How Nira automates access management and secures critical data for RapidSOS

When someone calls for emergency services, RapidSOS is there to help first responders get the data they need to save lives. Here’s how Nira allows RapidSOS to secure confidential documents, remediate personal account access, and manage access from former contractors and employees.

  • Location: United States
  • Industry: Public Safety
  • Company Size: SMB (< 200 employees)

RapidSOS is an intelligent safety platform that securely links life-saving data from 500M+ connected devices, apps, and sensors from 90+ global technology companies to over 450,000 first responders across 15,000 agencies nationwide. Whether there’s an unsafe moment or an emergency, RapidSOS Ready devices, homes, or buildings deliver essential data to the right place, when it matters most.

The first few minutes after someone calls 911 or pushes a call panic button are critical. Emergency Communication Centers (ECCs) have a narrow window of time to understand the issue and send aid to the person’s location. Even as the technology used to save lives advances, ECCs and Public Safety Answering Points (PSAPs) often have limited budgets and can’t always afford the latest tech.

That’s where RapidSOS comes in. Whenever someone calls first responders through their cell phone or an application like Uber, the location services often go through RapidSOS. They also have coverage in Mexico, Canada, and Europe, and have plans to operate in Japan and South Africa.

RapidSOS goes beyond mobile apps. They also partner with home security providers, and they work with gig economy workers to make sure emergency services are implemented in a timely fashion.

RapidSOS is dealing with multiple cybersecurity risks as they serve some of the largest companies in the world. The company wants to ensure that Trust and Safety, a core value that states they’re 100% committed to public safety, is prioritized when they work with customers. The company handles all types of confidential data that could have large repercussions if it was exposed, including protected health information (PHI), personal identifiable information (PII), and intellectual property (IP).

They also have to comply with government regulations and go through multiple audits including ISO 27001:2013, SOC 2 Type II, and HIPAA / HITECH, as well as vendor-specific audits.

To demonstrate that they have coverage from a data loss prevention (DLP) standpoint, RapidSOS wanted to find a solution to protect information residing in their internal file-sharing system.

They were particularly concerned about protecting certain sensitive files within their internal file-sharing system, for example, contracts or integration documents, and they wanted to eliminate exfiltration risks as much as possible. They considered other administrative tools, but found the DLP and investigation tools inadequate for their needs, according to Senior Information Security Engineer Russell K.

Other DLP tools had provided them with too many false positives. The investigation tools were also limited in providing the history of files, and they only provided six months’ worth of history. Russell and his team needed to be able to look at data from a year or two back, to better understand, investigate, and remediate issues.

“Our file-sharing system is an essential source of truth for our company. We can’t have an analyst spend all day looking through alerts and false positives,” Russell explained.

The team needed a tool like Nira’s where they can quickly and easily manually revoke permissions for sensitive files, automate remediations, and eliminate the risk of unauthorized access entirely.

Nira was also the only solution that fit from an end-user usability standpoint. It was easy for the administrative team to manage and quick to integrate. The time to value was incredibly fast for the team. And, Nira had a good support system; RapidSOS could reach out to Nira with questions and someone would be in touch with them in no time.

They were impressed with Nira’s roadmap, which had elements that were important to preventing data loss, in order to limit access risk within their organization.

Nira also aids the company with audits and their ability to show an audit trail, including what happened, and why. The tool is able to identify risks quickly and efficiently and gives the RapidSOS team the ability to fix them.

Russell K
It’s the velocity at which Nira can identify and remediate issues. It allows us to have accountability.
Russell K,
Senior Information Security Engineer

Automatic fixes that save time and reduce access-risk

Nira lets RapidSOS automate remediation actions at scale

One of the key benefits of Nira was that it allowed Russell and the team to fix issues at scale and automate the process. Scale was particularly important for RapidSOS: as the company grew, so did the number of customers, partners, vendors, and the number of documents.

Russell K
Securing sensitive files and managing access permissions can’t be the sole job of one person. It’s got to be automated, and that’s where Nira comes in.
Russell K,
Senior Information Security Engineer

Although most data breaches involving employees are not malicious, people will make mistakes, Russell explained.

“It’s human nature. They may accidentally share something with an unauthorized stakeholder, and we have to be able to remediate that at scale,” he said.

Nira allows RapidSOS to focus on its toughest projects, rather than spending lots of effort on repetitive manual actions. This frees up resources.

“At the end of the day, time is money in any business. We want to ensure that whatever work we’re doing, we can automate it as much as possible,” Russell said. “Nira allows us to hand off that remediation work and automate it efficiently.”

Even if RapidSOS does need to take manual actions, Nira allows them to do it at scale, instead of one by one or by using other methods like time-consuming scripting. This lets the team focus on other work, and thus provides an added financial benefit.

Russell K
In one quarter, we’ve saved weeks of time with Nira which adds up to quite a lot of money.
Russell K,
Senior Information Security Engineer

Effortless compliance with automated security policies

Nira helps RapidSOS meet compliance needs with the added capability of seamlessly automating policies

Nira also helps RapidSOS ensure that it fully complies with company policies regarding access to documents.

For example, RapidSOS may have a company policy that says sensitive files should not have Public links, which are accessible by anyone on the internet with the link. They can use Nira to search for title keywords such as “private,” “confidential,” or “restricted.” They can then see if a file is accessible to the public and ask, “is there a business need for this to be publicly accessible?” If not, based on their policy, the file can be restricted to “company only” or restricted entirely.

Using Nira, RapidSOS made sure these confidential files and folders were not made publicly available.

With Nira, RapidSOS also has the option to customize automation rules based on their company’s policies in just a few clicks. RapidSOS can configure security policies according to their needs. The RapidSOS team can define conditions when remediation actions will be taken, configure specific automated remediation actions, and view a detailed audit log of automated remediation actions that have been taken. Nira helps RapidSOS easily identify issues, fix them quickly, and efficiently automate the process.

Reduced risk, complete offboarding

Nira enables RapidSOS to completely offboard and manage former contractor and employee access

When it comes to access risks, RapidSOS strives to be proactive. For example, employees may use their personal email accounts to share sensitive documents by accident. Russell can quickly remediate these types of sharing misconfigurations with Nira.

“We’ve seen with personal accounts that people take the path of least resistance to get something done. And we have to be able to catch those mistakes,” he explained.

Nira also aids with offboarding, allowing RapidSOS to do additional due diligence when employees or contractors leave the company.

“We are able to use Nira to search for employees who are leaving and discover any personal email accounts they may have shared documents with,” Russell explained.

Nira further helps the company remove access from contractors and consultants after the end of their contracts. That’s because vendors, contractors, and consultants can have access to files long after their contract ends.

Russell K
In the past, we’ve seen contractors and consultants who should have had their access removed from certain files, still have access. We need to catch things like this quickly, and we trust Nira to do that at scale.
Russell K,
Senior Information Security Engineer

Meeting the highest standards of information security

Nira allows RapidSOS to ensure their data have the highest standards of protection as they help their customers and government partners respond to emergencies and save lives.

A combination of powerful features and Nira’s customer service has been especially beneficial.

“I love the monthly calls with Nira’s customer success manager where we discuss the roadmap and any improvements or hurdles,” Russell said.

Nira’s easy-to-use UI has also been an asset, and the RapidSOS team recommends Nira to any company that cares about privacy and security.

“For a company like ours, that handles data for some of the biggest organizations in the world, we have to ensure that their information is held to the highest standards in cybersecurity and privacy,” Russell said. “Nira helps us do that.”

Every company that uses Google Workspace should be using Nira.
Bryan Wise
Bryan Wise,
Former VP of IT at GitLab

Incredible companies use Nira