An Innovative Global Travel Platform Achieves Complete Visibility and Data SecurityA Case Study
As one of the world’s fastest-growing online travel booking platforms, Agoda understands the value of its data.
From its beginnings in 2005, the subsidiary of Booking Holdings Inc. has grown to offer a global network of over 3 million properties in more than 200 countries and territories worldwide, enabling Agoda to give travelers a wide choice of properties based on their budget and reason for travel. The company’s success is driven by its ability to innovate without putting data at risk. To achieve 100% visibility of its data in the cloud, Agoda adopted Laminar, a pioneer in the data security posture management (DSPM) space and an enabler of agile data security.
“Customers trust us with their valuable data when booking with us, and we must ensure that this is appropriately protected. There is also a need to maintain a high level of visibility to help with regulations,” says Guy Fridman, Head of Security Operations and Response for Booking Holdings.
“Customers trust us with their valuable data when booking with us, and we must ensure that this is appropriately protected. There is also a need to maintain a high level of visibility to help with regulations”
Keeping Data Secure Without Compromising Innovation
In order to protect their data, Agoda wanted to know precisely where their data was, what type of data they had, how much there, and which might be at risk. For Fridman, having 100% visibility into their cloud data was the first step to achieving good data hygiene. “At the end of the day, it’s all about hygiene. If you follow good security hygiene, then compliance follows,” he says.
The constant environmental changes make it imperative for Agoda to proactively implement controls to protect and store data appropriately without impeding development. “We want to proactively maintain good security hygiene and be a business enabler. We strive to implement technology that enables the business to keep running without disruption,” says Fridman.
“At the end of the day, it’s all about hygiene. If you follow good security hygiene, then compliance follows”
Laminar Brings Data Out of the Shadows
Agoda evaluated several pure-play DSPM vendors and found that Laminar came out on top. “Laminar had the most mature and comprehensive solutions for our needs,” says Fridman.
As a leading DSPM platform, Laminar autonomously and continuously discovers, classifies, and protects all known and unknown data across all cloud platforms without impacting cloud performance or removing any data from the cloud environment.
“Before Laminar, I couldn’t get a complete picture of my data in the cloud. Now, Laminar is my eyes on my data”
Within minutes of connecting with Agoda’s cloud environment, Laminar immediately discovered all data — including shadow data residing across their multi-cloud environment. The DSPM solution then identified and classified Agoda’s data and built a comprehensive global data catalog. Leveraging its risk prioritization engine, Laminar created a risk profile for all data based on sensitivity level, security posture status, volume, and exposure. Moreover, Laminar continuously and automatically updates this catalog as new cloud accounts, and data stores are added without any effort or input required from Agoda.
Seeing the data catalog for the first time, Fridman knew he had made the right decision to deploy Laminar. “Before Laminar, I couldn’t get a complete picture of my data in the cloud,” he says. “Now, Laminar is my eyes on my data.”
Proactively Eliminating Data Risk in the Cloud
Laminar enables Agoda to remediate policy violations that put sensitive data at risk. The platform continuously assesses the security posture status of sensitive data against an extensive set of prebuilt and custom security policies while keeping within compliance requirements. When Laminar detects a policy violation, the platform issues an alert and provides actionable remediation recommendations. Agoda has remediated risks within minutes of getting an alert from Laminar, thus proactively maintaining its cloud security posture.
“Laminar enables us to grow our data in the cloud while effectively mitigating risk. They provided quick time to value and helped us discover all sensitive data, including the shadow data we uncovered. Laminar empowers our team and equips us with the right tools to remediate issues quickly and efficiently”
Agoda also leverages Laminar’s seamless integrations with ticketing workflows and other tools. For example, through integration with Agoda’s CSPM, Laminar enables Fridman’s team to work more effectively while realizing greater value from both solutions. While a CSPM can identify infrastructure vulnerabilities and misconfigurations, such as a publicly exposed S3 bucket (for example), it cannot determine whether that S3 bucket has sensitive data. A CSPM can’t tell what data is at risk, what security posture it’s supposed to have, who is the original owner, and who should have access to it — but Laminar can. Through integration, Laminar brings this rich data context to the CSPM, enabling Agoda to focus on issues that impact highly sensitive data and realize a higher return on its remediation efforts.
“Laminar enables us to grow our data in the cloud while effectively mitigating risk. They provided quick time to value and helped us discover all sensitive data, including the shadow data we uncovered. Laminar empowers our team and equips us with the right tools to remediate issues quickly and efficiently,” says Fridman.