Preventing cross-customer contamination with Cyberhaven
Cyberhaven helps ensure ServiceSource's 3,000 customer service agents do not send sensitive data to the wrong customer.
Reduced investigation time
ServiceSource is an outsourced go-to-market services provider that delivers B2B digital sales, customer success, and renewal solutions on behalf of enterprises worldwide. ServiceSource’s expert sales professionals, data-powered insights, and proven methodologies scale and transform customer journey experiences into profitable business outcomes.
In their own words
“Cyberhaven’s data tracing provided new capabilities for preventing accidental cross-customer data disclosure, continuously elevating our security posture.”
Global brands trust ServiceSource with their most valuable resources: their customers and their revenue. With 3,000 customer service agents around the world, ServiceSource helps their customers manage their customer journeys. Sending sensitive information to the wrong customer can violate compliance requirements like GDPR and erode confidence in the company’s service offerings.
With an increasing dependency on collaboration and cloud apps, the chances of the wrong file getting into the wrong hands increase. Furthermore, sales reps or customer-facing representatives often handle multiple accounts, so the chances increase for accidental data leaks.
The first task was to automatically discover all data and associate each piece of data with the respective ServiceSource customer it related to, based on the specific collaboration workflows they had set up with each customer. Unlike UMA/UEBA, which monitors and analyzes a single user activity, Cyberhaven collects metadata for the entire data journey and can provide alerts when data is being put at risk. This provides the full history lineage of the data, such as everyone who has accessed it and each time the file is renamed, copied, and saved, as well as the locations where copies are being maintained. Based on the origin of the data, a specific customer’s data is allowed to be emailed only to the relevant customer domain. The level of detail provided by Cyberhaven means that ServiceSource can both identify potential cross-customer data loss contamination and prevent it. Cyberhaven offered ServiceSource a much more advanced rules engine to establish and enforce precise policies that would protect the organization without adding friction to employee workflows.