Secure Move to the Cloud Delivers Savings, Flexibility and Confidence to OpenLink and Its Clients
Having CloudGuard IaaS for Azure helps in our conversations with clients about moving their data to the public cloud. It allows them to meet their compliance needs as well as providing them with the confidence that their data is being properly managed and secured. And clients can actually see that we’re doing proper defense-in-depth security, in addition to the security measures Azure includes.
-Michael Lamberg, VP and Chief Information Security Officer, OpenLink
OpenLink is the global leader in trading, treasury, and risk management solutions for energy, commodities, corporate, and financial services companies. More than 37,000 users from 600 clients use the company’s highly sophisticated software for activities such as hedging commodity prices, automating logistics, forecasting raw material needs, and trading derivatives.
Moving to the Cloud
OpenLink’s solutions power decision-making and operations for many of the world’s largest oil companies, banks, and utilities. Each client’s OpenLink implementation is tailored specifically to their unique business needs. Until recently, OpenLink solutions were typically deployed in clients’ own data centers. Each deployment was built with high amounts of excess processing capacity to handle peak periods of demand. As an example, a client might need 10 compute systems for most of the day, but during a peak processing period, complex transactions would require 100 systems to handle the computational load and minimize delay.
OpenLink’s large clients also maintain multiple development and testing (DevTest) environments and staff. Due to the complexity of customized software implementations, these teams work continuously to keep their solutions upgraded with release levels and to develop customized plug-ins. The production and DevTest environments represent high capital investment, maintenance, and support costs, yet they are mission-critical to the company’s operations.
For smaller clients that don’t have large data centers, OpenLink began hosting customer workloads and data in its own data center. Using its private cloud, OpenLink essentially began functioning as a service or hosting provider, processing large amounts of client data.
“We saw an opportunity to reach more customers with OpenLink solutions through a cloud model,” said Michael Lamberg, VP and Chief Information Security Officer for OpenLink. “If we could progress from private cloud to a public cloud model, we could gain significant advantages.”
OpenLink chose Azure based on compatibility with OpenLink technologies, robust regional coverage, pay-per-minute pricing model and a mature security stack.
Adopting a service delivery architecture that included public cloud would enable OpenLink to support more clients with less physical infrastructure and with the added flexibility to scale on demand for peak usage periods. Clients would only pay for the resources they use—enjoying substantial savings and higher performance. OpenLink also would reduce its physical infrastructure costs. The public cloud accelerates OpenLink implementations for new clients because with the proper tools, it is much simpler to manage. By providing DevTest environments in the cloud, OpenLink can provide rapid access to versions of its application, giving everyone a competitive advantage and offering an affordable solution for many more potential clients.
“Security in the cloud is paramount,” said Lamberg. “We chose Microsoft Azure for our cloud, but wanted in-depth control over security. I need the ability to see and verify the layers of security deployed. We chose CloudGuard IaaS for Microsoft Azure to meet our security requirements. In addition, CloudGuard Iaas is cloud agnostic making us less dependent on the cloud provider’s native security controls giving us the flexibility to choose where we could host our workloads in the future.”
CloudGuard IaaS Secures Client “Bubbles”
OpenLink’s Azure cloud consists of multiple single-tenant environments defined as bubbles. Each client’s solution operates in its own “bubble,” which is securely linked to a cloud-based management hub and the client access portal. Private peering links connect back to the OpenLink physical data centers, which operate separately. OpenLink had previously deployed Check Point 5600 Next Generation Security Gateways in two of its data centers. Now it deployed Check Point CloudGuard IaaS for Azure to secure its public cloud environment, thus moving towards significant security deployments on Check Point solutions.
“In my experience, Check Point is one of the only security solutions that can easily and efficiently scale to hundreds of gateways,” said Lamberg. “I can be assured that no client environment (bubble) can talk to any other bubble, and nothing can pass through CloudGuard IaaS for Azure into the OpenLink cloud unless I configure it to do so. That’s an extra level of assurance for us and our clients.”
CloudGuard IaaS for Microsoft Azure extends advanced threat prevention security to protect customer Azure cloud environments from malware and other sophisticated threats. As a Microsoft Azure certified solution, CloudGuard IaaS enables customers to easily and seamlessly secure their workloads, data and assets while providing secure connectivity across their cloud and on-premises environments. It
provides the full protections of Check Point’s Advanced Threat Prevention security, including firewall, IPS, antivirus, anti-bot protection, application control, data loss prevention, and more.
The decision to utilize CloudGuard IaaS to secure their cloud environment means that every OpenLink client bubble enjoys the same comprehensive next-generation threat prevention capabilities.
“Our partnership with Check Point is one of the most valuable aspects of the solution,” said Lamberg. “Check Point works very well with Azure, and we get great support from both vendors. The adoption of public cloud challenged us in verifying the security layers offered by the cloud provider, also given limited visibility into the layers of the Azure stack, CloudGuard IaaS helped us overcome these challenges.”
Winning Client Confidence and Trust
Clients trust OpenLink to keep their data safe in the cloud. In physical deployments, client data and the OpenLink application reside together in the data center to minimize latency and maintain high application performance. Moving their application to the Azure cloud means that client data must also be moved to the cloud to maintain proximity.
“Having Check Point CloudGuard IaaS for Azure helps in our conversations with clients about moving their data to the public cloud,” said Lamberg. “It allows them to meet their compliance needs as well as providing them the confidence that their data is being
properly managed and secured. And clients can actually see that we’re doing proper defense-in-depth security, in addition to the measures Azure includes.”
Next Step, Automation
Check Point’s unified management makes it easy for Lamberg and his team to manage both CloudGuard IaaS for Azure instances in the cloud as well as Check Point physical appliances in their data center. Through a single pane of glass, they can implement unified and consolidated security policy and threat visibility across their cloud and physical environments. When OpenLink spins up a new client environment, it automatically incorporates security protections to that new client environment.
“Check Point has always excelled in unified management—whether it’s two or two thousand instances,” said Lamberg. “We’re currently working through orchestration and scripting to automate as many steps as possible. Our goal is to minimize the human resources needed to deploy new environment and manage the cloud.”
Clients Gain Savings—and More
With the OpenLink public cloud, clients can avoid having to purchase, deploy, maintain, and support on-premise infrastructure while maintaining high application performance and industry-leading security. In addition, the cloud’s DevTest environment gives clients fast access to OpenLink software for their internal development efforts as well as getting them ready for production, so that they can gain competitive advantages in their markets.
Lamberg says that OpenLink’s overall service delivery goal is to protect, monitor, and respond quickly to anything that might happen across their entire infrastructure – both physical and virtual environments. Check Point is an integral part of achieving that goal.
“The cloud is changing and evolving all the time,” he said. “Check Point is in tune with this evolution as well as willing to collaborate and work with us on our unique requirements. It’s one of the primary reasons I do business with Check Point.”
For more information, visit: