As a global leader in the IoT manufacturing industry for both the premium consumer electronics industry as well as the automotive industry, this 60-year-old enterprise has over 40,000 employees with 1,000 employees in the IT department and is embracing the cloud and the security challenges that come with it.
Visibility for Intellectual Property
As this global IoT manufacturer started moving to the cloud to take advantages of efficiency and lower operating costs, the chief information security officer (CISO) knew that were a lot of unsanctioned, shadow IT services in use across the enterprise. With the security of sensitive intellectual property at the forefront for the security team, they knew the first step in preventing data exfiltration was to identify the unauthorized and unsanctioned use of cloud services, allowing them to understand which data storage and collaboration tools housed their sensitive data.
To achieve the visibility they needed to understand the shadow IT in use across their organization, this global IoT manufacturer decided to invest in a cloud access security broker, or CASB, providing them the tools they needed to identify key services the visibility they needed to move users onto safer, sanctioned services.
With the granular visibility provided by MVISION Cloud and McAfee’s Global Risk Registry, the security team is able to see where their data was going and who has access to it. They have the information they needed to make the decision to consolidate 100’s of their most widely used shadow IT services into a few dozen, instantly providing return on investment as they reduced the unauthorized annual spend of dollars by implementing enterprise license agreements across those sanctioned applications.
In addition, from a data loss prevention perspective, the global IoT manufacturer was able to narrow down where their intellectual property is stored. “As we identified the risk associated with each cloud service, we moved our data into monitored, sanctioned services, where we were able to protect and identify where our intellectual property was located and whether or not there were data leaks,” says the CISO. “Thanks to MVISION Cloud we are able get our arms around our data.”
Extending Data Loss Prevention into AWS
Once this global IoT manufacturer had the visibility they needed to secure their sensitive intellectual property, they decided to move forward with their cloud journey and move more key applications off premises and to the cloud. “There is no longer a choice when it comes to the flexibility that the cloud can provide,” says the CISO. “As such, we are moving more and more of our on-premises applications and services to multi-cloud environment and that includes leveraging IaaS services like AWS.”
As they migrate more services to the cloud, they also know that brings a new set of security challenges. “The cloud provides you with unique services you can use to optimize usage and storage that you just can’t get on-prem,” he says, “But, the tools you use on-prem no longer work to protect your data in the cloud.”
In utilizing MVISION Cloud for AWS, the CISO and his team are able to extend the same data loss prevention (DLP) policies they used when their data was on-premises, to their data across globe in both SaaS and IaaS environments, providing them with real-time contextual controls over user access, collaboration and the data itself.
To help combat misconfigurations in their AWS S3 buckets and other AWS controls, the team at this global IoT manufacturer leverages the built-in configuration audit functionality of McAfee MVISION Cloud for standards-based monitoring of AWS environments, which can be easily misconfigured and left insecure by mistake. “Thanks to the added security provided by MVISION Cloud, we are able to conduct continuous monitoring of our cloud environment against the CIS Level 1 and CIS Level 2 best practices,” says the CISO.
With McAfee MVISION Cloud for AWS in their environment, the team at the global IoT manufacturer is able to accelerate their business initiatives while meeting compliance requirements that range from basic SOC compliance to PCI and GDPR regulations.
“We have DLP policies in place to identify sensitive regulatory data and have created policies to identify sensitive internal data that is confidential or tagged secret,” says the CISO.
“With MVISION Cloud for AWS we are able to identify when that sensitive data is being sent into the cloud as well as it is leaving the cloud environment where it is stored; and if necessary, even block it.” – CISO, IoT Manufacturer
Global Visibility and Threat Prevention Across Clouds
Since MVISION Cloud is a single platform that plugs into many clouds (IaaS, PaaS, and SaaS), DLP policies can be created in one place but implemented everywhere. Identifying threats becomes intuitive for the system as well. The simple concept of monitoring activities allows the machine-driven User Entity Behavior Analytics (UEBA) capabilities to analyze billions of cloud events across multiple cloud services. This helps to identify threats through continuous auditing, drastically reducing noise so the security team can focus on the real threats.
Some of the common threats that the CISO and his team can identify can be as simple as an unusual login or download pattern, or more serious anomalous behavior such as an uncharacteristic downloading of terabytes of data that may be indicative of an insider threat or malicious actor, and allow them to monitor significantly more of their AWS environment than they could before. “We are now able to constantly scan and audit our cloud environment to determine and identify any cloud misconfigurations so we can remediate as needed and provide weekly metrics to executive management,” says the CISO.
Looking to the Future
“In the last 6 months, we have identified our high-risk vulnerabilities, mitigated those risks and are starting to work on the medium and low-risk vulnerabilities,” says the CISO.
“For us, we have improved our security posture while widening the monitoring of our AWS footprint.” – CISO, Global IoT Manufacturer
For the security team at this global IoT manufacturer the next step on their cloud journey is to fully expand into a multi-cloud environment and include other IaaS platforms like Microsoft Azure and Google Cloud Platform. “We are just at the beginning of our cloud journey. The cows are out of the barn and they are grazing. There is no getting them back in,” says the CISO. “There is an efficiency that you can’t get on-prem anymore, but it comes with its own set of new challenges, and it is our job to make sure that our teams have the tools they need to get their jobs done as securely and efficiently as possible.”