Recently, we had a conversation with Threat Stack customer Simple, an exciting, high-growth company that’s reinventing online banking. The case study below demonstrates how Simple leveraged Threat Stack to simplify its cloud security and gain more visibility into the operating systems of its production environment. Read on to learn more about how Simple consolidated its security efforts with Threat Stack and how they were able to accelerate their overall company growth, as a result.
Feb 10, 2016 7:45:43 AM
We recently spoke with Threat Stack customer Jameel Al-Aziz, DevOps/Software Engineer for 6sense, and developed the below case study that showcases how Al-Aziz and his team are using Threat Stack. Al-Aziz also details in the case study the company-wide benefits they are realizing, including a shortened sales cycle, by having a continuous security monitoring solution in place. Below is their story.
Apr 21, 2015 10:26:47 AM
ABOUT UNIVERSITY OF HAWAII
The University of Hawaii is a 10-campus University System. The UH Manoa campus is a research campus with remote staff and students on various islands and around the world. Over 400 faculty and staff at UH Manoa’s College of Education use hosted services to exchange private and sensitive material. A multitude of these users are online at any given point in time -- uploading information, exchanging ideas and storing sensitive information, all of which is private and protected by law. While in the process of deploying full-disk encryption and file storage and sync for all faculty and staff, they also needed a layer of complete monitoring.
The University of Hawaii system has experienced multiple data breaches which revealed personally identifiable information (PII). Since then, the University has experienced legislative pressure and is under legal mandate to further protect their data. On top of that, they have numerous other compliance regulations to meet, including FERPA and HIPPA, due to the sensitive nature of the data. The College of Education’s Technology and Distance Programs office is responsible for securing and protecting such data for the College.
“The data we store is protected by the law and it’s due diligence on our part to monitor instances for intrusion,” said Stephan Fabel, IT Manager at UH Manoa’s College of Education. “We want people to log on to the network and participate, but need to know that everything is protected while they are logged on.”
And because of their highly distributed computing architecture with broad access from students and faculty across the islands and beyond, they felt they did not have full control or insight on who was doing what and from where. “We needed to find a solution that ensures privacy, indemnifies us from fault by adhering to industry best practices, and creates a technical solution path for our various security policies,” said Fabel.
“With Cloud Sight, we’re able to see what happened, how it happened, and who did it. This is especially important for us to have given the distributed nature of our network and with the need to keep a history of activity in the event of a breach. No other solutions measured up,” Fabel explained.
“Cloud Sight provides us a way to gain a greater sense of control and insight as to who has done what on our instances at any time. It completes our security profile by protecting our network at the data level,” Fabel continued. He and his team achieve this level of control through Cloud Sight’s email notifications. “The daily summary emails are extremely useful as it allows us to view the context of any event and dive in deeper from there. We’re also notified of administrative changes made on an instance and can easily look into the history of any logged in session.”
“Cloud Sight closes the gap between application monitoring and network monitoring. Before Cloud Sight, we had no idea how to do this, but now it’s done automatically which is a great feeling. With Cloud Sight, we’re able to do our due diligence to monitor our hosts above and beyond government requirements,” concluded Fabel. They now know who has access, who did what, and can answer any intrusion question and show the audit trail if asked in a legal situation.
Since installing Cloud Sight by Threat Stack, UH Manoa’s College of Education:
- Is protecting against PII data theft from all angles
- Meets and exceeds HIPPA and FERPA regulations
- Monitors and protects highly-distributed computing architecture with broad access
CloudSight is unlike traditional providers as its quick and easy to roll out, and automatic and scalable in the cloud, allowing them to pull up instances and immediately monitor and protect them with no manual involvement.
Jun 17, 2014 5:00:00 PM
Case Study: Populi Runs a Tight Ship Using Threat Stack’s Complete Cloud Security Monitoring
Populi provides a SaaS-based college management platform, allowing people, academics, admissions, billing, scheduling and communications to all work together seamlessly in the cloud. A customer and security-focused company, Populi cares deeply about what customer data their tools and systems are transmitting. They know what’s at stake and provide to users everything from encrypted logins to PCI-compliant technology and daily backups.
While Populi has many enterprise-grade security practices in place, they were still not confident that every aspect of their environment was being properly monitored. Populi had a network IDS in place but did not have complete visibility into the activity on their growing number of hosted systems. James Hill, CTO of Populi, needed the peace of mind that he could view everything from server logins to logged in activity so that he could be alerted as soon as possible about any potential malicious activity.
In addition, it is important that they always meet and exceed PCI requirements since they work with highly confidential information. “Anyone who is responsible should go beyond regulations to protect customer data,” Hill explained. To do this, they needed to move their logs off site to a centralized location. This all led him to Threat Stack’s flagship product, Cloud Sight.
“I selected Cloud Sight because it allows me to centrally monitor the security of our systems and reassures me that no one has been on our servers since the last time my team and I logged in,” said Hill. “Cloud Sight does everything I need; it acts as a ‘burglar alarm’, alerting me when anything suspicious happens.”
In addition, they now have centralized off-server logs available indefinitely on Cloud Sight, exceeding their compliance regulations.
Now, Hill and his team can confidently say that they have a proactive security posture across their entire environment. Especially after the Heartbleed Bug was announced, he was glad to have Cloud Sight in place. “Getting Cloud Sight allowed us to stop maintaining individual packages on individual boxes and aggregate ourselves,” said Hill. While Cloud Sight monitors their systems 24/7, the Populi team is able to focus on the core of their business and sleep easier at night.
Populi is also even better positioned to protect their client data from any incident small or large, as they are now exceedingly compliant to PCI, HIPAA, and FERPA regulations.
Since installing Cloud Sight by Threat Stack, Populi:
- Rests assured that they have the right heterogeneous cloud security monitoring in place.
- Exceeds PCI, HIPAA and FERPA regulations to protect client data.
- Can fix potential security issues before anyone else can try to capitalize on a vulnerability.
Unlike traditional providers, Cloud Sight is built for heterogeneous cloud environments and instantly provisions new instances, alleviating resources so that Populi can instead focus on the core of their business.
Threat Stack offers Cloud Sight worldwide on subscription and consumption-based cloud appropriate pricing models with an easy self-service account set up. If you are interested in deploying Cloud Sight’s security monitoring solution for your business, visit http://threatstack.com or contact us today at firstname.lastname@example.org.
May 28, 2014 5:10:00 PM
Feb 21, 2014 5:18:00 PM