Security and Agility in the Cloud Energize Denham Capital
Check Point vSEC enabled us to deploy the same high level of security in the cloud, with the same policies and commands, and gain higher performance with superior flexibility. It more than paid for itself in less than a year.-Peter Ostashen, IT Manager, Denham Capital
Denham Capital is a private equity firm with more than $8.5 billion invested in the power, oil and gas, and mining industries. It has backed successful power projects around the world and achieved recognition for its deals. As Denham migrates its infrastructure to the cloud over the next two years, it needed a way to secure cloud-based assets—as easily as possible.
Industry Unpredictability Demands Adaptability
Notoriously unpredictable, the energy industry requires that IT vendors be able to stop or turn on a dime. With billions of dollars at stake, Denham is always seeking to increase network agility while reducing costs and improving end user productivity. From an IT perspective, this drives Denham to seek solutions that reduce the high costs of operating physical data centers and associated hardware, increase application performance for users who process and analyze financial models with large amounts of data, and enable rapid and easy deployment and provisioning of new offices or users—or moving existing ones—without compromising performance or security.
“The market is shifting to software defined infrastructures and subscription services,” said Peter Ostashen, IT Manager at Denham Capital. “We began a phased migration to the cloud, but moving security to the cloud can be a painful process. We wanted to minimize that.”
Based on their existing Windows environment and long experience with Microsoft as business partner, Denham’s team chose Microsoft Azure for its enterprise-grade cloud-computing infrastructure. The lean three-member Denham IT team needed to easily protect data and applications in the cloud, gain visibility into traffic both on premises and in the cloud, and ensure consistent security everywhere.
Check Point vSEC Smooths the Move
Ostashen and his team began exploring security solutions from large, well-known networking vendors. However, they found that those solutions were limited in terms of the number of supported VM interfaces, had extensive VM resource requirements, and lacked the required performance. Denham Capital already had physical Check Point security appliances deployed on premise, and sought the same level of security protections and policy management provided by their premise solutions. After carefully evaluating other competing products, Denham decided Check Point vSEC was the best solution to secure their Azure cloud environment.
“We chose Check Point vSEC for Azure because it delivered the next-generation security features we were looking for,” said Ostashen. “It gave us much more flexibility in Azure, better security, and was easier to manage than the competing solution.”
Check Point vSEC for Microsoft Azure extends advanced threat prevention security to protect Azure cloud environments from malware and other sophisticated threats. As a Microsoft Azure certified solution, vSEC enables organizations to easily and seamlessly secure their workloads, data and assets while providing secure connectivity across cloud and on-premises environments.
Denham’s IT team has already begun migrating resources to their Azure cloud, starting with Active Directory and Exchange services, as well as file services and several applications. Likewise, any new services are now hosted in Azure and secured with Check Point vSEC. Backup appliances, storage services and remaining Check Point premises solutions will be migrated over the next several years.
Comprehensive Security Protection
Check Point vSEC for Azure protects assets in the cloud from attacks while enabling secure connectivity from the enterprise network to Azure. It provides Denham with advanced security services, including Firewall, IPS, Application Control, IPsec VPN, Antivirus, Anti-Bot, and award winning SandBlast sandboxing technology—as well as single-pane-of-glass manageability.
Increased Agility with Consistent Policy Management
Denham increased its network agility by migrating key applications and services to the cloud. Now the IT team can spin up—or decommission—a server or data center with a few clicks. With unified policy management provided by Check Point, cloud resources are now secured the same way as premises-based systems.
“Check Point vSEC for Azure really eased the pain of securing our cloud,” said Ostashen. “We have consistent security policy and threat visibility across both infrastructures. And we can ensure that every new service or workload in Azure is secured instantly. It just works.”
In just the first phase of migrating to Azure, moving to the cloud has “significantly reduced” Denham’s IT spend. As they continue to move physical systems to the cloud over the next few years, those savings will grow.
“Check Point vSEC enabled us to deploy the same high level of security, with the same policies and commands, and gain higher performance with superior flexibility,” said Ostashen. “It more than paid for itself in less than a year.”
Next on the roadmap are plans to deploy Check Point R80.10 Security Management to automate policy deployment in Azure. As servers are added to Denham’s Azure environment, security policies will be applied automatically in real-time. If services are moved, policies are automatically moved or adapted as needed. Automatic protection will save time for the IT team, eliminating the process of checking each other’s work for errors to ensure consistency and increasing peace of mind.
“It’s nice to have a fully baked software security solution that I can easily spin up, spin down, and adapt to business conditions,” said Ostashen. “We can forecast more accurately for the business, and we have a good security foundation in place when cyber threats attack cloud assets with the same sophistication that that they attack physical ones today.”