Case Studies
October 29, 2024

TravelPerk detects and responds to risks with the click of a button

TravelPerk detects and responds to risks with the click of a button using Metomic

Download
Download

About TravelPerk

TravelPerk is the technology disrupter of the business travel industry, making booking and managing business travel easier than ever. James has led the
Information Security team at the tech unicorn for over 3 years, implementing a comprehensive security program during the company’s exponential growth.

''As the Head of Security, my role is to keep TravelPerk protected, delivering customer trust and enabling us to continue on our impressive growth
trajectory,' shares James. 'Preventing data leaks and looking after our customer data is of the utmost importance to us.'

What’s the challenge?

TravelPerk is processing travel itineraries and personal data for a high volume of travelers worldwide. With offices across Europe and the US, it is
vital to have clear visibility of sensitive data across their cloud-based technology stack.

'Ensuring that client data and technical secrets are kept secure in the right locations was key. We needed a tool that would give us visibility, control
and assurance.'

As a cloud-first organisation, TravelPerk is using popular apps for document storage, messaging and ticketing. Google Drive, Slack and Zendesk are
amongst the most important business tools, and without due controls, these apps could have become an unwitting repository for sensitive data.

'Finding a technical solution that gave us the ability to automate risk reduction and continue to scale well was so important. We needed to take action without hiring an army of people', explains James. ‘It was timely when Metomic got in touch’.

Why Metomic?

TravelPerk’s Security team sought a solution that would automatically provide visibility into Google Drive, Slack and Zendesk, as these apps were integral to daily business operations. 'In Metomic, we found a solution that would give us instant visibility of our sensitive data via a dashboard,' shares
James. 'It then runs in the background, providing us with tailored alerts to our highest priority risks.'

'Between the platform capabilities and the expertise of the Metomic team, we were able to identify risks really quickly, reduce false positives and ensure that we only took action on the relevant alerts.'

Results

TravelPerk obtained value from Metomic in a matter of days, even though the roll out was phased app by app. One of the key risks James wanted to mitigate was technical secret exposure, and Metomic was able to find relevant risks quickly.

'We were able to find some legacy AWS keys from years ago. Fortunately, they had been revoked long ago, but it gave us the confidence that in the event of new secrets appearing insecurely across our tech stack, we could rely on Metomic to help us swiftly detect and respond with the click of a button.'

James is confident that with Metomic, TravelPerk has significantly reduced exposure to the significant risk that sensitive data exposure can bring, without operational impact. Both organizations look forward to a long and fruitful partnership!

Table of content
Table of contents
Table of contents
Table of contents
Table of contents
Table of contents

Max Marcus

Head of Customer Success

Max Marcus is Head of Customer Success at Metomic

About TravelPerk

TravelPerk is the technology disrupter of the business travel industry, making booking and managing business travel easier than ever. James has led the
Information Security team at the tech unicorn for over 3 years, implementing a comprehensive security program during the company’s exponential growth.

''As the Head of Security, my role is to keep TravelPerk protected, delivering customer trust and enabling us to continue on our impressive growth
trajectory,' shares James. 'Preventing data leaks and looking after our customer data is of the utmost importance to us.'

What’s the challenge?

TravelPerk is processing travel itineraries and personal data for a high volume of travelers worldwide. With offices across Europe and the US, it is
vital to have clear visibility of sensitive data across their cloud-based technology stack.

'Ensuring that client data and technical secrets are kept secure in the right locations was key. We needed a tool that would give us visibility, control
and assurance.'

As a cloud-first organisation, TravelPerk is using popular apps for document storage, messaging and ticketing. Google Drive, Slack and Zendesk are
amongst the most important business tools, and without due controls, these apps could have become an unwitting repository for sensitive data.

'Finding a technical solution that gave us the ability to automate risk reduction and continue to scale well was so important. We needed to take action without hiring an army of people', explains James. ‘It was timely when Metomic got in touch’.

Why Metomic?

TravelPerk’s Security team sought a solution that would automatically provide visibility into Google Drive, Slack and Zendesk, as these apps were integral to daily business operations. 'In Metomic, we found a solution that would give us instant visibility of our sensitive data via a dashboard,' shares
James. 'It then runs in the background, providing us with tailored alerts to our highest priority risks.'

'Between the platform capabilities and the expertise of the Metomic team, we were able to identify risks really quickly, reduce false positives and ensure that we only took action on the relevant alerts.'

Results

TravelPerk obtained value from Metomic in a matter of days, even though the roll out was phased app by app. One of the key risks James wanted to mitigate was technical secret exposure, and Metomic was able to find relevant risks quickly.

'We were able to find some legacy AWS keys from years ago. Fortunately, they had been revoked long ago, but it gave us the confidence that in the event of new secrets appearing insecurely across our tech stack, we could rely on Metomic to help us swiftly detect and respond with the click of a button.'

James is confident that with Metomic, TravelPerk has significantly reduced exposure to the significant risk that sensitive data exposure can bring, without operational impact. Both organizations look forward to a long and fruitful partnership!

About TravelPerk

TravelPerk is the technology disrupter of the business travel industry, making booking and managing business travel easier than ever. James has led the
Information Security team at the tech unicorn for over 3 years, implementing a comprehensive security program during the company’s exponential growth.

''As the Head of Security, my role is to keep TravelPerk protected, delivering customer trust and enabling us to continue on our impressive growth
trajectory,' shares James. 'Preventing data leaks and looking after our customer data is of the utmost importance to us.'

What’s the challenge?

TravelPerk is processing travel itineraries and personal data for a high volume of travelers worldwide. With offices across Europe and the US, it is
vital to have clear visibility of sensitive data across their cloud-based technology stack.

'Ensuring that client data and technical secrets are kept secure in the right locations was key. We needed a tool that would give us visibility, control
and assurance.'

As a cloud-first organisation, TravelPerk is using popular apps for document storage, messaging and ticketing. Google Drive, Slack and Zendesk are
amongst the most important business tools, and without due controls, these apps could have become an unwitting repository for sensitive data.

'Finding a technical solution that gave us the ability to automate risk reduction and continue to scale well was so important. We needed to take action without hiring an army of people', explains James. ‘It was timely when Metomic got in touch’.

Why Metomic?

TravelPerk’s Security team sought a solution that would automatically provide visibility into Google Drive, Slack and Zendesk, as these apps were integral to daily business operations. 'In Metomic, we found a solution that would give us instant visibility of our sensitive data via a dashboard,' shares
James. 'It then runs in the background, providing us with tailored alerts to our highest priority risks.'

'Between the platform capabilities and the expertise of the Metomic team, we were able to identify risks really quickly, reduce false positives and ensure that we only took action on the relevant alerts.'

Results

TravelPerk obtained value from Metomic in a matter of days, even though the roll out was phased app by app. One of the key risks James wanted to mitigate was technical secret exposure, and Metomic was able to find relevant risks quickly.

'We were able to find some legacy AWS keys from years ago. Fortunately, they had been revoked long ago, but it gave us the confidence that in the event of new secrets appearing insecurely across our tech stack, we could rely on Metomic to help us swiftly detect and respond with the click of a button.'

James is confident that with Metomic, TravelPerk has significantly reduced exposure to the significant risk that sensitive data exposure can bring, without operational impact. Both organizations look forward to a long and fruitful partnership!

Max Marcus

Head of Customer Success

Max Marcus is Head of Customer Success at Metomic

Latest posts

Securing Google Drive before implementing Claude

Why CISOs Must Secure Google Drive Permissions Before Implementing AI Tools Like Claude

As Claude's Research capabilities expand to access Google Workspace through MCP, CISOs must implement robust permission governance frameworks to address the "permission paradox" where individually appropriate access becomes problematic when aggregated by AI systems.

Blog
Quantifying AI Security Risk

Quantifying the AI Security Risk: 2025 Breach Statistics and Financial Implications

The 2025 AI security landscape reveals alarming statistics – 73% of enterprises experiencing breaches averaging $4.8 million each, with financial services, healthcare, and manufacturing facing the highest risks from attacks like prompt injection and data poisoning.

Blog