Numan is a digital health provider specialising in men’s health, providing online access to healthcare services.
As the Chief Medical Strategy Officer at Numan, Professor Sam Shah is responsible for the Medical Strategy and the wider medical team. He is also the Data Protection Officer, responsible for data privacy, overseeing the regulatory and compliance requirements of the business.
In their review of data security tools, Numan was primarily concerned with the need to protect patient data, across their range of systems as a growing and maturing start-up organisation. Numan’s data was stored across several different systems and databases, this invariably increased the potential risks relating to data flows.
As a healthcare company, Numan has a legal and moral obligation to protect their patients’ data. But with a remote team working across the world, it was difficult to adopt consistent system policies. “One of the problems we face is how to demonstrate compliance, not only with GDPR, but with the expectations of healthcare regulators around data sharing and privacy,” explains Sam. “The second is how we develop behaviour in the organisation, so that people know what to share, when to share it, where to share it, and how to share it, using the right systems.”
The benefits of implementing a robust data security solution to resolve the aforementioned issues were two-fold. Firstly, Professor Shah would be able to demonstrate compliance to regulators, secondly, Numan could operate with the confidence that patient data would be safe and secured, with the knowledge that they have enhanced visibility and control over the flow of data across their applications.
Prior to implementing Metomic’s Data Security solution, Numan were operating a very manual process of sifting through Slack and Google Drive as a means of managing their data risk. “I'm worried about missing data; relying on any manual process is not reliable, you’re potentially going to miss data,” he says. “There's only ever a limited amount of time that we all have. Ultimately, a manual process is only as robust as the operator doing it. The automated functionality was an element that really attracted me to Metomic, the ability to automate alerts in our systems that gives me the signals for items that I need to be aware of.”
When Metomic was integrated with SaaS applications like Slack and Google Drive at Numan, it identified where the team was storing data internally, and helped improve the efficiency of storing it. “We consolidated some of our systems,” Sam explains, “so that was quite helpful. It helped us understand what our training needs were, and it also helped us be more responsive in the way that we delete and retain data.”
A key aspect of automating security policies was the principle of allowing teams to remain productive in their day to day. “We were adamant on enabling employees to continue to use these applications safely and securely, rather than work around them. We were more concerned with getting a tool that enabled instead of hindered.”
With its ability to enable SaaS application use, while protecting sensitive data, Metomic was the perfect choice for Professor Shah. Metomic’s all-in-one dashboard unifies data security across many SaaS applications, making it easy to understand where data is stored across multiple platforms.
“For me, Metomic has proven to be very easy to implement and use,” Sam says, “because we don’t have to do much manually with Metomic; it integrates with the SaaS tools we use so it doesn’t require lots of servicing and resourcing. It’s also aligned to the way we operate.”
Security awareness is also key for the team, enabling the Human Firewall means everyone is taking responsibility for data security. Metomic’s employee notifications, sent directly to staff once they create a violation, has helped Numan bridge the gap between the security team and the wider workforce.
“An area of great improvement has been the security knowledge level among our workforce, as a result of the actions they’ve taken from the alerts,” Professor Shah explains. “It means we can help support and educate team members, and that means that their behaviour is also changed over time - that has improved security, safety, and privacy.”
Metomic is a cloud native Data Security solution for SaaS applications. We combine Data Discovery, Data Loss Prevention (DLP), and Access Controls across your SaaS tools, to protect your most sensitive data, without getting in the way of employee productivity.
See more Metomic success stories from around the world here.