was becoming increasingly difficult to control and manage access.
Protecting the Crown Jewels
With Cyral, they implemented field level authorization policies—based on attributes such as data sets, subject, and action type—to ensure their compensation data is protected and access is blocked enabling security, governance, compliance with their customers.
Meeting Compliance Enables the Business
With granular visibility and data activity monitoring, now the team can see exactly who is doing what and they can more easily and confidently audit all data access. With the ability to restrict access and implement least privilege they now have controls in place to help meet GDPR and SOC 2 requirements. The auditors are happy knowing they now have compensating controls with Data Loss Prevention because of Cyral.
An Agile Solution with Improved Alerts
In selecting Cyral, they were able to strike the right balance. Engineers get more access with a good user experience but without compromising on security policy. Cyral easily fit into their developer and DevOps workflows and was quickly deployed with low effort as security as code. It solved a huge problem they had in controlling database access and they gained seamless visibility.
With Cyral, we can confidently secure our data with a defense in depth model, while letting our engineering team access databases when needed.”
Senior Director, IT and Security
YC 100 HR Tech Company
About the Company
Cyral provides production data security for one of the YC top 100 fastest growing software companies in the country. They offer an innovative cloud-native HR Platform that helps more than 2500 customers drive more engagement with employees resulting in a measurable impact on performance and culture.
The Company believes that investing in culture and people’s personal and professional growth leads to happier employees. This belief is at the core of their product. The people performance management industry is built on transparency and trust. The Company helps customers manage highly sensitive customer data which not only creates huge risk but also means there are security compliance requirements to be met.
Having a strong security program ultimately helps enable their business and they needed help to quickly meet their goals. With rapid customer growth, becoming more agile to deliver the best customer experience and having better visibility and controls in place to keep their customers’ data secure was a priority. Having a strong security program ultimately helps enable their business and they needed help to quickly meet their goals. This is where they turned to Cyral.
Their Challenge
For the founders, security has been top of mind from the start. They understood that security protects the company from known and unknown future risk. With access to sensitive customer data, one breach or even a curious employee browsing performance data could be very costly for their reputation and client safety. Ultimately, strong security keeps them in business as they grow. The IT and Security team had three challenges to address:
Eliminating Sleepless Nights About Shared Accounts
As the company scaled their engineering team, getting visibility and controlling database access to customer data and providing data assurance for customers was a top priority. With a growing number of people needing access, managing SQL credentials was a manual and unscalable process and giving the security and compliance teams many sleepless nights. While there were some controls in place to know who had access to what customer data, it was becoming increasingly difficult to control and manage access.
Protecting the Crown Jewels
For this Company, compensation data is considered the holy grail and an internal business policy prohibits access to it. This data is of great interest to many people and there is risk of insiders poking around because they are curious how much others make. In building the product, it was a requirement to be able to block access from internal employees to prevent exporting and viewing this sensitive data. With Cyral, they implemented field level authorization policies—based on attributes such as data sets, subject, and action type—to ensure their compensation data is protected and access is blocked enabling security, governance, compliance with their customers.
Meeting Compliance Enables the Business
For a B2B company with a growing number of enterprise customers, there are strict compliance requirements to meet. Without a SOC 2 report addressing Data Loss Prevention, it would negatively impact customer acquisition. With granular visibility and data activity monitoring, now the team can see exactly who is doing what and they can more easily and confidently audit all data access. With the ability to restrict access and implement least privilege they now have controls in place to help meet GDPR and SOC 2 requirements. The auditors are happy knowing they now have compensating controls with Data Loss Prevention because of Cyral.
An Agile Solution with Improved Alerts
In selecting Cyral, they were able to strike the right balance. Engineers get more access with a good user experience but without compromising on security policy. Cyral easily fit into their developer and DevOps workflows and was quickly deployed with low effort as security as code. It solved a huge problem they had in controlling database access and they gained seamless visibility. A simple integration with Splunk allows them to continue leveraging that for alerting and managing incidents.
Solutions
1. SSO for Database Containing PII
Federate database authentication in Okta
- Make access review painless
- Enable removing standing access for infrequent users
- Simplify handling joiners, movers, and leaves
2. Just-In-Time Access
Approve time-bound access through Lumos
- Eliminate standing access for infrequent users
- Simplify access requests and approvals
- Reduce account abuse risk
3. Row Limiting
Enforce checks on table scans
- Prevent full data dumps from database
- Allow users to sample sensitive data
- Mitigate insider threats
4. Masked Sensitive Records
Implement attribute-based field-level masking
- Devalue data for unauthorized users
- Speed up analysis and troubleshooting
- Minimize blast radius
