/ Fortune 500 Insurance Corporation

Fortune 500 Insurance Corporation

Chief Information Security Officer

"Having the ability to define policies based on security best practices and automatically monitor for violations in our AWS environment has been huge! We catch issues immediately and work with DevOps to quickly resolve them."

Industry

Insurance

Customer Profile

Fortune 500 organization provides global life reinsurance, health insurance, and financial solutions

Background

Moving applications from private data center to public cloud infrastructure - current footprint consists of several hundred workloads across numerous AWS accounts

Challenge

The organization operates in a highly regulated industry and needs to ensure AWS environment meets compliance mandates

RedLock Benefits

Confidence in its compliance posture is accelerating the organization’s journey to the cloud

Background

The Fortune 500 insurance company provides global life and health insurance solutions. It is one of the largest life reinsurance providers in the world and has clients in over 60 countries. The organization operates in a heavily regulated industry and is bound by numerous compliance mandates.

As part of its commitment to ongoing innovation, the organization is starting to adopt the public cloud as a delivery vehicle for its solutions. It uses Amazon Web Services (AWS) to host applications and has several hundred workloads across numerous AWS accounts.

Challenge

The organization’s CIO issued a directive to ensure that the transition from its traditional private data centers to public cloud infrastructure does not violate any mandates. The security team needed to ensure compliance of the organization’s AWS footprint without hindering the IT team’s digital transformation efforts.

RedLock Benefits

The RedLock Cloud 360™ platform was implemented in minutes by enabling read-only API access to all AWS accounts. It immediately began aggregating and correlating massive volumes of configuration, user activity, network traffic, and threat intelligence data to assess risk across hundreds of workloads. The platform is accelerating the organization’s journey to the cloud with the following capabilities:

Create policy guardrails

The RedLock Cloud 360 platform provides predefined policies for configurations and access control that adhere to established security best practices such as CIS, PCI and NIST. In addition, the security team can create custom policies based on the organization’s own policies. The platform continuously monitors new and existing workloads for violations which ensures immediate discovery of any compliance issues.

Improve incident response efficacy

The RedLock Cloud 360 platform’s patent-pending risk scoring methodology computes scores for every workload based on risky attributes and behavior. In the event of a violation, the team can review a history of all risk factors associated with the offending workload to gain context, then prioritize the highest rated risks and respond appropriately.

Report to stakeholders

The platform aggregates risk scores across all workloads in the environment to provide an overview of the state of compliance. That means security and IT teams can report on the compliance posture of the AWS environment to auditors on-demand.