McAfee

Equinix, a technology company, was facing challenges in identifying the cloud services being used by its employees. The process of approving new cloud services was time-consuming, requiring about 30 person-hours of due diligence by a small staff of three security experts. The team had to manually verify security practices and assess risk factors, which was taxing. Additionally, they lacked tools to manage log files focusing on cloud services risks. The company needed a tool that could discover and identify all cloud services in use, reduce the time and cost of vetting cloud services, provide anomaly detection to spot behaviors that likely indicated data leakage, and prevent access to high-risk cloud services.

REA Group, a multinational digital advertising company specializing in real estate, was facing challenges in discovering and monitoring cloud usage in an open cloud environment and blocking high-risk sites and services. They needed to securely roll out sanctioned collaboration tools like Box to a global workforce. The company also aimed to deliver on security roadmaps while meeting the four pillars of REA Group’s technology strategy. As a cloud-first organization with 90% of its systems being SaaS based, the IT team at REA Group developed two parallel roadmaps for their technology and security teams that suited REA Group’s open technology culture and met the four pillars of its technology strategy: discovery, reporting, risk assessment and policy control.

Adventist Health System, a healthcare network with 45 hospital campuses, was faced with the challenge of enforcing strict HIPAA compliance requirements to protect personal health information. During a large initiative to migrate all of their users from a legacy, on-premises Microsoft Exchange system to Exchange Online, they were presented with additional Office 365 opportunities and services in addition to email. One of the value-added services made available to users was OneDrive, which gave them cause to consider their security, compliance and risk, not just for Office 365, but for all cloud services. They lacked visibility into cloud service providers and needed additional security controls for the 70,000+ users who were migrated from on-premises Exchange to cloud-based Office 365.

Torrance Memorial Medical Center (Torrance Memorial) has been growing rapidly over the last five years, acquiring new business entities and expanding its physician network. This rapid growth resulted in network sprawl and a rapidly growing workforce. Both new and old employees at Torrance Memorial were using more and more cloud computing services. As a healthcare organization, Torrance Memorial is a highly regulated entity due to privacy and medical records concerns. Todd Felker, Torrance Memorial’s technical services manager, wanted to know exactly which services employees were using to ensure he could maintain high security and privacy standards. Felker also needed this information to put in place a cloud services security policy that was flexible enough to allow employees to use the tools they needed but granular enough to maintain rock-solid security and resource controls. He also had no easy way to rate the risk of the different cloud services. With an IT security staff of only one person, Felker did not have sufficient resources to perform regular diligence on the risks posed by cloud services.

Williams, a large-scale energy infrastructure company, had been allowing its employees to use cloud services without a security stamp of approval. This led to a lack of visibility into the number of cloud services in use across the enterprise and the associated risks. The company was spending too many man hours assessing the security of cloud services when employees requested a new service. They were unable to enforce policies and ensure compliance without impacting the user experience. The company needed a solution to gain visibility into the cloud services being used, understand the risks, and enforce policies without affecting productivity.

Maricopa County, the largest county in Arizona and the fourth largest in the United States, faced several challenges in managing its vast network of users and data. The county's Chief Information Officer, David Stevens, wanted to fully understand and govern where their data was going and who had access to it, as it was essential to maintaining the agency’s security. The county faced challenges such as insufficient blocking of malware and high-risk services due to proxy categorization of services based on URL. The county's vast existing infrastructure required frictionless integration across multiple solutions and business units for core functionality. Furthermore, the county lacked visibility into cloud use and risk, data access, and traffic.

Steelcase, a Fortune 1000 organization with 6,500 remote access workers across the globe, was facing challenges due to the rapid adoption of cloud services. This led to multiple accounts, passwords, and login procedures, which increased the risk of unauthorized access to sensitive company information. The growth of shadow cloud services, unmanaged by the IT department, also posed a significant risk. The company wanted to enable cloud services like Office 365 while ensuring sensitive data is protected. Two years prior, the Steelcase Board of Directors’ Audit Committee had expressed concern over the vast amount of cloud applications and services in use at the company and requested an audit, which required finding, vetting and approval of all cloud services.

Perrigo, a global pharmaceutical company, was facing challenges with its existing procedures which led to inconsistent cloud security policy enforcement and created risk of data exfiltration. The backlog of cloud service approval requests from employees inhibited productivity. The lack of visibility into cloud service providers in use prohibited proactive cloud enablement. The company needed granular visibility into what their users were doing and the ability to provide policy controls for different business units. They needed to gain complete visibility into cloud usage, proactively block high-risk services, and increase detection of high-risk behavioral anomalies.