CheckPoint Software Case Studies CloudGuard Dome9: Streamlining Security Complexity for Pacific Life in the Cloud

Edit This Case Study Record

	CloudGuard Dome9: Streamlining Security Complexity for Pacific Life in the Cloud CheckPoint Software

CloudGuard Dome9: Streamlining Security Complexity for Pacific Life in the Cloud

CheckPoint Software

Technology Category	Cybersecurity & Privacy - Network Security Infrastructure as a Service (IaaS) - Public Cloud
Applicable Industries	Equipment & Machinery National Security & Defense
Applicable Functions	Logistics & Transportation Quality Assurance
Use Cases	Leasing Finance Automation Tamper Detection
Services	Cloud Planning, Design & Implementation Services System Integration
Challenge	Pacific Life, a Fortune 500 Company and one of the largest financial institutions in the US, began planning the migration of a portion of their workload to the public cloud in 2013. The Retirement Solutions Division at Pacific Life was tasked with this migration, led by Reza Salari, Manager of Information Security and Telemetry. The team chose Amazon Web Services (AWS) for its business differentiating value. However, the team faced challenges in managing network security, accelerating software delivery, and controlling data residency. Pacific Life’s AWS network includes over 150 security groups across seven Amazon cloud accounts in three US regions, with each varying between 5-20 security rules. The team needed to manage this growing complexity with AWS native tools as they expanded their footprint. They also needed to quickly test the security posture of software products early in the software development lifecycle (SDLC). Lastly, they had to control and prevent usage of AWS regions outside of the company’s approved US regions due to compliance and regulations. Read More
About Customer	Pacific Life is a Fortune 500 Company and one of the largest financial institutions in the US. Founded in 1868, they offer a wide range of products and services, including life insurance, mutual funds, annuities and other investment products for individuals and businesses. More than half of the 100 largest companies in the US are Pacific Life customers. In 2013, the Retirement Solutions Division at Pacific Life began planning the migration of a portion of their workload to the public cloud. The team chose Amazon Web Services (AWS) for its business differentiating value. Today, the team has approximately 100 EC2 instances that run regularly; however, when running a hedging model, this number can increase significantly for a short time. Read More
Solution	Pacific Life employed CloudGuard Dome9 for cloud infrastructure security management. CloudGuard Dome9 allows businesses to actively assess, remediate, and control the state of their network at all times. The platform helps Pacific Life's team easily manage security and compliance across their entire Amazon environment. It provides real-time alerts in cases of misconfigurations, such as an open IP port, and stops unauthorized users from modifying security groups. It also automatically reverts unintended or malicious policy configurations. The CloudGuard Dome9 service allows Pacific Life's team to enforce and monitor separation of duties more effectively than before. The DevOps team at Pacific Life uses CloudGuard Dome9 Clarity to understand the security configuration of their applications and how each one must be built. Clarity provides a granular view of cloud assets, including VPCs, security groups, and instances, automatically looking for any misconfigurations. Lastly, CloudGuard Dome9’s Tamper Protection and Region Lock ensure secure and consistent security group configurations, making sure that their sensitive data remains compliant, preventing any practical usage of unauthorized AWS regions. Read More Log in to view content
Contents

Technology Category

Cybersecurity & Privacy - Network Security

Infrastructure as a Service (IaaS) - Public Cloud

Applicable Industries

Equipment & Machinery

National Security & Defense

Applicable Functions

Logistics & Transportation

Quality Assurance

Use Cases

Leasing Finance Automation

Tamper Detection

Services

Cloud Planning, Design & Implementation Services

System Integration

Challenge

Pacific Life, a Fortune 500 Company and one of the largest financial institutions in the US, began planning the migration of a portion of their workload to the public cloud in 2013. The Retirement Solutions Division at Pacific Life was tasked with this migration, led by Reza Salari, Manager of Information Security and Telemetry. The team chose Amazon Web Services (AWS) for its business differentiating value. However, the team faced challenges in managing network security, accelerating software delivery, and controlling data residency. Pacific Life’s AWS network includes over 150 security groups across seven Amazon cloud accounts in three US regions, with each varying between 5-20 security rules. The team needed to manage this growing complexity with AWS native tools as they expanded their footprint. They also needed to quickly test the security posture of software products early in the software development lifecycle (SDLC). Lastly, they had to control and prevent usage of AWS regions outside of the company’s approved US regions due to compliance and regulations.

About Customer

Pacific Life is a Fortune 500 Company and one of the largest financial institutions in the US. Founded in 1868, they offer a wide range of products and services, including life insurance, mutual funds, annuities and other investment products for individuals and businesses. More than half of the 100 largest companies in the US are Pacific Life customers. In 2013, the Retirement Solutions Division at Pacific Life began planning the migration of a portion of their workload to the public cloud. The team chose Amazon Web Services (AWS) for its business differentiating value. Today, the team has approximately 100 EC2 instances that run regularly; however, when running a hedging model, this number can increase significantly for a short time.

Solution

Pacific Life employed CloudGuard Dome9 for cloud infrastructure security management. CloudGuard Dome9 allows businesses to actively assess, remediate, and control the state of their network at all times. The platform helps Pacific Life's team easily manage security and compliance across their entire Amazon environment. It provides real-time alerts in cases of misconfigurations, such as an open IP port, and stops unauthorized users from modifying security groups. It also automatically reverts unintended or malicious policy configurations. The CloudGuard Dome9 service allows Pacific Life's team to enforce and monitor separation of duties more effectively than before. The DevOps team at Pacific Life uses CloudGuard Dome9 Clarity to understand the security configuration of their applications and how each one must be built. Clarity provides a granular view of cloud assets, including VPCs, security groups, and instances, automatically looking for any misconfigurations. Lastly, CloudGuard Dome9’s Tamper Protection and Region Lock ensure secure and consistent security group configurations, making sure that their sensitive data remains compliant, preventing any practical usage of unauthorized AWS regions.

Impact #1	CloudGuard Dome9 has given Pacific Life the end-to-end visibility and control needed to run sensitive workloads securely on AWS. The team has the knowledge-backed confidence to defend their cloud initiative to senior management. With CloudGuard Dome9, robust security does not get in the way of delivering quality products faster. The CloudGuard Dome9 solution allows security and compliance to be incorporated early and often into the continuous integration/continuous delivery (CI/CD) pipeline. Engineering teams can run security checks at the testing phase rather than at the end, enabling them to find and fix security vulnerabilities early. As the champion for cloud adoption, Reza plans to have the majority of Pacific Life’s specific department assets running on AWS within the next three years and knows that CloudGuard Dome9 will be able to scale just as well as it does now.

Impact #1

CloudGuard Dome9 has given Pacific Life the end-to-end visibility and control needed to run sensitive workloads securely on AWS. The team has the knowledge-backed confidence to defend their cloud initiative to senior management. With CloudGuard Dome9, robust security does not get in the way of delivering quality products faster. The CloudGuard Dome9 solution allows security and compliance to be incorporated early and often into the continuous integration/continuous delivery (CI/CD) pipeline. Engineering teams can run security checks at the testing phase rather than at the end, enabling them to find and fix security vulnerabilities early. As the champion for cloud adoption, Reza plans to have the majority of Pacific Life’s specific department assets running on AWS within the next three years and knows that CloudGuard Dome9 will be able to scale just as well as it does now.

Download PDF Version

Overview

CloudGuard Dome9: Streamlining Security Complexity for Pacific Life in the Cloud

Operational Impact