Mike Bartholomy, Senior Manager of Information Security at Western Union, knows things have changed in the IT world. Security used to be focused around protecting the perimeter, having the best and fastest firewalls and proxies, and now, the focus has transitioned to protecting data outside of the perimeter while offering the best tools for users.
User-centricity – the WISE way
Bartholomy’s IT division strongly believes in a user-centric approach, which requires putting users at the center of what they do and providing them with all the tools they need to get their job done. Bartholomy believes this also implies they are business centric, because users now have more time to focus on customers.
This is why Wetsern Union developed WISE, the Western Union Information Security Enablement program, to help put the focus onto tools that support user behavior.
“We try to strike a balance between not standing in the way of our users and protecting them,” says Bartholomy. “The last thing we want to do is push them to more risky services.”
The Shadow IT problem
According to Bartholomy, as Western Union continues to expand its cloud footprint, their biggest opportunity for risk exposure lies within Shadow IT, as it is the latest data exfiltration vector of choice for attackers.
“Being in financial services, security of our data is paramount,” says Bartholomy. “Western Union has tons of compliance regulations we have to meet and we needed to see and understand the non-sanctioned apps and their purpose”.
By leveraging Skyhigh’s technology, Western Union now has full visibility into the cloud services in use on their systems and a full understanding of their individual risk. This has allowed Bartholomy and his team to start having conversations to understand the use cases behind the non-sanctioned services, determining whether there is missing functionality in IT’s portfolio, or if it was simply a lack of awareness. From there, they leverage Skyhigh to search educational coaching messages, directing users away from high-risk shadow IT services over to enterprise-ready sanctioned IT services.
Sanctioned IT: augmenting Salesforce security
The Western Union team took the next step and started to transition their focus from shadow IT to sanctioned services like Salesforce, with goal of establishing use cases around their potential risk for insider threats, compromised credentials and privileged access to sensitive data.
With six different Salesforce organizations at Western Union, Bartholomy had to take a step by step approach to understand who their users are, what groups they are a part of, as well as what their risk is. The workflow involved four steps, each of which utilized Skyhigh, to understand the individual Salesforce environments and where they were encountering the most risk.
- Understand the Environment – Getting visibility into users, business units and the 3rd party apps that are connecting with Salesforce in order to evaluate risk.
- Detect Anomalies – Leverage machine learning and user behavior analytics to identify excessive administrator access, insider threat from a sales user or a compromised credential?
- Policy Enforcement – enforce policies controlling access based on the user’s role, their device, their location, and the data they are attempting to access
- DLP and Encryption for the cloud – Define what data can be stored in the cloud, per regulatory and security policies, and what data needs to be encrypted in order to do so.
By going through this workflow, Bartholomy has extended Salesforce controls to ensure that employees don’t misuse sensitive customer information present in Salesforce. “The great thing about Skyhigh is that they augment salesforce’s security capabilities and allow me to meet our compliance needs as well as extend our existing on-premise DLP security controls into the cloud,” says Bartholomy. “By enhancing and augmenting what is already secure in Salesforce, Skyhigh develops a one-stop shop for me as an IT leader.” Furthermore, by implementing Skyhigh’s encryption schemes that preserve Salesforce functionalities like search and sort, the team can to minimize user disruption and stay true to its value of user-centricity.
Best Practices for Cloud Security Deployments
After completing the project to protect his company information in Salesforce , Bartholomy has a number of learnings to share with companies looking to pursue similar efforts.
- You have to be a partner, but driving is key. Take your on-premise capabilities and extend them to the cloud.
- Start with use cases to cut through the noise so you can find the type of data you want to protect.
- Build a strategic partnership – find a partner that can offer solutions for not only what you have today, but also for what you are going to have in the future.
- Remember that user experience is paramount. By using Okta in combination with Skyhigh, the company has made it easy for its users to access a myriad of cloud applications with the same credentials. This has enhanced user experience while also improving security posture.
“There is an overwhelming amount of data, and we didn’t know what we didn’t know,” concluded Bartholomy. “Pick a business problem and try to solve it.”
How Western Union Extends Security & Compliance to Salesforce
In this webinar, Mike Bartholomy, Information Security Manager at Western Union, shares the best practices his team uses to enforce security, compliance, and governance policies in Salesforce.Watch Now
CASB Magic Quadrant 2019 is here – McAfee a Leader for third consecutive year
CASB RFP Template: 200+ Common Questions Enterprises Are Asking
9 Cloud Computing Security Risks Every Company Faces
Office 365 Security Concerns: Download Definitive Guide to Office 365 eBook
51 AWS Security Best Practices