We plugged Vorlon into our environment, and
we could start working with the data within
just a few hours. I can’t say that has happened
with any other security solution.”
Security challenges
Establishing controls to increase security maturity- Need answers fast when security incidents hit SaaS vendors
- Lack of automation made tracking secrets, APIs, and data flows increasingly unmanageable
Results using Vorlon
Has context to prioritize resources and action plans for security controls- Reduction in time to conduct third-party breach impact assessments
- Effective visibility and management of credentials, reduced tedious maintenance work, and associated sensitive data flows
ThoughtSpot brings AI-driven insights to every business user
ThoughtSpot is an Agentic analytics platform that utilizes AI and natural language processing to enable users to easily explore and analyze their business data without requiring SQL knowledge or technical skills. Users can generate insights, visualize data, and create interactive reports simply by asking questions in natural language. ThoughtSpot integrates seamlessly with various cloud data platforms, such as Snowflake and Databricks, and can also be embedded within existing business applications.
Vorlon helps ThoughtSpot mature its security posture
Anthony Lee-Masis is the CISO and VP of IT at ThoughtSpot. “We consider ourselves to be a late- stage startup,” he says. “I was brought in about a year ago to help facilitate the company’s growth from a security perspective. We had a good compliance program around SOC1, SOC2, and ISO 27001, and we also leveraged that as our security program. Now, we are following the CIS Security Controls framework and coupling that with a Capability Maturity Model Integration framework (CMMI). The model helps us prioritize the controls we need to implement.” ThoughtSpot’s desire to improve its controls related to third-party SaaS and AI applications became the primary driver for adopting Vorlon.
“Data privacy and data integrity are cornerstones of any good security program,” Lee-Masis explains. “You must know where data is going and who is accessing it. Ultimately, my job is to enable the business to move fast in the most secure way possible.”
Vorlon proved its value when a security vulnerability struck one of ThoughtSpot’s SaaS vendors
What accelerated ThoughtSpot’s relationship with Vorlon was a security vulnerability in one of ThoughtSpot’s SaaS vendors. “When a security incident hit one of our SaaS vendors, we didn’t think we were impacted, but we had to be sure. We needed to know if we had to roll our credentials as a precautionary measure.”
Lee-Masis explains, “I reached out to our Director of Business Applications to ask how long it would take to provide the same level of visibility and security Vorlon offers. The answer? ‘Two weeks, but maybe more.’ Fact is, attempting it on our own would have meant writing scripts to parse the data and match patterns. We would have gotten some data from this process, but it wouldn’t be enriched or have context. The next question became: is the business okay with living with a higher level of risk for a protracted period of time? I called Vorlon, and they said they could help.”
Leveraging Vorlon as a Digital Forensics Investigation and Response (DFIR) tool
ThoughtSpot had another environment from this same SaaS vendor that it hadn’t yet connected to Vorlon. However, they had logs that went back several months. “We asked Vorlon if they could take those logs and ingest them into their platform,” says Lee-Masis. “We knew this was an extraordinary ask of Vorlon, but they took our logs and made them available through the user interface so we could analyze them backward. The data showed up in the UI with all the rich context we needed. Seeing how quickly we could get results from a DFIR perspective was amazing. That was super helpful to us. We could return to the business and say, ‘We’re good. No need to worry about it.’”
SaaS APIs and their permissions had gotten out of control
Like any startup, ThoughtSpot developed applications quickly and incorporated APIs into SaaS apps. This eventually led to a problem with credential hygiene. “When I joined the company, I soon became aware of the volume of credentials we had,” says LeeMasis. “We weren’t great at sunsetting credentials that were no longer in use or that were just fired up for a temporary test or other need. Over time, the issue of tracking credentials got so big it became unmanageable.”
Vorlon helped get the process of managing credentials under control. “Vorlon answers fundamental questions: Who owns a credential? What are they doing with it? When was it last used? What permissions do they have? Do they have access to sensitive data? These are table-stakes answers I need to have to make good decisions on what to do,” says Lee-Masis.
He adds, “The Director of Business Applications at the time saw the results coming from Vorlon and said, ‘This is exactly what we need to manage access to our SaaS applications.’ The connected world we’re in today makes this a real challenge. ”
Vorlon benefits multiple ThoughtSpot teams, including Security Engineering, Business Applications, and IT. It enables the IT team to examine policy management and adherence, such as whether credentials are being rolled out every 90 days, as company policy states.
The importance of visibility can’t be overstated
Visibility is critically important for every security program. “The importance of visibility lies in always knowing where your data is going and who is accessing your data—whether it’s privileged or not, but especially if it’s privileged,” says Lee-Masis. “With regulations like GDPR and CCPA, accidentally moving data to the wrong place can be very costly to the company, so having the visibility of seeing where my data is going is critical.”
Lee-Masis calls Vorlon “an intelligent asset management system for enterprise SaaS” because it provides a view of the whole ecosystem. “You see everything out there and then apply context to it, and in the security world, context is king. Vorlon solves a problem no one else can solve today.”
Watch the ThoughtSpot video testimonial
Watch as Anthony Lee-Masis shares his experience implementing Vorlon’s SaaS ecosystem security platform. He discusses how Vorlon simplified the management of ThoughtSpot’s entire SaaS ecosystem
Watch video testimonial >
