By Amit Sharon, Head of Global Customer Experience, Check Point
SE2 is an insurance technology and services firm that helps clients quickly build and launch products that support digital transformation. Read how SE2 automated governance of hundreds of instances, groups, and users in an AWS environment.
SE2 recognized the opportunities offered by digital transformation early. As its cloud footprint grew quickly, securing hundreds of instances, groups, and accounts became a moving target. I recently spoke with Saul Schwartz, Technology Manager for SE2, to see how the company automated governance to ensure that its security posture stayed one step ahead of change.
Moving to the cloud gave SE2 agility and resilience. The company relies on a multi-account structure in AWS. Within those accounts are 500 EC2 instances with several hundred security groups and multiple users who are authorized to make configuration changes. Defending client data and intellectual property in a constantly changing cloud environment demanded a strong security posture.
Amit Sharon: What kinds of assets do you need to secure and govern?
Saul Schwartz: First and foremost is client data. We administer almost 2 million active life insurance and annuity policies on behalf of our clients. That includes related financial data, because we have $100 billion in assets under administration. The second area we must secure is intellectual property. We have a robust DevOps part of the business that develops and delivers digital products and solutions for our clients who are digitally transforming their businesses. So, we needed deep visibility into our security posture and a way to enforce governance without inhibiting business-critical development.
Amit Sharon: What were the primary criteria for a governance solution?
Saul Schwartz: Obviously industry-leading capabilities, but just as important, simplicity. Our environment is complex. We have a multi-account structure in AWS. Within those accounts, there are 500 EC2 instances with several hundred security groups and multiple users who are authorized to make configuration changes. Pair that with a dynamic development environment and it quickly becomes difficult to maintain a strong security posture without limiting innovation.
Amit Sharon: How does Check Point CloudGuard Posture Management help?
Saul Schwartz: In three ways. First, it helps us avoid unnecessary risk. For example, developers might need to change a security group temporarily as they test a new functionality or product. If a user spontaneously changes a security group, CloudGuard CloudBot remediation reverts it to the original state until the security team can review the request and evaluate risk. We can fully protect our groups and developers can request access to a security port for a period of time for testing workloads without putting the company at risk. Second, CloudGuard Posture Management allows us to use security as an enabler. Our developers need access to certain configuration items as they develop, run, and test solutions. We can define policies that allow access and enable automatic remediation so they don’t have to rely on us for point-in-time reviews or access. Finally, it gives us options for implementing the best practices that make sense for our business. Automatic compliance checks identify anything that isn’t aligned with a standard and automatically remediates it or alerts the team. I can use the same team to manage and secure both on-premises and cloud workloads.
Amit Sharon: How would you describe your results?
Saul Schwartz: I don’t worry about security breaches caused by misconfigurations or shadow IT. Protection is always on. We have complete visibility across the on-premises and cloud environments. Automatic alerting and remediation handle events transparently. CloudGuard Security Posture Management aligns with the cloud shared security model and has made us much more secure.