For all the flexibility and agility the public cloud offers organizations to create new services, innovation can come at a cost. Without visibility into what data is stored where, security teams often struggle to ensure that sensitive and private data is adequately protected to meet security and regulatory compliance requirements. For Agoda, a subsidiary of Booking Holdings Inc., a world leader in online travel and related services, the realization of this came sooner rather than later.

Guy Fridman, Head of Security Operations and Response for Holdings, recognized the data visibility challenge in the public cloud. Cloud providers don’t make it easy to see what data is stored where, and a cloud security posture management (CSPM) tool only alerts to infrastructure risks – not those to the data itself. Agoda needed to see where their data was, the volume of data, and what data might be at risk. Fridman knew that if they didn’t get ahead of the problem early, the rapid accumulation of data in the cloud would not only make the task much bigger but also expose the organization to added security and regulatory risk.

In his search for a solution to address the organization’s visibility challenge, Guy discovered what has become data security posture management (DSPM), a then-emerging security solution category and technology designed to discover, classify, prioritize, secure, and monitor sensitive data in the cloud. Agoda evaluated several pure-play DSPM vendors and found that Laminar came out on top. “Laminar had the most mature and comprehensive solution for our needs,” says Fridman, who was an early adopter of Laminar.

As a leading DSPM platform, Laminar autonomously and continuously discovers, classifies, and protects all known and unknown data across all cloud platforms. Plus, Laminar provides visibility into cloud data without impacting cloud performance — a key requirement for Agoda. With developers deploying code every few minutes, it is imperative that Agoda be able to ensure that data is protected and stored appropriately in the cloud without impacting development.

Upon connecting with Agoda’s cloud environment, Laminar uncovered all the organization’s data — including shadow data — residing across the multi-cloud environment. The DSPM solution then identified and classified sensitive data and built a centralized, comprehensive inventory of the data with context. Data is prioritized according to its risk profile, which is based on sensitivity level, security posture, volume, and exposure.

Seeing the data catalog for the first time, Fridman knew he had made the right decision to deploy Laminar. “Before Laminar, I couldn’t get a complete picture of my data in the cloud,” he says. “Now, Laminar is my eyes on my data.” Laminar continuously and automatically updates this data inventory as new data stores are added, without any effort required from Agoda.

Laminar also enables Agoda to remediate security policy violations that put sensitive data at risk. The platform continuously assesses the security posture status of sensitive data against an extensive set of security policies. When Laminar detects a policy violation, the platform issues an alert and provides actionable remediation recommendations via integrations within Agoda’s existing ticketing workflows, enabling Agoda to remediate risks within minutes of getting an alert from Laminar and without impacting the speed of innovation.

“Laminar enables us to grow our data in the cloud while effectively mitigating risk. They provided quick time to value and helped us discover all sensitive data, including the shadow data we uncovered. Laminar empowers our team and equips us with the right tools to remediate issues quickly and efficiently,” says Fridman.

Read more about Agoda’s data security journey in the cloud and learn how Laminar can be the eyes on your data.

Noam Perel

Director of Technical Success

Noam Perel is the Director of Technical Success at Laminar, where he works closely with enterprise customers to maximize the value they get from the Laminar data security platform. His background in cybersecurity is unique and extensive with 10 years of experience, including serving in the 8200 unit. He developed architectures and strategies through multiple verticals. He led multiple positions that included everything from core product engineering work to working closely with clients.

View all articles by Noam Perel