How Stavvy Used Datadog Cloud Security Management to Monitor Its Security Posture as It Navigated a Strategic Acquisition | Datadog
Case study

How Stavvy used Datadog Cloud Security Management to monitor its security posture as it navigated a strategic acquisition

Real Estate Fintech

~200 Employees

Boston

会社情報 Stavvy

Stavvy is a digital transaction platform built for real estate professionals. By connecting people, systems, and processes, Stavvy modernizes real estate transactions through collaboration, reliability, and choice.

“Datadog gives me confidence that we know where our entire organization sits from a security standpoint.”

case-studies/stavvy_headshot
Kelly Bettendorf
Security Engineer
Stavvy
case-studies/stavvy_headshot

“Datadog gives me confidence that we know where our entire organization sits from a security standpoint.”

Kelly Bettendorf
Security Engineer
Stavvy
なぜDatadogなのか?
  • Breaks down silos between security and DevOps teams
  • Combines organization-wide security and observability capabilities in a unified platform
  • Prioritizes top security issues that need to be addressed immediately
  • Provides start-up the confidence they need to move fast
Challenge

After successfully acquiring a new company, Stavvy security engineers needed to quickly evaluate the acquisition's security posture and swiftly address key security issues such as cloud misconfigurations and vulnerabilities.

主な成果
Successfully addressed misconfigurations

Ensuring alignment of security standards and protocols

Unified approach to top security risks

Provided a foundation for systematically prioritizing key security issues across engineering teams

Cultivated a security-centric mindset

Extended security team’s influence throughout the entire organization

Strategic acquisition introduces gaps in visibility

Stavvy’s goal is to transform real estate transactions into swift, secure, data-driven experiences rather than manual, paper-intensive processes. To accomplish that, the company developed a digital transaction platform that enables title and settlement agents, mortgage lenders, mortgage servicers, real estate attorneys, and users to collaborate seamlessly and complete real estate transactions efficiently and securely.

As part of its growth strategy, Stavvy acquired a company with significant technology to integrate. To effectively integrate the new company, Kelly Bettendorf, security engineer, needed to evaluate its security posture quickly and, if necessary, improve it to align with Stavvy’s security protocols. “We needed to understand the technology resources they were using, including any third-party programs or applications, and their cloud infrastructure,” says Bettendorf. “We needed to understand every detail of these products and resources to ensure we could reliably secure them and maintain access.”

Enabling a big-picture view

When Bettendorf first joined Stavvy, one of his primary objectives was to enhance organizational-wide observability and cloud security capabilities. At the time, Stavvy teams used siloed monitoring products, which limited visibility and made collaboration difficult because they had to download data from multiple tools to get the complete picture. “I wanted to bring all of that data into one central place to facilitate smoother collaboration among teams building our product,” Bettendorf says.

Bettendorf selected Datadog for centralized logging and incident detection and response, including Datadog Cloud Security Management (CSM) to monitor all its cloud environments. When the acquisition came into play, Bettendorf again looked to Datadog CSM. “Given our familiarity and positive experience with the product, CSM was an obvious choice to support our acquisition strategy,” he says.

Deploying Datadog to the new infrastructure was completed within an hour

Bettendorf initially used CSM to obtain an overview of the cloud infrastructure and tools the new company was using, which helped identify key security issues such as cloud misconfigurations and vulnerabilities they needed to address immediately. Bettendorf and his team then worked alongside the team from the newly acquired company to resolve the most critical findings. “CSM allowed us to get a quick overview of where things were good, where things could improve, and how their security priorities lined up with ours so we could understand where to spend time for the most value of improvement,” he says. “By doing that, we were able to build a better overall plan for security and visibility, monitoring, and alerting for an entirely new infrastructure. It was incredibly helpful for us to be able to do that so quickly.”

Bettendorf especially liked CSM’s ease of use and versatility for configuring notifications

For example, he uses Datadog’s integration with Slack to alert him when other Stavvy users mute findings for an extended period, which helps them monitor for accidental suppression of misconfigurations or to determine if more permanent tuning makes sense. “As soon as you mark something as being suppressed for an extended duration, it can easily be forgotten,” he says. “Having a secondary check—because maybe that person didn’t mean to suppress something—is important so we can follow up on that action if we need to. That’s a pretty big deal from a compliance perspective, and it demonstrates the power of the Datadog platform.”

“Given our familiarity and positive experience with the product, Datadog Cloud Security Management was an obvious choice to support our acquisition strategy.”

Effective security enables speed

Bettendorf says the number one benefit of using Datadog is it gives the start-up confidence to move fast. “We have a lot of gifted and intelligent individuals working to build and scale various services, applications, or components to further our mission of revolutionizing the real estate closing process for homebuyers,” he says. “It’s important that we enable teams to build effectively and remove roadblocks for them while still ensuring they’re building securely. We know Datadog monitoring is going to see a newly deployed resource, run it against its posture checks, and immediately alert us if there is anything wrong with it. Datadog gives me confidence that we know where our organization sits from a security standpoint.”

Datadog has also enabled Bettendorf to create a quarterly posture score that he can share with Stavvy senior leadership.

“Datadog gives me a simple way to show senior leadership measurable improvements to our security posture that result from our collective efforts,” he says.

Going forward, Bettendorf plans to expand the use of Datadog solutions to more parts of the company to help break down silos and improve observability and security. To facilitate that effort, he created an internal Datadog ambassadors program to identify security champions who can help build out Datadog with unique team requirements in mind. “I enjoy being the go-to guy for trying to help teams find a solution to their problems with Datadog,” says Bettendorf. “If there’s a way we can do it with Datadog, I’m all for it because it will help us continue to work together and build a single ecosystem. Having different teams contributing to various aspects of the same platform boosts everyone’s collaboration and allows us to solve problems faster.”

リソース

/blog/security-posture-csm/security-posture-csm-hero

BLOG

Report on changes to your security posture with Cloud Security Management
blog/state-of-devsecops/state-of-devsecops-2024/hero-final

BLOG

State of DevSecOps