“Remaining secure and compliant is increasingly challenging – particularly in complex, highly regulated environments; this drives a need for complete visibility and automated, continuous exposure management.” This is the message that an IT security operations manager of a large financial service institute stresses.
But there are two sides of the coin when it comes to governance, risk, and compliance in enterprises: there is compliance (regulations, benchmarking, white papers, and configuring security) and there is having the best security for your business. It is important to put checks and balances in place for both regulations and context.
When it comes to implementing security and assuring compliance, you can’t be both the player and the umpire. Security is a strategic initiative; it can’t be approached haphazardly. It is very important that if someone makes a change, a different person checks if the changes are compliant.
Skybox believes that technology is an enabler for achieving network and security compliance with both internal policies and industry regulations, helping organizations understand their compliance status, monitor it continuously and manage and remediate violations. With a Network Security Policy Management (NSPM) solution, companies can automate change management workflows for comprehensive risk assessments, improve cyber hygiene and risk management with centralized, optimized firewall management, and deliver total visibility and contextual intelligence across complex hybrid networks.
A major South African financial institution has found that Skybox’s SaaS NSPM solution serves as a crucial framework and compliance support tool.
“It has become harder to assure security and compliance with the move to cloud, the push to SaaS and PaaS, and a need for faster turnaround times,” he says. “You have to remain vigilant.”
He reports that his company has seen significant value and compliance improvements since onboarding with Skybox. “For example, we are preparing to implement a new firewall, and Skybox gives us a framework to work from and serves as a primary driver in determining the rules. With all the reporting it gives us, we were able to clean up and remove a few hundred rules, which both improves the rule base and improves the speed of the firewall. The fact that we have been able to accomplish this beforehand will save months of cleanup work after the fact.”
“We have been going through the motions of cleaning out rules for years, and Skybox completed the work in just months. This has improved compliance and taken months off the workload that highly skilled resources would have to do manually every year for audits on the rules in the rule base,” he says.
The customer also plans to leverage Skybox to support planning: “It will help us visualize when planning what’s coming next – you see the bigger picture. We have already been able to visualize things you don’t normally see easily, which helps us understand where we need to focus.”
See how the Skybox NSPM solution proactively protects you from vulnerabilities.
Portions of this blog were originally published in “How to leverage SaaS for compliance – in conversation with a real-world customer of a large financial services institute”, ITWeb.com, May 20, 2024.