SE2 is an insurance technology and services firm. Headquartered in Topeka, KS, the company enables insurers to quickly build and launch new products that support digital transformation. SE2 currently administers nearly 2 million active life insurance and annuity policies on behalf of its clients. It also has $100 billion in assets under administration with more than 200,000 new business applications annually.
Securing Continuously Changing Targets
Delivering a best-in-class customer experience has become a priority for life and annuity insurance companies. As a result, many seek help with digital transformation initiatives. SE2 had recognized this opportunity early—building a DevOps organization and business practice focused on rapid solution development and deployment for insurance clients.
Moving to the cloud gave the company agility and resilience. SE2 relies on a multi-account structure in AWS. Within those accounts, there are 500 EC2 instances with several hundred security groups and multiple users who are authorized to make configuration changes. The security team now had to secure more, faster, in a constantly changing cloud environment while ensuring the company’s security posture stayed strong.
“Protecting our development intellectual property and client data is business-critical,” said Saul Schwartz, Technology Manager for SE2. “We needed leading-edge protection for workloads and data in the public cloud—but in a flexible, manageable way.”
Set It and Forget It
SE2 chose Check Point CloudGuard Cloud Security Posture Management to simplify governance. CloudGuard Cloud Security Posture Management automates governance across multi-cloud assets and services. It enables the SE2 team to easily visualize and assess security posture while providing misconfiguration detection and enforcing security best practices and compliance frameworks.
“Automated remediation really makes our lives easier,” said Schwartz. “We assign alerts and automatic remediation to the items of our choice, and Check Point takes care of everything. When I set security policy, it applies to existing AWS accounts and new AWS accounts or workloads that spin up.”
Minimizing Risk Without Compromise
CloudGuard Security Posture Management helps the SE2 team avoid unnecessary risk. For example, developers might need to change a security group temporarily as they test a new functionality or product. If a user spontaneously changes a security group, CloudGuard cloud bot remediation reverts it to the original state until the security team can review the request and evaluate risk.
“The CloudGuard cloud bot feature helps us keep our large number of security groups secure and congruent,” said Schwartz. “We keep those groups in full protection mode, and developers can request access to a security port for a period of time for testing workloads without putting the company at risk.”
Security as an Enabler
Schwartz says that CloudGuard Security Posture Management gives SE2 extra “guardrails.” Application development is a competitive differentiator for the company, so it’s crucial to ensure a strong security posture without limiting DevOps teams from doing their best work.
“We want security to be an enabler—not a blocker,” said Schwartz. “CloudGuard Security Posture Management allows us to define and enforce policies without compromising flexibility.”
For example, developers need access to certain configuration items as they develop, run, and test solutions. The security team can define policies that allow access and enable automatic remediation so developers don’t have to rely on the security team for point-in-time reviews or access. In addition, the CloudGuard Security Posture Management logic feature enables the security team to dig into logs and quickly identify source destination protocols. If a developer is running into a security problem with a workload, the security team has immediate access to security context and details for resolution.
“With the ability to aggregate multiple accounts and cloud providers, CloudGuard Security Posture Management future-proofs our cloud security,” said Schwartz. “If different workloads run better on a different cloud provider, we can easily say ‘yes’ and still keep all of our security functionality in the same pane of glass.”
Compliance modules within CloudGuard Security Posture Management give the SE2 team options for choosing the best practices that are relevant to their business. For example, SE2 aligns with the U.S. National Institute of Standards and Technology (NIST) framework to craft a robust security posture. The CloudGuard Security Posture Management NIST compliance check identifies anything that is not aligned with the standard and automatically remediates it or alerts the team. Alerts with context and automatic notification simplify troubleshooting and help eliminate any shadow IT activities that might occur. When a new workload is created, the team is automatically notified.
“With CloudGuard Security Posture Management, I can use the same team to manage and secure on-premises and cloud workloads,” said Schwartz. “Our team can continue to learn new technologies while enabling the company to innovate securely.”
Schwartz doesn’t stay awake at night worrying about security breaches caused by misconfigurations. Protection is always on. The team has complete visibility across the on-premises and cloud environments. Automatic alerting and remediation handle events transparently.
“CloudGuard Security Posture Management aligns with the cloud shared security model and has made us much more secure,” said Schwartz. “We have a really good solution in place to make our dynamic cloud environment as secure as possible.”