Papaya Global Embraces a Data-Centric Approach to Enforce Data Security Policies

Papaya Global

How a large cloud-native financial SaaS organization was able to strengthen its data security posture by continuously ensuring its data pipeline policies are enforced and no sensitive data is exposed.


Papaya Global brings significant technological advancements to the traditional world of payroll. The company is the first global payroll provider to develop its own native payments platform dedicated to the complex and sensitive nuances of payroll related issues and dynamics.

Leveraging innovative data security technology forms a key element of its business and operational strategy, to continuously ensure the privacy and protection of its sensitive customer and financial data.

Papaya Global employs more than 700 workers in 21 locations worldwide.

The Challenge

As a cloud native global company running primarily on AWS, Papaya Global’s architects are responsible for an ever expanding cloud infrastructure with more data handlers joining on a weekly basis. They also manage a number of data pipeline integrations, resulting in data movement in and out of the public cloud. 

As a payroll  service provider, much of this is sensitive data, including personal and financial information, that comes with its own strict compliance standards. The company’s security team understands that to continuously secure its dynamic and sensitive cloud data, a data-centric approach to security is needed, with a focus on the data itself.  

The first step was for the cloud and security teams to truly understand the precise location of all the sensitive data, who has access to it, and whether it has the right security posture for its level of sensitivity. But they also needed to make sure that their cloud engineers were not inhibited or slowed down in any way. The security team needed to enhance their existing approach with a smart solution  to give them  a clear, up to date picture of the security posture of their sensitive data at risk,  keeping all data handlers on the same page to reduce friction.  

“Sentra’s ability to help us find and remediate potential data risks, was proven immediately by finding critical misconfigurations and unprotected shadow data, giving us an unprecedented level of visibility and control over our company data.” - Nitai Sarna, Information Security, Director at Papaya Global

Sentra’s Solution & Unique Approach

Papaya Global’s head of information security turned to Sentra and immediately understood the potential value of taking their security approach to the next level by quickly securing the company’s sensitive data, without a huge investment in resources or personnel. His  team only needed a few minutes to set up Sentra’s DSPM solution to start seeing results from the data discovery and classification process.

The security team was able to see which specific data needed a stronger security posture, and the DevOps team was then able to take the information from Sentra and prioritize changes to their processes. In this case, their team added another layer of control to prevent these types of misconfigurations in the future. 

In addition, Papaya Global experiences significant efficiency gains from integrating Sentra’s alerts with their existing cyber reports and monitoring processes. This empowers the team to quickly and easily stay on top of any new policy violations to remediate fast and effectively.


Sentra's Impact

Papaya Global expanded their use of Sentra’s platform beyond the security team, bringing their DevOps and engineering teams on board to continuously monitor their data security posture.  The company can now successfully: 

  • Keep their production and development environments separate and fully protected. This moves beyond checking security controls with the ability to detect any relevant violations in near real-time.  

  • Build and enforce security compliance with the ability to alert the right people within the company to quickly and accurately remediate any issues. The ability to enforce data privacy, keeps Papaya Global’s customers assured. 

  • Bring different security solutions together (via Sentra’s integrations) with varying sets of rules to ensure that the right members of the security team are alerted to any issues in time.

  • Gain immediate data visibility and insights optimizing investigation time and making every second count when dealing with incidents e.g. discovering excess permissions.

Sentra’s platform provides Papaya Global with 24/7 coverage of their data security posture, which is crucial in a dynamic organization with a growing cloud infrastructure.

“Compared to other solutions we reviewed, Sentra's implementation was simpler and effective, providing visibility and insights from day one, making a perfect out of the box experience. Sentra is the right solution for ensuring our data security posture is always at the forefront in our cloud environments.”

Nitay Sarna
Director of Information Security
decorative balldecorative balldecorative balldecorative balldecorative ball