Case Study

Prisma Cloud Accelerates Iron Mountain’s Multi Cloud Strategy with Shift Left Security and Continuous Compliance

In brief


Iron Mountain


Information storage; enterprise information management


United States of America

Products and Services

Storage, Artificial intelligence, and Information management services

Organization Size



Gain comprehensive visibility and security across Iron Mountain’s multi-cloud infrastructure, maintain compliance, and scale quickly and efficiently to meet ever-evolving customer expectations.


Prisma® Cloud by Palo Alto Networks provides visibility across Iron Mountain’s end to end cloud environment and centralizes security and compliance management into a single pane of glass to streamline resources and improve the company’s overall security posture.

  • Provides a unified view of all deployed resources across a diverse, multi-cloud infrastructure
  • Simplifies compliance with one-click, customizable reporting
  • Enables DevSecOps across a 100+ person team with robust shift-left capabilities
  • Moves at the speed of business while incorporating security that can do the same
  • Reduces time needed for gathering evidence related to compliance audits by two hours
Download PDF Share

Building a Cloud Native Application

Focused on expanding its routes to market and providing digital services in addition to traditional brick-and-mortar offerings, the company’s newest product, Iron Mountain InSight, is a cloud native application that uses machine learning and AI to automatically classify, extract, and enrich physical and digital content.

While the central team is responsible for the overall creation and monitoring of cloud security best practices, smaller security teams handle “slices” of the cloud, usually focused on one major cloud service provider (CSP). Well over 100 people—security, developers, and DevOps—support the InSight application alone, which is primarily operated in Google Cloud.

servers iron mountain

Satisfying Inherent Needs

With InSight as the primary focus, Iron Mountain began by outlining its security and compliance requirements. To adhere to FedRAMP compliance standards as well as effectively identify and remediate noncompliant resources would require automation and continuous monitoring of systems.

For security, the company’s strategy and approach needed to enable its multi-cloud development and operations while keeping pace with the speed of the business and minimizing risk. The ability to “shift left” and integrate security into DevOps workflows was deemed critical to keep Iron Mountain and its customers secure.


Prisma Cloud not only made my job and my team’s jobs so much easier; it made our jobs possible. We didn’t have this type of insight into our environment without jumping through hoops ... but now, we have a solution with everything laid out in one place where we can dive deeper and see a robust picture.

– David Williams, Cloud Manager, Iron Mountain

building iron mountain

Finding the Solution: Timing Is Everything

To be able to move at the speed of business, “Timing is everything,” says David Williams, cloud manager at Iron Mountain. “The speed at which technology moves these days means you have to be prepared to shift at the drop of a dime and work with partners who are able to do the same.”

In working with the right cloud security partner, David and his team felt they could achieve that goal. In fact, Iron Mountain built the InSight product knowing they would have Prisma Cloud as the backbone to secure it. Relying on the native security tools from CSPs simply didn’t provide the levels of visibility and control the company required.

According to David, “Prisma Cloud made InSight possible.” Support for workloads across Amazon Web Services (AWS®), Google Cloud, and Microsoft Azure® streamlined the security team’s operations with end-to-end visibility into Iron Mountain’s security and compliance posture. Specifically, Iron Mountain can now see which particular policy or rule is being violated from a compliance standpoint as well as where that violation falls in terms of impact or remediation priority. The single-pane-of-glass management view not only allows the security team to leverage tailored reporting, but also serves as evidence for auditors that there is a defined process in place.

production iron mountain


Prisma Cloud supports all cloud providers out of the box; we don’t have to reconfigure or come up with new compliance metrics. Having this agnostic tool that doesn’t care where the workloads are coming from made it a no-brainer.

– David Williams, Cloud Manager, Iron Mountain

A Secure Culture of Teamwork

Prisma Cloud has empowered Iron Mountain to focus on what matters most: the team. This is accomplished through:
  • Fostering a DevSecOps culture: The ability to shift left and integrate security throughout the CI/CD pipeline, without adding friction caused by non-integrated tooling, has helped shift developer resistance to embedding security checks in their workflows.
  • One-click, custom compliance reporting: Being able to continuously monitor for compliance violations in a cloud-agnostic manner has allowed Iron Mountain to use customizable reporting in any cloud environment without needing to reconfigure or start from scratch. As a result, the team can maintain compliance in a uniform manner more efficiently and comprehensively.
  • Reliable, trusted security partnership: Palo Alto Networks is a trusted and valued security partner. “Palo Alto Networks’ reputation, and more importantly, the people, made all the difference,” David says. “They didn’t look at us as a sales number or statistic. Instead, they take feedback and share the roadmap to help us plan, prepare, and scale for a secure cloud-first future.”

  • To learn how Prisma Cloud can enhance your security strategy, visit