Registers of Scotland is a non-ministerial office of the Scottish Administration, responsible for maintaining records relating to property, and other legal documents.
Registers of Scotland has embarked on an ambitious journey, geared to re-platforming legacy systems to a modern cloud environment. Paper-based Land Registry processes Registers of Scotland has relied on for over 400 years are being replaced by electronic services, making the organisation more efficient, agile, and customercentric.
However, faced with a four-year timeline for this AWS cloud-first strategy and an accelerating pace of digital innovation, the newly formed IT Security team needed to quickly find a solution to better safeguard the organisation’s systems.
Bob Bowden, Security Architect, Registers of Scotland, explains: “The business was eager for digital change and wanted the IT Security function to provide assurance that the cloud was safe. The development architects in turn were coming to us, asking how we would secure their platforms.”
Penetration testing was ruled out as a way to achieve trusted cloud security, owing to the cost of both running the tests and remediating the issues.
According to Bowden, stitching together security data from disparate cloud security tools would also absorb resources and might overlook critical vulnerabilities. “We needed to keep track of changes to AWS services, identify misconfigurations, and focus on the alerts that signal a threat. For that we needed a single, best-in-class cloud security platform.”
Bowden and his team established a cybersecurity solution would be required to:
The deployment of Palo Alto Networks Prisma Cloud was the first step in an enterprise-wide implementation of almost the entire Palo Alto Networks portfolio, spanning network security, security operations, and endpoint security. The result is complete, automated protection against cyberattacks.
The initial scope for Prisma Cloud was to provide relatively coarse reassurance that the AWS platform was secure. Bowden and his team enabled policies for both GDPR and PCI, using these to determine the baseline for security. Default altering policies were set for configurations audits and anomalous events of interest. “In just a couple of days, we stood up a monitoring service to identify and respond to issues,” says Bowden.
Registers of Scotland then moved to the next phase of CSPM: code security. “Prisma Cloud is built into our continuous integration and continuous delivery pipeline from the start, automatically identifying misconfigurations and compliance violations in container images. Centralised visibility and policy controls ensure that only secure code is deployed.”
Registers of Scotland also realise the value of shifting security left in the development lifecycle. “Almost everything is defined as code,” says Bowden. “As our cloud-native environments become more automated, we will enforce quality gates into the pipeline.”
This cloud-native security strategy has many benefits, enabling: