PagerDuty Upgrades Email Security in the Midst of COVID-19 and WFH

PagerDuty is the central nervous system for real-time digital operations at over 13,000 organizations, including nearly 60% of the Fortune 100. The publicly-traded company is a household name in DevOps and IT and has led the recent renaissance in infrastructure monitoring and response, serving customers around the globe. PagerDuty is mission-critical for every single customer, and teams place unparalleled trust in the security of the company and the platform. PagerDuty’s team works non-stop to maintain that trust.

The Information Security team led by Lisa Hall is tasked with protecting Dutonians (PagerDuty’s employees), the company, and customer data. Lisa recognized that the out-of-box email platform features, though offering basic protections, lacked the risk visibility and scalable security capabilities commensurate to the risks facing email. Material Security, on the other hand, offered her team the ability to further protect sensitive data in PagerDuty’s mailboxes—a requirement that was top-of-mind and supported compliance initiatives. More broadly, Lisa wanted a modern solution that could provide "visibility into email risks and the ability to administer them at scale and for specific users/groups, as well as an automated response to phishing."

Christine Chalmers, Technical Program Manager on the security team, led a smooth implementation of Material despite the added urgency from the shift to work-from-home (WFH) and new COVID-inspired security threats. By partnering with Material, PagerDuty improved visibility and management of email risk, streamlined the ability to audit and comply with policies, and reduced the operational burden for the on-call team responding to the flood of incoming suspicious messages. Material even became a catalyst for other security initiatives: "As a result of rolling out Material, we accelerated improvement in authentication practices, standardizing on the most secure methods," Christine explains.

COVID-19 and the rapid shift to WFH requires a new look at email controls

When word in her network pointed Lisa to Material, she was already well aware of other options in the market, including traditional email gateways. She liked the unique approach that wasn't available elsewhere: "I like that it's not archaic compared to other vendors, that it's focused on new ways to protect cloud email, and that CISOs I trust are having success with it."  

PagerDuty kicked off a pilot. Lisa shared, "The actual technical implementation of it was super easy—we did it in 2 minutes." Similarly, Then, COVID-19 forced Dutonians to work-from-home, creating a need to look at current controls and make some improvements, including addressing an influx of phishing attacks taking advantage of the worries created by the virus. Christine recalled, "Our COVID-19 task force identified Material Security as something that could quickly and easily further protect us in the shift to full work-from-home." PagerDuty was able to successfully accelerated its implementation timeline.

Material’s Risk Analytics improves risk measurement, policy compliance, and authentication practices

PagerDuty started with Material's Risk Analytics, which surfaces risk factors in three key categories: employees' email accounts, the third-party apps they use, and the external partners they interact with. Risk Analytics clarified which accounts were forwarding messages, which SaaS apps were in use, which email settings needed adjustments to improve compliance with policies, and several other risk factors.

Most organizations strive to enable MFA for all accounts. Risk Analytics let PagerDuty validate this control at scale and extend MFA protection to the “last mile”. Lisa explained, "Now, we have visibility, we can audit at any time, and we have the metrics. No more guessing that something is risky when we can quickly measure it." For example, PagerDuty chose to move away from using shared email accounts to Groups, which required every recipient’s email account to use MFA. Getting this change on the internal roadmap and the migration itself was quick and easy because Risk Analytics specified the scope. Today, PagerDuty regularly audits MFA use as part of their security and compliance efforts.

Data Protection and Identity Protection keep sensitive data and apps safe

PagerDuty's existing investment in an advanced MFA solution soon paid dividends for a whole new use case: securing access to sensitive messages in mailbox archives. Material invented Data Protection to protect mailboxes by redacting sensitive messages in place and adding a quick extra layer of authentication to retrieve them on demand. Lisa also liked the ability to receive alerts when someone attempts to access multiple sensitive documents, which can be a sign of misuse. "With Material's Data Protection, we can further protect sensitive data in email. We can show these controls to our auditors, assure our customers, and reduce the risk of loss," underscored Lisa.

Christine used the Risk Analytics dashboards to plan the rollout, "All of this data made it easy to identify the best team to work with for piloting and how to tune the policies for Data Protection." 

Material's Identity Protection functions similarly to Data Protection to protect connected accounts against takeover via a compromised email account. Identity Protection works by asking users to pass a quick challenge using an additional factor before accessing password reset emails. Lisa explained why identity protection mattered: "We use a lot of SaaS services. Protecting them from inappropriate access is critical. Material gives us peace of mind because it prevents account takeovers even if a particular service is not set up with SSO and MFA."

Christine rolled out Identity Protection in parallel with Data Protection to Dutonians while they were all working from home: "It's transparent to the users—we had no challenges in rolling it out. It has been smooth for people to get their emails and reset their passwords."

Phishing Herd Immunity crowdsources protection and streamlines on-call

COVID-19 brought another security challenge—an increase in new phishing attacks. Lisa decided to deploy Material's Phishing Herd Immunity to reduce the on-call team's load and protect Dutonians. Christine concluded that the protection would be simple to turn on during an already-significant adjustment period for many employees.  

Phishing Herd Immunity is a feature of Phishing Protection allows one employee's phishing report to automatically protect the entire company from similar suspicious messages, across all mailboxes, without the bottleneck of a manual investigation.

PagerDuty uses Material to automatically find similar messages to reported messages and “defang” payloads (like links and attachments) even after messages have been delivered. Defanged payloads can be blocked or subtly modified to create “speed bumps”, which warn (and train) users at exactly the right moment. The feature Phishing Herd Immunity quickly proved itself after a rapid rollout: "Material substantially reduced the stress of the work for the on-call team. If you flag a message as suspicious, Material will protect everyone. If it's a false positive, mark it as non-suspicious, and Material takes care of it all," noted Christine.

Material’s painless deployment facilitates a fast implementation wall-to-wall

Lisa and Christine addressed their email security priorities on an accelerated timeline to further protect PagerDuty and its customers against new threats. With visibility into how Dutonians use the company’s information in different departments, they can identify more ways to secure how work gets done. 

Looking back at her experience so far, Christine found the implementation straightforward and appreciated the guidance from the Material team: "The team was responsive and helped us weigh the next best action for the rollout. I'm impressed with the low risk of implementing Material. We haven’t had to include many dependencies, and the tool itself is so intuitive to the end-users."

Lisa agreed: