Case Study
In brief
Customer
Funding Societies
Industry
Financial Services
Country
Southeast Asia
Products and Services
Debt crowdfunding, loans, investment products
Challenge
Secure the company’s multi-cloud resources and workloads, meet strict compliance, and scale security operations to support rapid business growth.
Answer
Prisma Cloud by Palo Alto Networks enables Funding Societies to identify and manage its distributed, cloud native resources within acceptable risk tolerance and cost margins while effectively fulfilling business goals and regulatory requirements.
Results
- Improves security governance, closes gaps, and reduces the potential attack surface
- Provides 100% visibility of multi-cloud estate through agentless implementation
- Supports DevSecOps procedures without interruptions to operational and production access
- Provides a holistic view of risk and vulnerabilities without multiple single-focus security tools and agents
- Reduces the volume of alerts by 80%
- Provides meaningful guidance on remediation that can easily be assigned to security engineers or DevOps/ DevSecOps
I am a big believer in bringing risk down to acceptable levels and within acceptable cost parameters. However, cost always involves time and effort—and based on this sort of cost-benefit analysis, Prisma Cloud comes out on top for the features it provides out of the box that can be put to use almost immediately. The platform instantly consolidates and reduces risk, saving valuable time and resources in the process.
Securing the Data Center of Tomorrow
To drive a successful cloud transformation, Funding Societies
rooted its journey in the basic principles of people, process, and
technology.
The company zeroed in on the people aspect first, looking to source the right talent to support the cloud-centric workloads that now needed to be secured. The security team needed staff who could help decipher the shared responsibility model with cloud service providers (CSPs) and navigate the ever-evolving, nascent cloud ecosystem.
Next came process and technology elements. Like Maya Angelou said, “If you don’t know where you’ve come from, you don’t know where you’re going.” This statement rings true with the Funding Societies security team. Before the consideration of new processes and tooling began, the team outlined, in detail, the business problems and use cases they needed to address in the move to the cloud. This guided each demo and vendor conversation, helping to map what each solution can fulfill and to what degree of precision and accuracy
The company zeroed in on the people aspect first, looking to source the right talent to support the cloud-centric workloads that now needed to be secured. The security team needed staff who could help decipher the shared responsibility model with cloud service providers (CSPs) and navigate the ever-evolving, nascent cloud ecosystem.
Next came process and technology elements. Like Maya Angelou said, “If you don’t know where you’ve come from, you don’t know where you’re going.” This statement rings true with the Funding Societies security team. Before the consideration of new processes and tooling began, the team outlined, in detail, the business problems and use cases they needed to address in the move to the cloud. This guided each demo and vendor conversation, helping to map what each solution can fulfill and to what degree of precision and accuracy
Two Key Use Cases and a Multi-Cloud Strategy
Funding Societies started its cloud migration with a single
account in Amazon Web Services (AWS®). All workloads and
resources were running in one place, accessible by the entire
team. The organization was growing rapidly, though, and
quickly adopted a multi-account architecture. They knew the
exponential growth would become unmanageable without a
shift in strategy. Funding Societies was using native security
tools from the CSPs, but each offering came with a different
set of security standards and best practices.
When the company opted for a multi-cloud environment and strategy to meet developer preferences and drive more cost-effective innovation, the native CSP offerings failed to completely satisfy key security needs for cloud security posture management (CSPM) and cloud workload protection (CWP). The security team needed a better way to monitor the overall cloud security posture as well as help bridge the divide between security and DevOps in the development cycle.
When the company opted for a multi-cloud environment and strategy to meet developer preferences and drive more cost-effective innovation, the native CSP offerings failed to completely satisfy key security needs for cloud security posture management (CSPM) and cloud workload protection (CWP). The security team needed a better way to monitor the overall cloud security posture as well as help bridge the divide between security and DevOps in the development cycle.
Prisma Cloud is the most complete and consolidated solution in the market. There is no comparison point with other vendors considering all that Prisma Cloud provides in a single, integrated platform.
Risk Management in a Single Integrated Platform
Funding Societies wanted a security platform that could deliver
cloud native security wherever it was deployed. Prisma Cloud
was an easy decision. The Cloud Native Security Platform
offers a complete and consolidated set of functionality, including automated asset inventory, threat detection and response,
multi-cloud vulnerability monitoring and prioritization, and
continuous compliance monitoring and reporting. The security
team now had a single application to manage all risks across all
layers of its architecture.
In particular, Prisma Cloud Defenders provides comprehensive, early detection of security issues for easier and quicker remediation. Although Funding Societies usually prefers to methodically implement security in small steps, Prisma Cloud quickly proved its worth and is now fully deployed within the AWS production environment. Funding Societies uses its own infrastructure as code (IaC) and was able to automate the deployment of Prisma Cloud in its environment using its existing IaC scripts.
Once deployed, the quality of reporting on vulnerabilities was easy to scale to meet the needs of all the development groups. Upon the completion of a scan, the results from Prisma Cloud integrate directly with the security dashboard in Atlassian Jira®, which helps the company with achieving regulatory compliance as well as automating the metric-driven Open Security Issues (OSI) report.
In particular, Prisma Cloud Defenders provides comprehensive, early detection of security issues for easier and quicker remediation. Although Funding Societies usually prefers to methodically implement security in small steps, Prisma Cloud quickly proved its worth and is now fully deployed within the AWS production environment. Funding Societies uses its own infrastructure as code (IaC) and was able to automate the deployment of Prisma Cloud in its environment using its existing IaC scripts.
Once deployed, the quality of reporting on vulnerabilities was easy to scale to meet the needs of all the development groups. Upon the completion of a scan, the results from Prisma Cloud integrate directly with the security dashboard in Atlassian Jira®, which helps the company with achieving regulatory compliance as well as automating the metric-driven Open Security Issues (OSI) report.
Prisma Cloud provides us with the visibility and control to confidently secure our cloud transformation. Beyond visibility, the integration of features set Prisma Cloud apart. It’s not ideal to manage five, ten, or more security tools. One consolidated tool is easier and far more cost-effective.
Complete Security and Compliance Coverage
Using Prisma Cloud, Funding Societies was quickly able to
protect its cloud infrastructure according to best practices
and establish security controls for the entire stack, including:
To learn more about Prisma Cloud, visit paloaltonetworks. com/prisma/cloud.
- Monitoring the ECS and container runtime environment for suspicious behavior and ensuring that containers don’t drift against their originating images.
- Ensuring that security and compliance best practices are continuously applied.
- Protecting sensitive customer data as well as identifying and preventing breaches in real time.
- Maintaining complete and deep cloud visibility spanning vulnerabilities, misconfigurations, malware, lateral movement risk, and weak and leaked credentials.
- Aggregating alerts to help prioritize investigation and remediation efforts.
- Achieving complete coverage across a multi-cloud infrastructure.
To learn more about Prisma Cloud, visit paloaltonetworks. com/prisma/cloud.