Experian Gains Unified View of Global Security with Prisma Cloud

Experian Gains Unified View of Global Security with Prisma Cloud in Financial Services

Industry
Financial Services

Challenge
Consolidate disparate security tools across CSPs and manage risk at speed to support a global DevSecOps pipeline.

Answer
Prisma Cloud by Palo Alto Networks, the Cloud Native Security Platform, provides continuous multi-cloud visibility, governance, detection, and prevention, offering comprehensive cloud native security across the entire lifecycle and technology stack.

Experian Results

  • Offers a unified view of security spanning hundreds of accounts across the globe
  • Significantly reduces the number of configuration errors
  • Enables the team to shut down 50% of open accounts that were deemed unnecessary
  • Streamlines issue resolution with automated alerts, complete with step-by-step recommendations
  • Employs a true DevSecOps pipeline with balance of controls for the security team and flexibility for the DevOps team
  • Consolidates security management across multiple CSPs into a single pane of glass
Download

Organization
Experian is the world’s leading global information services company. Experian helps individuals to take financial control and access financial services, businesses to make smarter decisions and thrive, lenders to lend more responsibly, and organizations to prevent identity fraud and crime.

Story Summary
Experian—perhaps best known for its role in consumer credit ratings—operates as an innovative technology company, helping its clients manage and analyze massive amounts of data. The company is focused on integrating and standardizing technology across the organization, creating building blocks to streamline global application development to help them better service their global customers.

It is important for the company to get a single view of their organizational risks.

With Prisma™ Cloud, the security team now has the visibility and control that are critical to their operations. The Cloud Native Security Platform has provided a unified view of security and compliance posture across the full cloud native stack, making life a lot easier for everyone involved. “Security has the visibility they require and application teams have the flexibility that they desire,” says Chetan Jha, chief product and cloud security officer at Experian.

An Ambitious Project
Experian helps people and enterprises across the globe manage and analyze massive amounts of data to make betterinformed decisions.

The IT leadership team at Experian wanted to provide the maximum flexibility to its developers to choose the best cloud service provider (CSP) to meet their specific business requirements and needs, including number of accounts, extraneous constraints or local regulatory requirements. Jha says his team is focused on providing a secure base for those business units to work from.

Experian’s internal, integrated platform is based on open source and built on a hybrid-cloud approach to provide flexibility to development teams. Developers can deploy applications on-premises or in Google Cloud Platform (GCP™), Amazon Web Services (AWS®), or Microsoft Azure®. Likewise, they are able to deploy at their own pace.

“We take security very seriously. It’s a single security organization that sets the policies, does the governance, and enables the business to meet all the regulatory requirements and business requirements across the globe,” Jha says. It was clear that they needed a partner to help move at the speed required to maintain innovation.

An Inherent Issue
The productization project involved migrating existing workloads as well as building new applications in a containerized model. From the outset, the team worked hard to set up a DevSecOps pipeline to integrate security into any apps built on the internal platform.

The team members understood that quick advances are inherent to the cloud—capabilities and services roll out on a frequent basis. Additionally, there are developers and business units on nearly every continent, all of which could open a CSP account at any time, creating visibility and configuration management challenges. Also, of course, industry and regulatory compliance are constant requirements.

Experian didn’t want to dedicate resources just to coordinate all of the disparate security tools across CSPs and slow down DevSecOps. They needed help to bridge the gaps and aggregate all of the data they were generating.

Three Criteria
Jha says the search for a partner was predicated on three criteria:

  1. The solution had to be simple.
    “I believe that complexity is inversely proportional to security,” he says. He wanted a solution that was completely cloud-agnostic and offered a unified view across CSPs.
  2. The solution needed to be cloud native, built to leverage the capabilities of the cloud.
    “I have come across many on-prem tools that have been retrofitted and marketed as a ‘cloud tool.’ I have enough experience to know those just won’t work in the long run,” Jha says.
  3. The solution provider had to share Experian’s vision.
    “When we looked at Prisma Cloud, it just wasn’t just the tool or the capabilities that they have today, it was the roadmap that they have, the vision that they have. And that makes a huge difference—because this is a journey,” says Jha.

    “In this ever-changing market, we have to move very fast. We need a partner that can help us stay ahead of the changes,” he continues. “When we saw Prisma Cloud, we were convinced that it met these criteria. So, the decision was simple.”

A Unified View of Business Risk
With Prisma Cloud, Jha and his team now have the visibility and control that are critical to their operations.

Onboarding was enlightening thanks to Palo Alto Networks. Using Prisma Cloud, Jha and his team discovered just exactly how many CSP accounts they had in service. This is a common trend at most organizations.

Jha knew it wasn’t malicious, however. “Many employees create accounts without understanding the complications it presents. Many times they relate it to a SaaS model, where they just open it and everything is taken care of by the vendor. The concept of a shared services model for security isn’t on their radar.”

Still, he says this was part of the reason they began the DevSecOps pipeline process. “The business units have their own needs, and their own pace at which they need to move. And we provide that flexibility. We needed a partner to help us abstract all of it, so that when we look at the risk, we can look at it across the enterprise and not in silos for each CSP or business unit.”

Not only was the onboarding helpful; it was swift. “We were able to onboard hundreds of accounts in Prisma in a short amount of time—and nobody expected that,” Jha says.

Prior to using Prisma Cloud, the security team had difficulty simply taking inventory of all of the accounts. Now, they’re able to identify any account and specify if it was opened without the proper controls. “That gives us a complete visibility of the risk across all these accounts,” says Jha.

One feature of particular importance is the ability to easily see at a glance how many accounts have systems access that is not actually required. That used to be a huge challenge, but with APIs connected to Prisma Cloud, it is very simple.

In addition, Jha says, the “APIs help account admins get real-time updates on alerts with step-by-step instructions to remediate them. Prisma Cloud gives account owners all the tools they need to fix their issues without having to rely on anyone else.”

Prisma Cloud has provided a unified view of security and compliance posture across the full cloud native stack, making life a lot easier for everyone involved. “Security has the visibility they require, and application teams have the flexibility that they desire,” Jha says.

“I can say that I am quite confident I know every account that Experian is using in the cloud. This is critical for enterprise security.

Learn more about Prisma Cloud and how it can provide a unified view of security for your team. Visit paloaltonetworks.com/prisma.