Modern application environments are constantly changing as engineers continuously modify or create new data stores, microservices, virtual machines, and APIs. Businesses that don’t know what to protect face an order of magnitude higher probability of data breaches and privacy violations. This impacts revenue, market capitalization, and customer confidence.
Against this backdrop, security teams face the critical — yet seemingly impossible — quest for a reliable, up-to-date understanding of their infrastructure down to every asset and the data they process.
With the lack of a perfect solution, most businesses have defaulted to some combination of manual processes, plus data discovery and security tools in an attempt to solve the data observability problem.
When I joined the team, the general goal of the product was to help organizations achieve real-time data observability without compromising efficiency, by automating sensitive data discovery, classification, and monitoring across their application environments. This included:
I have joined the team from the very beginning and led:
Soveren was an innovative product in the emerging DSPM market, facing numerous questions and uncertainties along its development path.
I helped the team by facilitating workshops for feature creation and organizing hypothesis-driven work identified during the discovery phase.
Our process involved:
Design sprint board for team ideation and research
During one of our team brainstorming sessions, we developed an entire product component - the Policy Engine, which was responsible for:
MITRE: graph of cybersecurity countermeasures - industry standards embedded in the foundation of Soveren security policies
I developed the product through iterations. We first created functionality that solved one specific user case, then if clients showed interest, we would expand that direction and refine it in more detail.
Since our product only provided value when installed within the client's environment, one of our key challenges was enabling users to test the new product independently, without our assistance.
To address this, we created a Sandbox that gave new clients access and the ability to install the solution in their test environment for evaluation purposes.
This same Sandbox helped us test our hypotheses with clients, gather relevant feedback about what worked and what didn't, and immediately incorporate changes into our Roadmap without waiting for lengthy Discovery cycles to complete.
As a result, working with my team, I accelerated idea-to-test deployment time up to 14 days and increased demo-to-pilot conversion rate to 12%.
The result was a product that allowed organizations to prioritize data protection efforts, proactively remove security and compliance risks, and empower engineering teams to quickly resolve data-related issues with deep technical context.
The platform included features like single-pane-of-glass observability, sensitive data and asset mapping, high-precision ML-based data discovery, flexible policy engine, real-time risk detection and notification, and seamless integrations with security tools.
More than 26+ companies from banking, healthcare, e-commerce, and tourism sectors adopted our solution. For example, Agoda (a Booking.com Holding company) used our product to implement:
[https://drive.google.com/file/d/176298aD2O9XvlwfC08o_c1b620n7bkpd/view?usp=sharing](https://drive.google.com/file/d/176298aD2O9XvlwfC08o_c1b620n7bkpd/view?usp=sharing)