Case Studies
September 23, 2024

How Oyster used Metomic automations to educate their team

Jeffrey May, Managing Counsel at Oyster, tells us more about how his team are using Metomic to stop sensitive data being shared in Slack and Google Drive

Download
Download

Tell us more about Oyster, and what your role is there

Oyster is a mission-driven organization that bridges that gap between companies and the world’s top talent—so everyone, everywhere, has the chance to prosper. We believe distributing work opportunities can improve the health of people, communities, local economies, and the environment. Our vision is to spur a positive chain reaction around the world. But at our core, we are a technology company – a SaaS product – in the shape of a Global Employment Platform.

I’m a privacy and intellectual property attorney by trade. At Oyster, I handle our information governance program. Among other things, I deal with privacy, security, and data protection matters; I help build out all our policies and procedures that help maintain the confidentiality, integrity, and availability of our Customer and Team Member data; and I work collaboratively with all our internal teams to do so effectively.

What was the problem you were looking to fix?

Predominantly visibility. We do a lot in Google Drive and Slack. But we need to know exactly what’s there: you can’t protect what you can’t see. And unfortunately, most SaaS tools have very limited visibility based on their standard integrations.

For example, we can police Slack to see if people are posting information that they shouldn’t. But a tool like Metomic makes it a lot easier for us to do that. We have comprehensive visibility now across both Slack and Google Drive. We use Metomic to see what type of sensitive information is there, and it gives us different options on how to address those issues when they do pop up.

What do you find most helpful about using Metomic?

Certainly, the automations in Slack are great for us. Being able to say, ‘Here are our key risk areas. These are the rules we want to implement,’ and then having Metomic do that work for us is great. It makes our job much easier because we don’t have to do all of that manually.

But I think the key for us in working with Metomic has been the customer service. The support Metomic provides has been fantastic. Everyone we work with is readily available, and every time we come up with a feature we’d like to see, it’s always addressed and either quickly implemented, or we find other ways to make something happen, so that’s been great.

Any tangible results you can share with us?

In implementing the Google Drive integration, we did find there were certain documents that contained information that we wouldn’t have wanted publicly accessible, but the documents were shared using the ‘Anyone with the link can view’ option. The challenge is that Google Drive is so easy for people to use, and most people assume that the only people with a link are the people you’re going to send it to. If the link is shared in Slack, all of a sudden, you have a sensitive document shared in Slack, with a publicly available link, and now you have two violations, instead of one. With Metomic, we were able to easily identify these risk points and remediate them.

Of course we have policies in place. But one of the keys with Metomic is being able to backstop against those policies. We tell people how to do things the correct way and we have training in place. But Metomic allows us to say, ‘Oops, it looks like you made a mistake here, so we’re going to (automatically) fix it for you.’

Do you think using Metomic has improved the way your team works?

It’s allowed us to do things, with limited resources, that we might not have been able to do as quickly. We are making progress on longer-term goals that we simply couldn’t prioritize without the reporting and automation Metomic provides.

Why would you recommend Metomic to another security professional?

The two things that come to mind are ease of use and customer support.

It really was pretty turnkey. As soon as you set up the integrations, they’re available. You can go in and access everything you need. And anytime something isn’t quite right, the Metomic team has been available to help with support and to get it working the way we need it.

Tell us more about Oyster, and what your role is there

Oyster is a mission-driven organization that bridges that gap between companies and the world’s top talent—so everyone, everywhere, has the chance to prosper. We believe distributing work opportunities can improve the health of people, communities, local economies, and the environment. Our vision is to spur a positive chain reaction around the world. But at our core, we are a technology company – a SaaS product – in the shape of a Global Employment Platform.

I’m a privacy and intellectual property attorney by trade. At Oyster, I handle our information governance program. Among other things, I deal with privacy, security, and data protection matters; I help build out all our policies and procedures that help maintain the confidentiality, integrity, and availability of our Customer and Team Member data; and I work collaboratively with all our internal teams to do so effectively.

What was the problem you were looking to fix?

Predominantly visibility. We do a lot in Google Drive and Slack. But we need to know exactly what’s there: you can’t protect what you can’t see. And unfortunately, most SaaS tools have very limited visibility based on their standard integrations.

For example, we can police Slack to see if people are posting information that they shouldn’t. But a tool like Metomic makes it a lot easier for us to do that. We have comprehensive visibility now across both Slack and Google Drive. We use Metomic to see what type of sensitive information is there, and it gives us different options on how to address those issues when they do pop up.

What do you find most helpful about using Metomic?

Certainly, the automations in Slack are great for us. Being able to say, ‘Here are our key risk areas. These are the rules we want to implement,’ and then having Metomic do that work for us is great. It makes our job much easier because we don’t have to do all of that manually.

But I think the key for us in working with Metomic has been the customer service. The support Metomic provides has been fantastic. Everyone we work with is readily available, and every time we come up with a feature we’d like to see, it’s always addressed and either quickly implemented, or we find other ways to make something happen, so that’s been great.

Any tangible results you can share with us?

In implementing the Google Drive integration, we did find there were certain documents that contained information that we wouldn’t have wanted publicly accessible, but the documents were shared using the ‘Anyone with the link can view’ option. The challenge is that Google Drive is so easy for people to use, and most people assume that the only people with a link are the people you’re going to send it to. If the link is shared in Slack, all of a sudden, you have a sensitive document shared in Slack, with a publicly available link, and now you have two violations, instead of one. With Metomic, we were able to easily identify these risk points and remediate them.

Of course we have policies in place. But one of the keys with Metomic is being able to backstop against those policies. We tell people how to do things the correct way and we have training in place. But Metomic allows us to say, ‘Oops, it looks like you made a mistake here, so we’re going to (automatically) fix it for you.’

Do you think using Metomic has improved the way your team works?

It’s allowed us to do things, with limited resources, that we might not have been able to do as quickly. We are making progress on longer-term goals that we simply couldn’t prioritize without the reporting and automation Metomic provides.

Why would you recommend Metomic to another security professional?

The two things that come to mind are ease of use and customer support.

It really was pretty turnkey. As soon as you set up the integrations, they’re available. You can go in and access everything you need. And anytime something isn’t quite right, the Metomic team has been available to help with support and to get it working the way we need it.

Tell us more about Oyster, and what your role is there

Oyster is a mission-driven organization that bridges that gap between companies and the world’s top talent—so everyone, everywhere, has the chance to prosper. We believe distributing work opportunities can improve the health of people, communities, local economies, and the environment. Our vision is to spur a positive chain reaction around the world. But at our core, we are a technology company – a SaaS product – in the shape of a Global Employment Platform.

I’m a privacy and intellectual property attorney by trade. At Oyster, I handle our information governance program. Among other things, I deal with privacy, security, and data protection matters; I help build out all our policies and procedures that help maintain the confidentiality, integrity, and availability of our Customer and Team Member data; and I work collaboratively with all our internal teams to do so effectively.

What was the problem you were looking to fix?

Predominantly visibility. We do a lot in Google Drive and Slack. But we need to know exactly what’s there: you can’t protect what you can’t see. And unfortunately, most SaaS tools have very limited visibility based on their standard integrations.

For example, we can police Slack to see if people are posting information that they shouldn’t. But a tool like Metomic makes it a lot easier for us to do that. We have comprehensive visibility now across both Slack and Google Drive. We use Metomic to see what type of sensitive information is there, and it gives us different options on how to address those issues when they do pop up.

What do you find most helpful about using Metomic?

Certainly, the automations in Slack are great for us. Being able to say, ‘Here are our key risk areas. These are the rules we want to implement,’ and then having Metomic do that work for us is great. It makes our job much easier because we don’t have to do all of that manually.

But I think the key for us in working with Metomic has been the customer service. The support Metomic provides has been fantastic. Everyone we work with is readily available, and every time we come up with a feature we’d like to see, it’s always addressed and either quickly implemented, or we find other ways to make something happen, so that’s been great.

Any tangible results you can share with us?

In implementing the Google Drive integration, we did find there were certain documents that contained information that we wouldn’t have wanted publicly accessible, but the documents were shared using the ‘Anyone with the link can view’ option. The challenge is that Google Drive is so easy for people to use, and most people assume that the only people with a link are the people you’re going to send it to. If the link is shared in Slack, all of a sudden, you have a sensitive document shared in Slack, with a publicly available link, and now you have two violations, instead of one. With Metomic, we were able to easily identify these risk points and remediate them.

Of course we have policies in place. But one of the keys with Metomic is being able to backstop against those policies. We tell people how to do things the correct way and we have training in place. But Metomic allows us to say, ‘Oops, it looks like you made a mistake here, so we’re going to (automatically) fix it for you.’

Do you think using Metomic has improved the way your team works?

It’s allowed us to do things, with limited resources, that we might not have been able to do as quickly. We are making progress on longer-term goals that we simply couldn’t prioritize without the reporting and automation Metomic provides.

Why would you recommend Metomic to another security professional?

The two things that come to mind are ease of use and customer support.

It really was pretty turnkey. As soon as you set up the integrations, they’re available. You can go in and access everything you need. And anytime something isn’t quite right, the Metomic team has been available to help with support and to get it working the way we need it.