Real Solutions in 2020: A Cloud Governance Case Study

As things continue to change around us, our mission hasn’t.

Recognizing our 4^th anniversary this week finds us more committed than ever to helping organizations minimize risk and thrive. Born in the cloud, and prepared to help clients deal with every aspect of security incidents of all kinds, our teams continue to lead organizations to a more secure future.

As our expanding team works around the clock, the threat landscape continues to grow and evolve. During the current COVID-19 crisis, phishing, malware, business email compromise, and other malicious attacks have spiked, and many organizations are scrambling to ensure their large remote workforces remain secure.

Recently, we looked at a client who had a lack of visibility and understanding of their attack vectors/vulnerabilities, with no partner to help manage, monitor, and remediate, along with a growing alert-factory from a sprawl of disconnected tools. Their adoption of CYDERES’ Enterprise Managed Detection & Response offering helped alleviate these issues and help them achieve faster, more secure growth.

Next, we looked at a recent client who needed help finding the cloud security gaps in a branch of their business and needed outside help to identify these gaps and recommend actionable solutions to help them move forward toward security maturity. Our Cloud Architecture Analysis illuminated these gaps and provided a roadmap for the best way for them to move forward.

With today’s post, we’re continuing our Real Solutions blog series with our third case study looking at a large retail customer who found that their cloud security immaturity left them extremely vulnerable.

A Few Pain Points…

A few of the challenges the client was experiencing before engaging with Fishtech were:

Lack of awareness with requirements necessary to secure cloud workloads and how to remain compliant within a containerized/microservices environment.
Lack of continuity with existing services and technology partners.
Tool sprawl leading to operation and integration challenges.
Locked into multiple long-term contracts with many underperforming solutions that didn’t satisfy requirements with their move to cloud-based infrastructure and requirements.

There were also cases where production S3 buckets were completely open, and developers were sending code to production environments that were not meeting compliance standards.

After reviewing the pain points of this particular customer, we got them working with our cloud governance team to start them on the path to compliance in their application environments.

How Did We Get It Done?

At the very beginning of this engagement, we led meetings, demos, and proof of concepts with various cloud compliance platforms. We scored these proofs of concept based off of the requirements of this client after several sessions gathering intel and data on the company’s major pain points and desired objectives.

Once we had worked through what the pain points were for this client, we worked to build out processes to get them compliant, up to speed, and more secure. By the end of the initial engagement, compliant code was put into place and is currently used within their application environments.

Through this process of improving this client’s Cloud Governance, we also started exploring other projects that would improve their overall security and digital infrastructure. For example, their security teams now have visibility and controls in place to automate the compliance process. A combination of interoperable tools, in-depth training, and thorough processes have been put in place to better their overall security posture.

In getting this client involved with our DevOps and Security Automation team, we were able to improve the efficiency of their processes to set the stage for growth while giving them the peace of mind that they will be secure along the way.

This has been a consistent theme to many of the case studies reported by account executives. We work to get solutions right the first time, so that the initial process runs so smoothly, that we often find our clients are willing to work with us in more areas to further improve their organizations.

In this particular instance, once we implemented our initial solution into production, we were able to help grow their environment from 400 projects/workloads to 1500. As we look to secure their containers, the environment will soon grow to over 4000.

Talk about Real Solutions with real results!

Next Steps with Fishtech Group

Efficiency in organizations operating in the cloud is hugely important in the modern business environment. Engaging Fishtech for our cloud governance services can be an important first step.

Learn About Fishtech’s FREE Cloud Maturity Workshop

If you have any further questions on cloud governance, fill out the form below and we will connect you with one of our experts.

CNAP

Cloud Native Anayltics Platform

GSOC

Global Security Operations Center

EMDR

Enterprise Managed Detection & Response

RTaaS

Red Team-as-Service

SIRT

Security Incident Response Team

CLOUD

Cloud Security

ITDR

Insider Threat Detection & Response

Overview

Our Unique Approach

IAM

Identity & Access Management

CRC

Cyber Risk & Compliance

EA

Enterprise Architecture

STAFF

Strategic Staffing

LAB

Technology Lab

Cyderes: The New Powerhouse in Managed Cybersecurity

Actionable Security Operations Tools for Educational Institutions

Google Cloud Security Talks – Fireside Chat Replay

CYDERES’s First Code-a-Thon: Collaboration and Competition