Three Teams, One Solution: How HackerOne Leverages Onna to Empower Its IT, Legal, and Compliance Teams
Leading cybersecurity company, HackerOne, is on a mission to empower the world to build a safer internet as the #1 hacker-powered security platform. Started by a small group of hackers who use their skills for good, HackerOne helps organizations find and fix critical security vulnerabilities before they can be criminally exploited.
Spotting potential risk for organizations is the heart of what HackerOne does, and their IT team is no different. Aaron Zander, Head of IT at HackerOne, came across Onna on the hunt for an eDiscovery solution for Slack, only to find that Onna could not only improve that process, but enable his team to collaborate on their findings in a secure, private, and seamless way. We sat down with Zander to get the details.
When HackerOne upgraded to Slack Enterprise Grid, their data collection process became more complex. Zander and the IT team could no longer parse through Slack’s corporate exports the same way they could with Slack’s standard exports. The corporate exports came in JSON files — a complicated format that’s difficult to review. After finding out that the exports from Slack Enterprise Grid were not supported by the open source tools previously used they needed a new solution.
While looking for a Slack eDiscovery solution, HackerOne’s compliance, legal, and IT teams were growing fast. Yet, they were still collaborating on data collections in a disjointed manner. Zander recalls one pain point many companies know too well, “When an employee leaves a company, IT needs to work with HR to close out their email. We would have to pull data from Google Vault in long PDFs, and if you’ve ever looked at 100-email chains in a PDF it’s like reading backward through time. This was also an issue because we always advocate for the privacy of our employees. If someone leaves we’re not going to give unauthorized people access to their email.”
All three teams decided they needed to foster a more collaborative and private working process. They were finding requests were taking longer than expected to complete, and hitting roadblocks adding collaborators without giving them unnecessary access privileges. It was clear they needed a secure, easy way to preserve and find the right data, while collaborating on collections across multiple Saas applications.
To find the right eDiscovery solution, HackerOne went directly to Slack themselves. “We asked them ‘Well, what do you use?’ and when they said Onna, we knew we had to find out more,” recalls Zander. With Onna, HackerOne’s IT team could now search across their Slack exports with ease, find exactly what they need, and put conversations into context giving the teams a level of intelligence they didn’t have before. Zander notes this deep level of search saying, “Onna does a great job of highlighting surrounding conversations in Slack that you might’ve not known to look for, but are still relevant.”
Another way Onna saved HackerOne time was its ability to continuously sync their data into Onna and mirror Slack retention periods. This gave the team confidence that if an investigation came up, the information they needed was up-to-date, preserved, and discoverable in one place.
The issues Onna solved for didn’t stop at Slack. When reflecting on its implementation, Zander notes, “Onna became the impetus for change for a lot of our previous processes.”
Whenever the IT, compliance, or legal teams had an investigation come up, they used channels in Slack to collaborate. But with Onna, they were able to map every channel back to a workspace in the platform to collaborate in a more secure, private way.
If the IT, legal and HR teams needed to invite external collaborators to view content, they could easily invite them to a specific workspace, or even just a subset of data in a workspace, in Onna so they could view and search across the data they needed, and only the data they needed. Not only was collaboration more secure using this method, but it was also more efficient.
Onna also empowered compliance and legal to have more ownership over their own matters, and in turn, freed up a lot of burden on IT. Rather than IT being the only team able to search for data across applications, Onna made it easy for authorized members to search for what they needed allowing investigations to move much faster. Zander notes, “When we don’t have the same context as they (compliance and legal) do, it’s difficult for us to refine searches. Now, it doesn’t take us as long and we don’t hold them up.”
With Onna, the HackerOne team was not only able to save significant time and energy searching across their most critical information, but they also fostered greater privacy when cross-collaborating. Once Zander and his team realized the control Onna afforded them in Slack, they quickly expanded to GSuite. By narrowing down large datasets early on, HackerOne was able to decrease billable hours, which in turn saved them money.
Zander hopes to sync even more of HackerOne’s tech stack into Onna. By doing so, he feels the rate at which his team can find critical information will only accelerate. As a true believer in the power of Onna’s search, Zander recalls his biggest “wow moment” with the platform, “We uploaded a series of screenshots into Onna we felt were important. Later on I was searching for something, and I realized the platform had pulled up one of the screenshots because it had OCR’d it which is so important — especially in the BYOD (Bring Your Own Device) climate we’re in.”
Beyond Onna’s technical capabilities, Zander is always impressed by the responsiveness of our Support and Success teams, “I’ve actually seen certain things fixed or improved in the product based on my suggestions, so I always feel like my feedback really means something. I’m not just shouting it into the ether and it goes away —I feel like my voice really matters.”
Want to find out how Onna can do the same for you? Reach out to us here to learn more about our solutions.