Flow Security Reviews

We are a healthcare company and data breaches are the main real risk that we are afraid of. We hold a lot of sensitive customer data and cannot afford a data breach. We haven't had issues with downtime, but data breaches are a concern. 

Third parties access our production environment, so it's a challenge to manage the data flows. It was challenging to keep track of where our personally identifying information is located and who is accessing it. We are potentially exposed if someone is abusing the data located in the production environment. We need an accurate accounting of all the third parties using our PII and the associated risks. For example, if someone is moving production data to a lower-level environment or a testing environment, this is a huge risk because it involves multiple consultants and potential violations of our contractual obligations. 

Flow Security is fully cloud-based, but there is also an on-premise component that enables us to keep sensitive data within our internal environment. Our cloud security team implemented the system. About six admins are responsible for the solution. The cloud security team owns and maintains the system, but the SecOps team checks the alerts and responds. Members of our compliance team also have access. 

Before implementing Flow Security, we had no mechanism to alert us when third-party contractors were accessing sensitive data or moving it to locations with lower security. Now we know precisely where the data is stored and can assess the risk when someone wants to develop something. Flow Security lowers our risk of a data breach. 

We can also look at the risk of our privilege and access settings. Flow Security gives us a risk report that helps us refine our process management by highlighting where we might be exposed. For example, data services might point at the wrong network, or information that shouldn't leave our internal network could be accessible from the internet. It helps us identify vulnerabilities in specific data stores. We can map out compliance issues and current risks. 

Flow Security's data flow mapping is helpful for a healthcare company. We didn't have that before, so I didn't know where our data assets were stored. The solution offers amazing visibility into our data and which third parties are using. 

We have data use agreements with all the third-party contractors who store or process our data. From a privacy and legal standpoint, we learned that some services were in violation of the contractual agreement and fixed the issue immediately. It helps us sleep a little better at night when we have a mechanism to see all these things. 

Flow's distinctive capability to analyze both data at rest and data in motion grants us the ability not only to get full visibility and classification of the data within our managed databases but also to visualize the data flows both within and beyond our environment. This enables us to achieve a comprehensive understanding of all our sensitive data, even as it traverses through applications, shadow databases, and external services such as third-party entities and SaaS applications. What we aspire to achieve with Flow is extended visibility into the external services themselves, which will allow us to see the data they contain.

We have used Flow Security for nearly a year. 

Flow’s solution is stable and frictionless. The deployment on our production environment took a few hours, and there haven’t been any significant system breakdowns. If a minor issue ever occurred, we immediately contacted the customer support team and received prompt answers for anything we needed. Flow’s product has a great SLA and is able to provide sufficient time, visibility, and management for data protection and response.

Flow Security is highly scalable. We are a startup that's growing fast, and I feel like Flow Security can keep pace as our infrastructure grows. If we grow, then Flow Security can scale up immediately on the fly. 

In today's economy, the consolidation of data security products is crucial, and Flow's solution offers a platform that gives- data discovery, cataloging and classification, data flow mapping, risk assessment, and data detection and response, all in one. 

Moreover, Flow’s combination of both data at rest and data in motion, which usually require two separate tools, makes it very efficient and cost-effective. This reduces costs of full-data scanning with the ability to analyze data in motion and detect risks around cost reduction, such as identifying duplicated databases that lead to unnecessary expenses.

Despite the tight budget we had for such purchases, Flow accommodated our needs and evolved our relationship to one of a design partner. Our management decided to purchase, even though no other security tools were purchased in the company, because I explained the criticality of the lack of visibility. The need for Flow was easy enough to understand for all the relevant stakeholders.

Positive

Our previous solution couldn't tell you where the data is flowing. Flow Security gives us better visibility into our real data. In the past, we were only looking at logs, but now we can look into layers that the logs can't see. 

We deployed both Flow’s runtime and scanning at rest modules. The deployment was very straightforward; our DevOps team completed it in a couple of hours. We initiated a stress test and were happy to know that Flow’s deployment was frictionless and seamlessly integrated into our existing infrastructure. The deployment and the entire process were very simple and fast, and we started receiving value instantly. 

The deployment team included a person from DevOps and a cloud security engineer. One person could've done the job, but we preferred to use two people because it sped up the process. 

It's difficult to quantify the ROI when nothing is broken. We haven't had any data breaches. It's like an EDR. If the EDR hasn't caught a virus in the last year, is it a good investment? 

I feel it's a good investment because I wouldn't have the visibility I need without it. It's hard to understand the risk or security posture of our data without visibility. However, during budget discussions, when the CFO is asking me what we should cut, Flow wouldn't be the first to go. 

In today's economy, the consolidation of data security products is crucial, and Flow's solution offers a platform that gives- data discovery, cataloging and classification, data flow mapping, risk assessment, and data detection and response, all in one.

Moreover, Flow’s combination of both data at rest and data in motion, which usually require two separate tools, makes it very efficient and cost-effective. This reduces costs of full-data scanning with the ability to analyze data in motion and detect risks around cost reduction, such as identifying duplicated databases that lead to unnecessary expenses.

Despite the tight budget we had for such purchases, Flow accommodated our needs and evolved our relationship to one of a design partner. Our management decided to purchase, even though no other security tools were purchased in the company, because I explained the criticality of the lack of visibility. The need for Flow was easy enough to understand for all the relevant stakeholders.

I rate Flow Security eight out of 10. I wouldn't say nine because we need more SaaS visibility. It provides a good overview of our infrastructure, but I need more end-to-end visibility, and SaaS is one of the gaps.

You need a solution like this if you're dealing with sensitive personal data. I used to work for a fintech company. While every company has some sensitive data, it's particularly critical if you work in an industry like healthcare and fintech. You need something like Flow Security that tells you where the data is and where it's going. Failing to implement a product like this is like installing a computer without an antivirus. You can do that and get by, but it isn't the best practice. I feel useless without it because I don't know where my data is.