SE2 is an insurance technology and services firm that helps clients quickly build and launch products that support digital transformation. SE2 recognized the opportunities offered by digital transformation early. As its cloud footprint grew quickly, securing hundreds of instances, groups, and accounts became a moving target. TimesTech recently spoke with Saul Schwartz, Technology Manager for SE2, to see how the company automated governance to ensure that its security posture stayed one step ahead of change.
Read the full interview here:
Timestech: What kinds of assets do you need to secure and govern?
Saul Schwartz: First and foremost is client data. We administer almost 2 million active life insurance and annuity policies on behalf of our clients. That includes related financial data because we have $100 billion in assets under administration. The second area we must secure is intellectual property. We have a robust DevOps part of the business that develops and delivers digital products and solutions for our clients who are digitally transforming their businesses. So, we needed deep visibility into our security posture and a way to enforce governance without inhibiting business-critical development.
Timestech: What were the primary criteria for a governance solution?
Saul Schwartz: Obviously industry-leading capabilities, but just as important, simplicity. Our environment is complex. We have a multi-account structure in AWS. Within those accounts, there are 500 EC2 instances with several hundred security groups and multiple users who are authorized to make configuration changes. Pair that with a dynamic development environment and it quickly becomes difficult to maintain a strong security posture without limiting innovation.
Timestech: How does Check Point CloudGuard Posture Management help?
Saul Schwartz: In three ways. First, it helps us avoid unnecessary risks. For example, developers might need to change a security group temporarily as they test new functionality or product. If a user spontaneously changes a security group, CloudGuard CloudBot remediation reverts it to the original state until the security team can review the request and evaluate the risk. We can fully protect our groups and developers can request access to a security port for a period of time for testing workloads without putting the company at risk. Second, CloudGuard Posture Management allows us to use security as an enabler. Our developers need access to certain configuration items as they develop, run, and test solutions. We can define policies that allow access and enable automatic remediation so they don’t have to rely on us for point-in-time reviews or access. Finally, it gives us options for implementing the best practices that make sense for our business. Automatic compliance checks identify anything that isn’t aligned with a standard and automatically remediate it or alert the team. I can use the same team to manage and secure both on-premises and cloud workloads.
Timestech: How would you describe your results?
Saul Schwartz: I don’t worry about security breaches caused by misconfigurations or shadow IT. Protection is always on. We have complete visibility across the on-premises and cloud environments. Automatic alerting and remediation handle events transparently. CloudGuard Security Posture Management aligns with the cloud shared security model and has made us much more secure.
