Read all about Zego's experience with Metomic, including their discovery of thousands of public facing Google docs
‘I’m Cary Vidal - Director of Security and IT at Zego. My background has always been in technology. It’s probably over a decade since I started working in IT.
‘We work within a regulated industry and I spent more and more time with our Head of Compliance to understand the requirements and where the overlaps were. I moved into security from there.’
‘We were in the market for a Data Loss Prevention (DLP) tool at the time, so I had a chat with the Metomic co-founders and it developed from there. I like working with people developing something, and trying to solve a problem. It’s been a great relationship - I enjoy working with the people and the tool has helped us out along the way.’
‘Largely, the people. The working relationship has been really good.’
‘The big thing for me was how interactive it was in Slack. That was one of our biggest problem points and there was a solution for that immediately. We have a very noisy Slack workspace generally and trying to understand what people are sharing is difficult. That was super useful - one of the best things.
‘And the dashboard was useful too. It’s quite smooth, intuitive and easy to use. All the good UI.’
‘Not long after we enabled the Google integration, we noticed there was public sharing enabled on a lot of our documents. Hundreds, possibly thousands. I was actually off work. Metomic basically told me, ‘We’ve noticed this thing and it could be a problem.’
‘We jumped on it straight away. It gave us an opportunity to do some real investigation as to what the impact would have been if there were an actual breach. I don’t think we would have necessarily caught it otherwise because the reporting tools in Google are mediocre at best.
‘We did some scans across the dark web to see if any of our documents popped up anywhere they shouldn’t be. Then we put some policies in place to really educate people about what they should and shouldn’t be sharing. We also put some more controls in place on the Google side so we would get alerted if people tried to share particular documents in a certain way. It allowed us to enable a whole new labelling structure for documents, depending on what data they have in place.’
‘The key thing it’s enabled is the ability it gives us to do investigations and follow up. It’s enabled us to work a lot quicker, particularly with the masking feature.
‘So instead of us chasing everyone up, we set some rules in place. If someone does something, it masks and says, ‘Hey, this isn’t something we allow.’ That helps us to build a better security culture across the business, rather than just relying on the security team to track everything.’
‘On the whole, they’re super supportive. From a business perspective, my experience has been that they’re genuinely helpful. I’ve always been able to reach out to someone when I need them, it’s always been quite interactive. And I just really enjoy working with them. There’s not been a person from Metomic that I’ve met yet that I’ve thought, ‘I’m not sure about that person.’
‘The problem Metomic is trying to solve is tackled from a different perspective. It’s about giving organisations the freedom to not limit themselves to the tools they want to use and giving them an element of visibility over their DLP across the SaaS space.
‘There may be other tools that do that…but in my experience, getting what we need from the tool as well as working with a solid team is a great combination.’