Case Studies
September 23, 2024

How Zappi implemented quicker responses to possible data leaks

See how the Head of Information Security at Zappi used Metomic to protect their Google Workspace

Download
Download

Tell us a bit about yourself

‘I’m Hatitye Chindove - the Head of Information Security and Data Compliance at Zappi. I’m responsible for the Infomation Security Management system.’ 

What was the problem you were looking to fix?

‘The major thing was understanding where our data is in our applications. My belief really is that you can’t protect what you don’t know. So the approach we took was to say ‘is there a way that we can discover our sensitive data, see where it is, and classify it?’ What Metomic had was a good solution to that. 

‘What we had, as a problem, from our side, was that we are a cloud-first company. So most of our solutions are SaaS-based, cloud-based, and Metomic was a good fit for that.’

What do you find most helpful about Metomic? 

‘For most things we requested as features, they executed quite quickly. It was quite good to influence what comes out. 

‘It’s easy to use, it’s simple to navigate. And it has opportunities to help us extend what we may want to get out of it.

‘It’s quite nice that you can have the notifications go directly to the person via Slack for them to action their own issues raised vs the security team reaching out to a person saying, ‘You have an issue’. Unfortunately, if you’re in the field of Information Security or you’re in the legal remit, when you knock on the door, people don’t usually think it’s a good knock on the door.’

Why would you recommend Metomic to another security expert? 

‘The major one is onboarding - time to value is short. If you’ve worked quite closely with a CFO, within three months, if you can at least start appreciating value quickly, then you’re able to show that this was a good investment.

‘The second thing was extendability as the integrations are coming in with a SaaS or cloud-first approach, that’s good.

‘The last one is the design of it. With Metomic’s design principles, which were more privacy by design, you sleep well at night, from my side, knowing that if Metomic suffers a data breach, they wouldn’t get my data because Metomic isn’t saving the data on their side, they’re saving references of it. That is a very good design practice.  

‘In reality, if you’re in an ecosystem that does inspection of contents, to be trusting another organisation in this current climate where you have suppliers being compromised left, right and centre, it’s quite hard to say you’ve taken a gamble on a company that is housing most of this data for you. 

‘So that principle of privacy and security by design - or saving only what Metomic needs to save to do the job that they need to do - just gives you that confidence. You’re going to suffer a data breach at some point if you haven’t already. And if it does happen the other way [where Metomic were to suffer one], you won’t come out on the headlines saying: ‘we suffered a data breach because our supplier got compromised.’ 

Have you got any tangible results from Metomic that you could share? 

‘We have quicker responses to possible data leaks that we find through Google Workspace, for example, with document shares. 

‘It’s also given us the classification and visibility over risk items. Immediately, especially for the Google Workspace document sharing, Metomic has paid for itself seven-fold. 

‘The major one for my team was talking to our finance folks, and telling them, ‘Hey, did you know all of these financial documents are currently outside?’ We figured out something went wrong with the off-boarding which liberated these documents. It allowed us to put better safeguards in place.’

Tell us a bit about yourself

‘I’m Hatitye Chindove - the Head of Information Security and Data Compliance at Zappi. I’m responsible for the Infomation Security Management system.’ 

What was the problem you were looking to fix?

‘The major thing was understanding where our data is in our applications. My belief really is that you can’t protect what you don’t know. So the approach we took was to say ‘is there a way that we can discover our sensitive data, see where it is, and classify it?’ What Metomic had was a good solution to that. 

‘What we had, as a problem, from our side, was that we are a cloud-first company. So most of our solutions are SaaS-based, cloud-based, and Metomic was a good fit for that.’

What do you find most helpful about Metomic? 

‘For most things we requested as features, they executed quite quickly. It was quite good to influence what comes out. 

‘It’s easy to use, it’s simple to navigate. And it has opportunities to help us extend what we may want to get out of it.

‘It’s quite nice that you can have the notifications go directly to the person via Slack for them to action their own issues raised vs the security team reaching out to a person saying, ‘You have an issue’. Unfortunately, if you’re in the field of Information Security or you’re in the legal remit, when you knock on the door, people don’t usually think it’s a good knock on the door.’

Why would you recommend Metomic to another security expert? 

‘The major one is onboarding - time to value is short. If you’ve worked quite closely with a CFO, within three months, if you can at least start appreciating value quickly, then you’re able to show that this was a good investment.

‘The second thing was extendability as the integrations are coming in with a SaaS or cloud-first approach, that’s good.

‘The last one is the design of it. With Metomic’s design principles, which were more privacy by design, you sleep well at night, from my side, knowing that if Metomic suffers a data breach, they wouldn’t get my data because Metomic isn’t saving the data on their side, they’re saving references of it. That is a very good design practice.  

‘In reality, if you’re in an ecosystem that does inspection of contents, to be trusting another organisation in this current climate where you have suppliers being compromised left, right and centre, it’s quite hard to say you’ve taken a gamble on a company that is housing most of this data for you. 

‘So that principle of privacy and security by design - or saving only what Metomic needs to save to do the job that they need to do - just gives you that confidence. You’re going to suffer a data breach at some point if you haven’t already. And if it does happen the other way [where Metomic were to suffer one], you won’t come out on the headlines saying: ‘we suffered a data breach because our supplier got compromised.’ 

Have you got any tangible results from Metomic that you could share? 

‘We have quicker responses to possible data leaks that we find through Google Workspace, for example, with document shares. 

‘It’s also given us the classification and visibility over risk items. Immediately, especially for the Google Workspace document sharing, Metomic has paid for itself seven-fold. 

‘The major one for my team was talking to our finance folks, and telling them, ‘Hey, did you know all of these financial documents are currently outside?’ We figured out something went wrong with the off-boarding which liberated these documents. It allowed us to put better safeguards in place.’

Tell us a bit about yourself

‘I’m Hatitye Chindove - the Head of Information Security and Data Compliance at Zappi. I’m responsible for the Infomation Security Management system.’ 

What was the problem you were looking to fix?

‘The major thing was understanding where our data is in our applications. My belief really is that you can’t protect what you don’t know. So the approach we took was to say ‘is there a way that we can discover our sensitive data, see where it is, and classify it?’ What Metomic had was a good solution to that. 

‘What we had, as a problem, from our side, was that we are a cloud-first company. So most of our solutions are SaaS-based, cloud-based, and Metomic was a good fit for that.’

What do you find most helpful about Metomic? 

‘For most things we requested as features, they executed quite quickly. It was quite good to influence what comes out. 

‘It’s easy to use, it’s simple to navigate. And it has opportunities to help us extend what we may want to get out of it.

‘It’s quite nice that you can have the notifications go directly to the person via Slack for them to action their own issues raised vs the security team reaching out to a person saying, ‘You have an issue’. Unfortunately, if you’re in the field of Information Security or you’re in the legal remit, when you knock on the door, people don’t usually think it’s a good knock on the door.’

Why would you recommend Metomic to another security expert? 

‘The major one is onboarding - time to value is short. If you’ve worked quite closely with a CFO, within three months, if you can at least start appreciating value quickly, then you’re able to show that this was a good investment.

‘The second thing was extendability as the integrations are coming in with a SaaS or cloud-first approach, that’s good.

‘The last one is the design of it. With Metomic’s design principles, which were more privacy by design, you sleep well at night, from my side, knowing that if Metomic suffers a data breach, they wouldn’t get my data because Metomic isn’t saving the data on their side, they’re saving references of it. That is a very good design practice.  

‘In reality, if you’re in an ecosystem that does inspection of contents, to be trusting another organisation in this current climate where you have suppliers being compromised left, right and centre, it’s quite hard to say you’ve taken a gamble on a company that is housing most of this data for you. 

‘So that principle of privacy and security by design - or saving only what Metomic needs to save to do the job that they need to do - just gives you that confidence. You’re going to suffer a data breach at some point if you haven’t already. And if it does happen the other way [where Metomic were to suffer one], you won’t come out on the headlines saying: ‘we suffered a data breach because our supplier got compromised.’ 

Have you got any tangible results from Metomic that you could share? 

‘We have quicker responses to possible data leaks that we find through Google Workspace, for example, with document shares. 

‘It’s also given us the classification and visibility over risk items. Immediately, especially for the Google Workspace document sharing, Metomic has paid for itself seven-fold. 

‘The major one for my team was talking to our finance folks, and telling them, ‘Hey, did you know all of these financial documents are currently outside?’ We figured out something went wrong with the off-boarding which liberated these documents. It allowed us to put better safeguards in place.’