As an entirely cloud-based company and with a little over 350 people, Skedulo had a mix of security and infrastructure engineers overlooking their security requirements. As head of security, Taylor Reed oversaw compliance, statutory, and regulatory requirements as well as IT, endpoint, and cloud security. To add to this, being a startup, the company needed to assure investors that they had robust cybersecurity strategies and controls in place. “We needed a comprehensive security platform that could integrate seamlessly with our cloud-native approach and offer us real-time visibility into our cloud security posture,” says Reed, before adding, “The solution we opted for, also needed to address vulnerabilities.”
For Skedulo, a software-as-a-service (SaaS) provider, protecting customer data across multiple verticals was of prime importance. For instance, regulatory compliance is mandatory for their healthcare sector customers. Whether it is adhering to the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act, 2009 in the US or the Privacy Act, 1988 in Australia, adhering to regulations is a crucial requirement. Taylor recalls how, in 2021, an application was built by Skedulo to schedule COVID-19 vaccinations. This was adopted by both New Zealand and the state of California, and Skedulo ensured that the data of millions of people were protected using best practices. Taylor reiterates, “Data across all industries is important to us and we are committed to investing in superior security tools to do right by our customers.”
While Skedulo had a few different security-related applications and dashboards in place, Taylor and his team were on the lookout for a dedicated cloud native security posture management tool. The solution they opted for had to offer:
Through a detailed, structured, and proof-of-value phase, the Palo Alto Networks team worked closely with Skedulo to ensure all their assessment use cases were addressed. All parameters that Skedulo wanted in the new solution were included and in-depth training was provided to the team at Skedulo. Prisma® Cloud by Palo Alto Networks was selected as the solution to address all Skedulo needs. This included Cloud Security Posture Management (CSPM), Cloud Workload (CWP) as well as Cloud Code Security (CCS), which, in particular, ensured security is integrated with developer workflows.
“The Prisma Cloud team at Palo Alto Networks spent time walking us through the features that differentiated their offering from competitors, clearly demonstrating that their solution would integrate with our software supply chain to scan code repositories and provide developer-focused security,” says Taylor.
When asked what stood out for him with regard to Prisma Cloud, Taylor responds, “The depth of knowledge that the sales team and solution architects had was particularly impressive. Their knowledge went beyond merely rattling off product data points, and encompassed information security as a whole, which they willingly shared with our team at Skedulo.”
With Prisma Cloud, Skedulo has gained a comprehensive solution that ticked all the boxes, giving them not only the best possible visibility on their cloud environment but also a preventative-first approach. Taylor compares the environment before Prisma Cloud to that of a dimly lit room. Today, he says, it’s like “a light switch has been flicked on, providing complete real-time visibility.”
With real-time data and visibility available across all environments, vulnerability management has moved from being manual to automated. Skedulo has reduced dwell time, or the time after a breach has been made to the time it is identified, from weeks to days.
Prima Cloud’s dashboard enables investigation and intelligence with minimal use of time and resources. Taylor highlights how Prisma Cloud comes with built-in policies aligned to compliance frameworks and industry best practices, providing him with a visual reference. Using the quadrant value in the vulnerability section of Prisma Cloud, Taylor has clarity on the level of risk (high, medium, low) and the kind of risk (internal or external), allowing him the opportunity to prioritise and jump on the dashboard and “travel down the rabbit hole rapidly, from a high level to a line level and come back up.”
Skedulo was able to deploy Prisma Cloud with limited impact on their resources. Taylor considers Prisma Cloud as a team or force multiplier. “With Prisma Cloud, Skedulo is now able to assess the right things at the right time and prioritise risk, instead of tying up valuable resources manually investigating vulnerabilities.” While onboarding the solution, Skedulo has gained access to several additional features that are readily available with Prisma Cloud.
For Skedulo, it was imperative to partner with a security provider of repute like Palo Alto Networks. They were looking for an established company, one that would not be acquired by another organisation, as they had experienced in the past. Taylor sums things up, saying, “With Palo Alto Networks, it’s a win-win situation. On the one hand, we have access to their global reach and continued cybersecurity capabilities, including cloud security. On the other hand, we have local representation, always ready to step in and help.” As the relationship progresses, Skedulo is open to expanding their solution suite and bringing in additional functions from Palo Alto Networks.