お客様の成功事例
Global Mining Company Automates Risk Mitigation
プロフィール
- 会社名:Global Mining Company
- 業界:エネルギー、石油、ガス、鉱業
- 本社:USA
- 規模:30,000 employees on four continents
背景
課題
成果
成果
- Improved NIST CSF compliance score by 60%
- Doubled compliance scores across entire Azure application environment, including Office/Microsoft 365
- Enables DevOps to automatically identify and remediate risks early in application iteration, long before go-live
お客様のケーススタディ
Worldwide transformation requires global compliance
To power the digital transformation of its geographically remote mining operations, this global resource extraction leader began transitioning to cloud-delivered applications, resulting in new data security challenges.
“We recently began accelerating our cloud-first strategies, including initiatives such as our Connected Mine deployment,” explained the Deputy CISO for Security Governance, Compliance, and Communication at the US-based company. “Although moving to the cloud is solving historical issues with implementing and managing on-prem applications in remote areas, it also means taking a new approach to data security.”
Zscaler ensures a consistent security posture across all teams
With the company’s lean IT staff relying on an array of partners to drive multiple cloud transformation projects, the data security team sought a solution for coordinating a consistent security posture across all developers. In addition, the company’s executive team and board of directors were keen to gain the needed visibility to ensure compliance requirements were met.
As misconfigurations in cloud applications are a known enterprise vulnerability, the company worked with its professional services provider to evaluate solutions capable of proactively identifying and remediating such defects. Ultimately, it selected Posture Control by Zscaler for cloud security posture management (CSPM).
“Posture Control satisfied each of our primary cloud protection objectives,” said the Deputy CISO.
Achieving automated cloud security assurance
By adopting Posture Control, the global mining company receives continuous cloud security assurance that not only identifies misconfigurations, but also has the option to automatically prevent them from happening in the first place. Provided coverage spans IaaS, PaaS, and SaaS, as well as the company’s Kubernetes container environments.
In addition, the company can leverage the solution’s ability to compare SaaS and public cloud application configurations to industry and organizational benchmarks, reporting violations and automating their remediation according to established best practices.
“We gain holistic visibility and control along with efficient and effective risk mediation,” said the Deputy CISO. “This enables us to maintain compliance with various regulatory structures, such as the NIST Cybersecurity Framework [CSF] and the Center for Internet Security [CIS].”
Compliance scores quickly double across all assets
Within 10 days of deployment to its Azure cloud presence, the global mining company quickly realized a range of asset discovery and assessment benefits.
“We could see our entire environment, including Office 365,” said the Deputy CISO. “The Posture Control dashboard gave us an intuitive representation of all of our vulnerabilities, and the risk level associated with each, enabling us to address the most serious issues first.”
Just four weeks after implementation, the company’s compliance scores soared. “Among other accomplishments, we improved our NIST CSF compliance score 60 percent,” said the Deputy CISO. “And across all Azure assets, we doubled our compliance scores, including for Office 365.”
Enterprises like the global mining company also appreciate the ability to extend policy-based access to multiple security and governance teams, empowering them to drill down to pinpoint vulnerabilities precisely.
“Once we’d improved our posture, we started reporting findings to our board and executive team, which addressed their compliance concerns,” said the Deputy CISO. “Now we can continue updating our leadership team as their business needs arise.”
DevOps integration enables early risk remediation
Moving forward, the global mining company will take advantage of Posture Control’s capabilities for tightly integrating with DevOps. Using the solution’s extensive API library, DevOps teams can incorporate CSPM into applications and environments. This enables real-time security posture validation during development, rather than asking security teams to conduct assessments after the fact.
By receiving security scores as rapidly as applications iterate, the company’s DevOps can use Posture Control’s automation features to identify and remediate vulnerabilities well in advance of going live.
“As we move into infrastructure as code, we want to enable spinning up new assets quickly, while also ensuring deployments meet our compliance baseline before they’re released,” said the Deputy CISO. “Doing so will help us evolve applications safely as well as rapidly.”
Although the company’s transformation journey is just beginning, the Deputy CISO is optimistic about the role Zscaler and Posture Control will play. “We’ve definitely experienced impressive outcomes thus far,” he said.