Our next-gen architecture is built to help you make sense of your ever-growing data. Watch a 4-min demo video!

Case Study

Building a Secure Workforce Management Platform: When I Work's Implementation of Snowbit

wheniwork.com

About WhenIWork

When I Work has been the market leader in shift-based workforce management software for over 10 years, delivering a powerful, employee-first experience. With an all-in-one platform that includes employee scheduling, time tracking, communication, and payroll, When I Work makes it easy for over 200,000 small businesses to manage their operations efficiently.

The Challenge:

When I Work previously focused on data they considered low-risk for threat actors, assuming that even in the event of a breach, the impact would be minimal, such as a minor scheduling issue at a local coffee shop. After expanding their product offerings into areas like payrolland earned wage access, the company recognized the urgent need to bolster its security infrastructure to protect the financial information of their customers. 

Before implementing Snowbit, When I Work lacked a centralized SIEM system. Their security efforts were fragmented, relying on disparate tools like CrowdStrike point data and other tools for web application firewall (WAF) protection. Without a unified dashboard, correlating security data and conducting thorough investigations became cumbersome and time-consuming, with an investigation into a security incident taking several days. The absence of robust logging and monitoring also meant that their ability to detect and respond to potential threats was limited, leading to longer incident resolution times and increased operational risks.

The Solution:

When I Work turned to Coralogix, selecting their Snowbit offering for a centralized and cost-effective SIEM and Managed Detection and Response (MDR) solution. The decision was driven by its balance of features, cost-effectiveness, and the comprehensive support provided by the Snowbit team:

“After evaluating different suppliers, Coralogix proved to have the best balance between features and cost and having the option to get the Snowbit MDR offering for such a fantastic price, really made it worth our while.” -Henry McNeil, Principal Application Securitiy Engineer 

With Snowbit, When I Work was able to consolidate their security monitoring tools into a single platform, enabling better visibility and faster response times. The Snowbit team played an instrumental role in configuring pre-built alerts, helping to differentiate between routine activities and potential security threats that required escalation. The hands-on support from Snowbit freed up valuable time for When I Work’s small security team, allowing them to focus on internal security initiatives and engineering projects.

“Being a security team of one without any plans to really change that in the future, it’s great that I have the Snowbit team looking at our alerts and triaging and managing incidents freeing up a lot of my time to focus on more internal security initiatives and engineering-related work.” -Henry McNeil, Principal Application Security Engineer 

The migration to Coralogix and Snowbit was smooth, with seamless integration of log sources and security configurations. The process included setting up alerts, dashboards, and workflows tailored to When I Work’s specific needs, significantly enhancing their ability to monitor and respond to security incidents.

Results & Benefits:

Enhanced Security Monitoring
Snowbit’s implementation closed significant gaps in When I Work’s security processes, particularly in logging and monitoring capabilities. With Snowbit, the company was able to log and track critical security events across all aspects of their platform, from user logins and session management to backend activities involving payroll changes. This comprehensive logging enabled the company to quickly identify and respond to potential threats, such as malicious actors attempting to manipulate payroll data.

Streamlined Incident Management
The proactive monitoring and incident management provided by Snowbit streamlined When I Work’s security operations. The clear, concise, and actionable insights from Snowbit’s incident reports minimized the need for back-and-forth communication, allowing for quicker resolution times. The flexibility to manage incidents through platforms like Slack, Zendesk, or email further enhanced operational efficiency. Whereas incident investigation used to take days, it now took hours. 

Compliance and Scalability
As When I Work prepared for a SOC2 audit, Snowbit’s CSPM (Cloud Security Posture Management) capabilities proved invaluable. The ability to view and manage cloud security in one place gave the company confidence in meeting compliance requirements and scaling their security measures as they expanded into new industries.

Cost Efficiency and Flexibility
The cost-effectiveness of Snowbit was a decisive factor for When I Work. The ability to store data in their own S3 buckets without paying additional storage markups provided significant cost savings. Snowbit’s TCO Optimizer further reduced expenses by allowing When I Work to prioritize data storage and analysis efficiently, saving around $100K annually through optimized logging practices.

Summary

“We’re getting a ton of value and we’ve only just started scratching the surface” 

Historically focused on serving small and medium businesses with minimal security threats, When I Work faced increased cyber risks as they expanded into handling sensitive employee data. Their partnership with Coralogix and Snowbit has dramatically improved their security posture by unifying monitoring tools, reducing operational costs, and centralizing security data. Leveraging Snowbit’s expert support, When I Work can now proactively manage threats and confidently meet compliance requirements, positioning the company to scale its security infrastructure and maintain a strong defense against evolving cyber threats as they continue to grow.