Corporación Celeste: Protecting Critical SaaS Applications, Data, and User Productivity

Corporación Celeste, which is part of Grupo Promotor A&B, is a leading organization in the Ecuadorian housing development market. The company’s project, Ciudad Celeste, is a residential area structured as a city, where residential homes are integrated into an environment that offers all the essential urban services, including banks, shopping centers, supermarkets, schools, etc. Today, Ciudad Celeste is home to 2,759 families—14,895 inhabitants in total.

In 2015, Corporación Celeste’s operations began migrating to the cloud with one primary goal: to bring core business applications to a SaaS model. In doing so, the company, among other benefits, gained agility to implement solutions, reduced the administrative costs of the IT infrastructure, and avoided the typical investments involved in an on-premises scheme.

During this migration, the issue of cybersecurity was always on the company’s radar. Corporación Celeste recognized that in six years the digital security environment had become more complex and threatening, with more aggressive malicious groups and higher technical sophistication that are now focusing their sights on companies of any size and any industry. The company was not aware of what was going on in their environment and needed to achieve security visibility.

However, by the beginning of 2020, when the Covid-19 pandemic began to transform life on the planet, business security assumed a more critical and urgent priority. At that time, Corporación Celeste made the decision to strengthen the protection of its SaaS applications and its data critical to running the business.

Corporación Celeste needed to strengthen the security of its SaaS applications for marketing and sales (Salesforce CRM), collaboration and productivity (Google Workspace), and Oracle Back-Office. Before 2020, their SaaS application protection depended on the security capabilities available natively within the SaaS applications themselves, representing a level of defense that the company already recognized as insufficient and inconsistent from application to application. Especially because of the sensitive corporate information used in these applications (personally identifiable information, sales leads, bank details, customer financial information, payment registration, accounting documents, contracts, etc.), Celeste could not afford any data breach or risk of critical information loss

User mobility, another Celeste priority, required greater control over mobile devices that remote users leveraged to access SaaS applications. In the past, most employees used these applications within the perimeter of the corporate network. In this sense, the Covid-19 pandemic ended up confirming the importance of securing the mobility of its workforce. When government measures came into effect for the pandemic, Corporación Celeste, thanks to its adoption of SaaS solutions, had no difficulty keeping the business going in a highly distributed network environment. However, it also detected that the level of security was not optimal for the situation they faced.

“Of the company’s 450 employees, 390 moved to a remote work-from-home environment. Our remote collaborators, on average, use two devices to access and work with SaaS applications. That is, suddenly, we faced the challenge of controlling and protecting more than 700 devices with direct access to sensitive business information,” says Juan Carlos Alzate Garcia, vice president of technology at Corporación Celeste.

Corporación Celeste required a cybersecurity solution optimized for diversified SaaS environments, and with robust data loss prevention (DLP) capabilities. Given the emergency conditions imposed by the health crisis, the technology also had to ensure rapid implementation, ease of use, and centralized administration.

In addition, the solution, beyond meeting the pressing need, had to be flexible, scalable, and offer an innovative development path forward so that the company could automatically adjust its protection strategy for any emerging threats and ensure consistent protection of sensitive data everywhere. Other elements of the solution had to include:

• Secure connections to all sanctioned SaaS environments for all remote users and all devices
• Easy and rapid implementation and deployment minimizing the total cost of ownership
• Ease of administration with centralized management
• Future-proof, flexible and adaptable to new threats and new challenges that constantly arise in cybersecurity circumstances

Through its technology partner Ondú Cloud, Corporación Celeste discovered the Palo Alto Networks data security platform. Although the company evaluated different CASB and DLP offerings, Palo Alto Networks SaaS Security and Enterprise DLP—operating in an integrated way—were the solutions chosen to secure all their SaaS applications and deliver data protection.

One factor was decisive in the selection. Other solutions in the category depended on additional components like the installation of host agents on the computers, responsible for protecting the accesses that occur from those devices. “We didn’t need that. Palo Alto Networks provides the solutions that align with our vision: to protect SaaS applications and data at all times, regardless of the type of equipment that the user uses—smartphone, personal or company computer, tablet—or if they connect through a public or private network,” says Guido Hernández Gómez, head of information security at Corporación Celeste.

In terms of deployment ease and speed, the implementation of the solutions also met the expectations of the organization. With the support of Ondú Cloud and Palo Alto Networks, the process began in December 2020, and shortly after, Corporación Celeste was already taking advantage of its new SaaS protection scheme.

From a data security perspective, the company now had a complete and deep view of everything that was happening on its SaaS environments and users’ connections, protecting company data across any vector throughout their cloud journey: authorized SaaS or unsanctioned Shadow IT applications, personal or corporate devices (laptops, tablets, smart phones, etc.), private or public network connections, etc. On the other hand, with the enterprise-grade capabilities of Palo Alto Networks Enterprise DLP, Corporación Celeste reduced the risk of suffering any leaks of sensitive data like personally identifiable information and intellectual property, etc. Since the solution provided more advanced capabilities to monitor the use and transfers of Celeste’s information, security measures can be taken when suspicious movements are flagged, or violations of corporate security policies occur.

With the Palo Alto Networks solutions, the company no longer needs to control the security implementations for three different SaaS solutions. Today, from a single central control instance, they can easily and quickly define, distribute, and monitor their entire SaaS security environment, securing the company’s sensitive data and guaranteeing an efficient service for all its users, remote or fixed, without any interruption.

Moving forward, Corporación Celeste has new ideas to strengthen the security of its SaaS environment. With the support of its allies Ondú Cloud and Palo Alto Networks, the company, aware that the cybersecurity environment requires permanent improvement, feels prepared to evolve into broader SASE and Zero Trust platform strategies.

“Comprehensive Zero Trust is certainly within reach of our security strategy; building on Palo Alto Networks as a platform, and as a security partner—aided by Ondú Cloud—gives us peace of mind and affords us the opportunity to further focus our strategy on the constant challenges and threats of our security landscape,” added Juan Carlos Alzate Garcia, vice president of technology.

With SaaS Security and Enterprise DLP solutions, Corporación Celeste has managed to strengthen the security of its SaaS application environment. In achieving their data security goal, Garcia says visibility and reporting have been essential factors.

Thanks to the analysis and reporting tools built into the platform, Corporación Celeste knows that every month, on average, its SaaS environment is the target of 2,000 attacks—incursions that Palo Alto Networks technology has detected, contained, and mitigated. Similarly, these tools have enabled Celeste to identify its weakest flank: Google Workspace, an application in which users tend to share information inappropriately, implying a high risk of data leakage.

For Juan Carlos Alzate Garcia, these reports and analytical features represent one of Palo Alto Networks most valuable technology contributions. The information provides rich context into attacks received, content impact detail, vulnerabilities detected in data flows, and specifics on compromised devices—these have been key to improving the company’s cybersecurity posture. “We identified real operational risks that we couldn’t see before. With the support of Palo Alto Networks and Ondú Cloud, these discoveries prompted us to adopt better processes and more robust policies,” says Garcia.

In addition, the information from the reports is shared with the board of directors of Corporación Celeste. This, in addition to justifying the investment, allows the validation of the cybersecurity strategy—its importance for the business—to be well-positioned among the company’s executives. Garcia and his team consider the reports useful in refining their Business Continuity Plan (BCP). The real-time situational security data obtained allows them to adjust the BCP procedures so the company is really prepared to meet different types of cybersecurity contingencies head-on.

With this first experience, Celeste managed to overcome an urgent challenge that arose in its SaaS application environment. As challenges arise in the future—due to new cybersecurity threats or new business priorities— Corporación Celeste will have no problem scaling its current Palo Alto Networks solution and adapting to any SaaS or cloud security scenario. In this sense, for Celeste, the integrated structure of the Palo Alto Networks platform represents a great advantage.

“We are convinced that Palo Alto Networks will accompany us into the future. Palo Alto Networks has a clear vision of the security required by SaaS environments, which covers all critical aspects of this type of deployment,” says Garcia.

With Palo Alto Networks, cloud-delivered data security services—SaaS Security and Enterprise DLP—Corporación Celeste strengthened the security of its SaaS application environment. All the highly sensitive information that is stored and travels through these applications—regardless of the device access or the type of connection that the user takes advantage of—is always protected with the highest standards of cybersecurity. In this way, the company is now better prepared to prevent information leaks and stop threats across all its sanctioned SaaS applications, including Salesforce CRM, Google Workspace, Oracle Back Office, and other business-critical applications.

Palo Alto Networks SaaS Security takes on the burden of keeping up with the SaaS explosion, automating discovery and protection while being embedded into existing workflows. Get the e-book for a whole new level of ease, simplicity and efficiency for the CASB market. Read our “Enterprise DLP Revisited” report to uncover ways to perfect your Enterprise DLP strategy as your organization embarks on its cloud and digital transformation journey.

We are a company in constant evolution and technological innovation. Our DNA is and will be the service. We like to think that our vision transcends technology and data.

We offer Cloud, IT and cybersecurity services in a different way. Generating empathy and attunement with commitment, flexibility, creativity and clear objectives.

http://www.onducloud.com/