Established in 2016, ViuTV broadcasts a 24-hour Cantonese-language channel and a 16-hour English-language channel. Known for its creative productions, ViuTV offers a number of reality shows, dramas, talk shows, variety shows, and travelogues. It also offers finance, music, and sports programs to its Hong Kong audiences.
Securing Multiple Clouds and Accounts
Although ViuTV originally launched its services using a traditional physical infrastructure, it quickly became clear that the cloud was the company’s future. Migration to AWS enabled ViuTV to more easily handle unpredictable traffic volumes created by on-demand content. Cloud also eliminated intensive server management, costly idle capacity, and barriers to development. The team was freed to innovate. Increasingly focused on platform development, ViuTV’s cloud footprint expanded rapidly.
“The number of developers working on the platform grew rapidly,” said Roger Lau, Technical Head, ViuTV Digital . “The number of AWS accounts increased, and we added accounts with other cloud providers. It became harder to see all of our attack surfaces, and therefore, more difficult to clearly assess risk.”
ViuTV faced three significant security challenges. The first was a lack of visibility across all of its cloud accounts and assets. Lau and his team needed to ensure that cloud resources were being used properly and that no data leaks or security loopholes were opening the door to threats. The second challenge was protecting against misconfiguration risk. Finally, ViuTV wanted to ensure compliance with security standards and frameworks as part of its overall risk management strategy.
Lau and his team evaluated the security options being offered by its cloud providers. Although each offered unique features, they were too fragmented to deliver the visibility and control ViuTV needed. That’s when the company turned to Check Point.
High Fidelity Posture Management
“We evaluated several tools, but only Check Point CloudGuard Posture Management gave us a comprehensive view of security across our entire architecture,” said Lau. “Check Point also has several unique features, such as remediation with CloudBot technology, IAM safety, and function server protection. It fits our needs perfectly.”
CloudGuard Posture Management (CSPM) automates governance across multi-cloud assets and services. It visualizes and assesses security posture, detects misconfigurations, automates and enforces policies, and protects against attacks and insider threats.
With multi-cloud visibility across the entire ViuTV architecture, the team can now see all network traffic and assets. They can also monitor the network topology and firewalls, as well as discover vulnerabilities such as compromised workloads, open ports, or misconfigurations in real time.
Perfect for DevOps Environment
Server, container, or application misconfigurations can happen easily as developers rapidly iterate and test software across multiple connected resources. Check Point CSPM quickly detects and remediates misconfiguration issues and enforces security best practices automatically on each cloud.
Ensuring that developers use cloud resources correctly is essential to strong governance. In AWS, an Identity and Access Management (IAM) user is an entity consisting of a name and credentials that represents a person or application interacting with AWS. Check Point CSPM enables ViuTV to manage granular permissions across multiple clouds to protect and control IAM users and roles. The company gains even more control with Check Point CSPM function server protection. This capability adds a layer of protection to every function, including ports, IAM roles, and security groups. In seconds, roles and assets are protected.
“One of the best things about Check Point CSPM is that I can manage resources across multiple clouds, all flows, and settings on a single management platform,” said Lau. “This is critical to securing our entire development workflow.”
Continuous Protection, Automatically
Check Point CSPM enforces compliance and remediates violations automatically using CloudBot technology. When CSPM detects a violation, such as an unencrypted S3 bucket during runtime, it calls CloudBot, which automatically turns on encryption and sends a remediation notification. CSPM also contains a feature known as ShiftLeft, which scans for vulnerabilities in code and containers in CI/CD workflows.
“When we identify a security issue, we immediately tackle it with CloudBot,” said Lau. “CloudBot technology also enables us to preset actions using Check Point’s predefined remediation functions or by writing our own procedures. Either way, we stop potential security risks before they start.”
Robust Governance Across Clouds
ViuTV is committed to standards, such as Center for Internet Security (CIS), National Institute of Standards and Technology (NIST), and AWS Well-Architected best practices. Check Point CSPM provides more than 1500 out-of-the-box rulesets, making it easy to implement governance across clouds. ViuTV also can customize rules using CloudGuard Governance Specification Language (GSL).
“Check Point CSPM offers more rule sets than any other cloud provider,” said Lau. “We can customize rules for our different cloud providers and gain more detailed insight into issues associated with our application settings.”
Next Step, DevSecOps
ViuTV expects to continually embed security into its DevOps culture, practices, and tools as it moves forward. Check Point CSPM gives Lau’s team solid footing. The “ShiftLeft” approach of adding security earlier in the development workflow will enable ViuTV to secure infrastructure and applications from application development through cloud deployment. Check Point’s flexible licensing makes it easy to take the next step from the same Check Point CSPM platform.
“Check Point allows us to build applications with a security mindset,” said Lau. “This is becoming increasingly important to our customers. Check Point gives us this critical protection across clouds, applications, and infrastructure. It’s what we’re focused on for the future.”