Agoda (part of Booking Holdings, Inc.) operates as a digital travel platform in 26 markets worldwide, boasting 4 million hotels and homes listed.
To protect customer PII and PCI, Agoda's Security Operations and Response team needs to have precise and near real-time understanding of their infrastructure, right down to each individual asset and the corresponding data flow.
✅ Clear data navigation
✅ Full PII/PCI discovery
✅ 90%+ detection accuracy
✅ Alerts on data flow changes
✅ Custom classification
✅ Ease of deployment
✅ On-prem and private cloud
✅ Seamless integration
✅ Responsive support
Agoda had 3 main challenges:
Agoda set out to automate their manual review processes to achieve 100% data observability with zero blind spots, and reduce resources spent on manual security guardrails.They use Soveren to discover all their microservices and associated connections to data stores. Soveren continuously maintains a complete and automated single source of truth of their assets and the data they process with a 95% detection accuracy. Soveren integrates natively with Kubernetes in both Agoda’s on-premise and cloud environments, analyzing network traffic with zero impact on application latency or performance. This also enables Agoda to automatically enrich their service catalog with the exact data types that a service produces and consumes.
Building a single pane of glass for everything sensitive data-related in the application layer was the first step. The biggest challenge for Agoda was to control the inevitable changes in the data usage of microservices in their dynamic environment. Agoda now uses Soveren’s security monitor for that. All security-approved data usage and flows per microservice are anchored in data security protocol rules. Soveren continuously checks actual behavior against these rules and immediately reports any violations that are uncovered.
Integrating Soveren’s alert system was the final step after having full observability and continuous monitoring in place. Agoda, like all companies, needs to reduce alert fatigue. Knowing the data context helps Agoda prioritize the alerts that dramatically impact the business because they put sensitive data at risk. Agoda integrated Soveren into their existing SIEM system via the configurable webhook to optimize alert prioritization. Security teams are now aware of any data security risks before they become full-blown incidents.
Agoda's production environment is constantly evolving; thousands of microservices are modified or created every day, with every product release. Agoda's security team's mission is to have a clear, reliable, up-to-the-minute understanding of their infrastructure, down to every asset and the data they process.
This usually means delaying product releases to carry out manual reviews. But where manual processes and incumbent tools fall short, Soveren provides Agoda with complete, reliable, up-to-date observability across the data layer in the production environment.
✅ Mapping real-time data flows, including with third-parties
✅ Detecting and classifying sensitive data and assets
✅ Monitoring security, privacy and compliance policies
✅ Alerting in real-time of changes, violations or risks
Soveren seamlessly integrates with Agoda's security stack and operating workflows (in-house service catalog, Slack, Jira, Sentinel) for optimized alert prioritization and risk remediation.
