Secure Move to the Cloud Delivers Savings, Flexibility and Confidence to The Leading Financial Services Company and Its Clients

“Having CloudGuard Network Security for Azure helps in our conversations with clients about moving their data to the public cloud. It allows them to meet their compliance needs as well as providing them with the confidence that their data is being properly managed and secured. And clients can actually see that we’re doing proper defense-in-depth security, in addition to the security measures Azure includes.”

— VP and Chief Information Security Officer, The leading Financial Services Company

Overview

The financial services company is the global leader in trading, treasury, and risk management solutions for energy, commodities, corporate, and financial services companies. More than 37,000 users from 600 clients use the company’s highly sophisticated software for activities such as hedging commodity prices, automating logistics, forecasting raw material needs, and trading derivatives.

Buisness Challenges

Moving to the Cloud
The leading financial services company’s solutions power decision-making and operations for many of the world’s largest oil companies, banks, and utilities. Each client’s implementation is tailored specifically to their unique business needs. Until recently, the leading financial services company solutions were typically deployed in clients’ own data centers. Each deployment was built with high amounts of excess processing capacity to handle peak periods of demand. As an example, a client might need 10 compute systems for most of the day, but during a peak processing period, complex transactions would require 100 systems to handle the computational load and minimize delay.
The leading financial services company’s large clients also maintain multiple development and testing (DevTest) environments and staff. Due to the complexity of customized software implementations, these teams work continuously to keep their solutions upgraded with release levels and to develop customized plug-ins. The production and DevTest environments represent high capital investment, maintenance, and support costs, yet they are mission-critical to the company’s operations.
For smaller clients that don’t have large data centers, the leading financial services company began hosting customer workloads and data in its own data center. Using its private cloud, the company essentially began functioning as a service or hosting provider, processing large amounts of client data.
“We saw an opportunity to reach more customers with the leading financial services company solutions through a cloud model,” said, VP and Chief Information Security Officer. “If we could progress from private cloud to a public cloud model, we could gain significant advantages.”
The leading financial services company chose Azure based on compatibility with company’s technologies, robust regional coverage, pay-per-minute pricing model and a mature security stack.
Adopting a service delivery architecture that included public cloud would enable the leading financial services company to support more clients with less physical infrastructure and with the added flexibility to scale on demand for peak usage periods. Clients would only pay for the resources they use—enjoying substantial savings and higher performance. The company also would reduce its physical infrastructure costs. The public cloud accelerates the leading financial services company implementations for new clients because with the proper tools, it is much simpler to manage. By providing DevTest environments in the cloud, the company can provide rapid access to versions of its application, giving everyone a competitive advantage and offering an affordable solution for many more potential clients.
“Security in the cloud is paramount,” said VP and Chief Information Security Officer. “We chose Microsoft Azure for our cloud, but wanted in-depth control over security. I need the ability to see and verify the layers of security deployed. We chose CloudGuard Network Security for Microsoft Azure to meet our security requirements. In addition, CloudGuard Network Security is cloud agnostic making us less dependent on the cloud provider’s native security controls giving us the flexibility to choose where we could host our workloads in the future.”

Solution

CloudGuard Network Security Secures Client “Bubbles”
The leading financial services company’s Azure cloud consists of multiple single-tenant environments defined as bubbles. Each client’s solution operates in its own “bubble,” which is securely linked to a cloud-based management hub and the client access portal. Private peering links connect back to the company’s physical data centers, which operate separately. The leading financial services company had previously deployed Check Point 5600 Next Generation Security Gateways in two of its data centers. Now it deployed Check Point CloudGuard Network Security for Azure to secure its public cloud environment, thus moving towards significant security deployments on Check Point solutions.
“In my experience, Check Point is one of the only security solutions that can easily and efficiently scale to hundreds of gateways,” said VP and Chief Information Security Officer “I can be assured that no client environment (bubble) can talk to any other bubble, and nothing can pass through CloudGuard Network Security for Azure into the company cloud unless I configure it to do so. That’s an extra level of assurance for us and our clients.”
CloudGuard Network Security for Microsoft Azure extends advanced threat prevention security to protect customer Azure cloud environments from malware and other sophisticated threats. As a Microsoft Azure certified solution, CloudGuard Network Security enables customers to easily and seamlessly secure their workloads, data and assets while providing secure connectivity across their cloud and on-premises environments. It
provides the full protections of Check Point’s Advanced Threat Prevention security, including firewall, IPS, antivirus, anti-bot protection, application control, data loss prevention, and more.
The decision to utilize CloudGuard Network Security to secure their cloud environment means that every client of the financial services company bubble enjoys the same comprehensive next-generation threat prevention capabilities.
“Our partnership with Check Point is one of the most valuable aspects of the solution,” said VP and Chief Information Security Officer. “Check Point works very well with Azure, and we get great support from both vendors. The adoption of public cloud challenged us in verifying the security layers offered by the cloud provider, also given limited visibility into the layers of the Azure stack, CloudGuard Network Security helped us overcome these challenges.”

Benefits

Winning Client Confidence and Trust
Clients trust the leading financial services company to keep their data safe in the cloud. In physical deployments, client data and the company application reside together in the data center to minimize latency and maintain high application performance. Moving their application to the Azure cloud means that client data must also be moved to the cloud to maintain proximity.
“Having Check Point CloudGuard Network Security for Azure helps in our conversations with clients about moving their data to the public cloud,” said VP and Chief Information Security Officer. “It allows them to meet their compliance needs as well as providing them the confidence that their data is being
properly managed and secured. And clients can actually see that we’re doing proper defense-in-depth security, in addition to the measures Azure includes.”

Next Step, Automation
Check Point’s unified management makes it easy for VP and Chief Information Security Officer and his team to manage both CloudGuard Network Security for Azure instances in the cloud as well as Check Point physical appliances in their data center. Through a single pane of glass, they can implement unified and consolidated security policy and threat visibility across their cloud and physical environments. When the company spins up a new client environment, it automatically incorporates security protections to that new client environment.
“Check Point has always excelled in unified management—whether it’s two or two thousand instances,” said VP and Chief Information Security Officer. “We’re currently working through orchestration and scripting to automate as many steps as possible. Our goal is to minimize the human resources needed to deploy new environment and manage the cloud.”

Clients Gain Savings—and More
With the the leading financial services company public cloud, clients can avoid having to purchase, deploy, maintain, and support on-premise infrastructure while maintaining high application performance and industry-leading security. In addition, the cloud’s DevTest environment gives clients fast access to company software for their internal development efforts as well as getting them ready for production, so that they can gain competitive advantages in their markets.

Summary
VP and Chief Information Security Officer says that the leading financial services company’s overall service delivery goal is to protect, monitor, and respond quickly to anything that might happen across their entire infrastructure – both physical and virtual environments. Check Point is an integral part of achieving that goal.
“The cloud is changing and evolving all the time,” he said. “Check Point is in tune with this evolution as well as willing to collaborate and work with us on our unique requirements. It’s one of the primary reasons I do business with Check Point.”
For more information, visit:
www.checkpoint.com/cloudguard/cloud-network-security/iaas-public-cloud-security/