How to leverage SaaS for compliance – in conversation with a real-world customer of a large financial services institute

Johannesburg, 21 May 2024
Companies must remain vigilant regarding security and compliance.
Companies must remain vigilant regarding security and compliance.

“Remaining secure and compliant is increasingly challenging – particularly in complex, highly regulated environments, driving a need for complete visibility and automated, continuous exposure management.” This is the message that an IT security operations manager of a large financial service institute stresses.

Justin Berman, Technical Director for Skybox Security, notes there are two sides of the coin when it comes to governance, risk and compliance in enterprises: “On the one side, there is compliance when talking about regulation, benchmarking, white papers and configuring security. The other side is having the best security in mind for your particular business. It is important to put checks and balances in place for both regulations and context.”

When it comes to implementing security and assuring compliance, Berman says: “Someone makes the changes, and a different person checks if the changes are compliant, because you can’t be both the player and the umpire. This is very important. Security is a strategic initiative; it can’t be approached haphazardly.”

Skybox believes that technology is an enabler for achieving network and security compliance with both internal policies and industry regulations, helping organisations understand their compliance status, monitor it continuously and manage and remediate violations. Skybox’s Firewall Assurance and Network Assurance Cloud Edition modules automate change management workflows for comprehensive risk assessments, improve cyber hygiene and risk management with centralised, optimised firewall management, and deliver total visibility and contextual intelligence across complex hybrid networks.

A major South African financial institution and new Skybox customer has found that Skybox serves as a crucial framework and compliance support tool.

“It has become harder to assure security and compliance with the move to cloud, the push to SaaS and PaaS, and a need for faster turnaround times,” he says. “You have to remain vigilant.”

He reports that his company began using Skybox as a SaaS product four months ago, and is already seeing significant value and compliance improvements. “For example, we are preparing to implement a new firewall, and Skybox gives us a framework to work from and serves as a primary driver in determining the rules. With all the reporting it gives us, we were able to clean up and remove a few hundred rules, which both improves the rule base and improves the speed of the firewall. The fact that we have been able to accomplish this beforehand will save months of cleanup work after the fact.

“We have been going through the motions of cleaning out rules for years, and Skybox completed the work in just months. This has improved compliance and taken months off the workload that highly skilled resources would have to do manually every year for audits on the rules in the rule base,” he says.

The customer plans to leverage Skybox to support planning: “It will help us visualise when planning what’s coming next – you see the bigger picture. We have already been able to visualise things you don’t normally see easily, which helps us understand where we need to focus.”

The customer implemented Skybox Cloud Edition. He says: “With a SaaS solution, the timeframe to get everything up and running is remarkably short, without the headache of procuring and installing hardware. When you run your own hardware on-premises, the headache starts with where you put the device, the heat it generates and where you plug it in. This all goes away with SaaS, making a massive difference in delivery and operationally. You can focus on what the product does, rather than running it.”