¿Le preocupan las vulnerabilidades de la VPN? Descubra cómo puede beneficiarse de nuestra oferta de migración de VPN, que incluye 60 días de servicio gratuito.

Historia de éxito del cliente

Global Mining Company Automates Risk Mitigation

with Zscaler Posture Control for CSPM
Cree y ejecute aplicaciones seguras en la nube
Global Mining Company

Perfil

  • Empresa:Global Mining Company
  • Sector:Energy, Oil, Gas, and Mining
  • Sede central:USA
  • Tamaño:30,000 employees on four continents

Antecedentes

This global mining enterprise has been a leader in extraction since the 19th century. Headquartered in the US, it operates in the Americas, Europe, and the Asia-Pacific, with significant reserves of precious metals and essential trace elements, including some of the world’s largest deposits.

    Desafío

    Coordinate a consistent security posture across all development teams and gain visibility for meeting compliance requirements

      Resultados

      Improved NIST CSF compliance score by 60%,Doubled compliance scores across entire Azure application environment, including Office/Microsoft 365,Enables DevOps to automatically identify and remediate risks early in application iteration, long before go-live

      Resultados

      • Improved NIST CSF compliance score by 60%
      • Doubled compliance scores across entire Azure application environment, including Office/Microsoft 365
      • Enables DevOps to automatically identify and remediate risks early in application iteration, long before go-live

      Deputy CISO for Security Governance

      Compliance, and Communication, Global Mining Company
      Within 10 days of deploying to our Azure cloud we could see our entire environment, including Office 365.

      Estudio de caso de cliente

      Worldwide transformation requires global compliance

      To power the digital transformation of its geographically remote mining operations, this global resource extraction leader began transitioning to cloud-delivered applications, resulting in new data security challenges.

      “We recently began accelerating our cloud-first strategies, including initiatives such as our Connected Mine deployment,” explained the Deputy CISO for Security Governance, Compliance, and Communication at the US-based company. “Although moving to the cloud is solving historical issues with implementing and managing on-prem applications in remote areas, it also means taking a new approach to data security.”

      Zscaler ensures a consistent security posture across all teams

      With the company’s lean IT staff relying on an array of partners to drive multiple cloud transformation projects, the data security team sought a solution for coordinating a consistent security posture across all developers. In addition, the company’s executive team and board of directors were keen to gain the needed visibility to ensure compliance requirements were met.

      As misconfigurations in cloud applications are a known enterprise vulnerability, the company worked with its professional services provider to evaluate solutions capable of proactively identifying and remediating such defects. Ultimately, it selected Posture Control by Zscaler for cloud security posture management (CSPM).

      “Posture Control satisfied each of our primary cloud protection objectives,” said the Deputy CISO.

      Posture Control satisfied each of our primary cloud protection objectives.

      - Deputy CISO for Security Governance, Compliance, and Communication, Global Mining Company

      Achieving automated cloud security assurance

      By adopting Posture Control, the global mining company receives continuous cloud security assurance that not only identifies misconfigurations, but also has the option to automatically prevent them from happening in the first place. Provided coverage spans IaaS, PaaS, and SaaS, as well as the company’s Kubernetes container environments.

      In addition, the company can leverage the solution’s ability to compare SaaS and public cloud application configurations to industry and organizational benchmarks, reporting violations and automating their remediation according to established best practices.

      “We gain holistic visibility and control along with efficient and effective risk mediation,” said the Deputy CISO. “This enables us to maintain compliance with various regulatory structures, such as the NIST Cybersecurity Framework [CSF] and the Center for Internet Security [CIS].”

      We gain holistic visibility and control along with efficient and effective risk mediation.

      - Deputy CISO for Security Governance, Compliance, and Communication, Global Mining Company

      Compliance scores quickly double across all assets

      Within 10 days of deployment to its Azure cloud presence, the global mining company quickly realized a range of asset discovery and assessment benefits.

      “We could see our entire environment, including Office 365,” said the Deputy CISO. “The Posture Control dashboard gave us an intuitive representation of all of our vulnerabilities, and the risk level associated with each, enabling us to address the most serious issues first.”

      Just four weeks after implementation, the company’s compliance scores soared. “Among other accomplishments, we improved our NIST CSF compliance score 60 percent,” said the Deputy CISO. “And across all Azure assets, we doubled our compliance scores, including for Office 365.”

      Enterprises like the global mining company also appreciate the ability to extend policy-based access to multiple security and governance teams, empowering them to drill down to pinpoint vulnerabilities precisely.

      “Once we’d improved our posture, we started reporting findings to our board and executive team, which addressed their compliance concerns,” said the Deputy CISO. “Now we can continue updating our leadership team as their business needs arise.”

      Once we’d improved our posture, we started reporting findings to our board and executive team, which addressed their compliance concerns.

      - Deputy CISO for Security Governance, Compliance, and Communication, Global Mining Company

      DevOps integration enables early risk remediation

      Moving forward, the global mining company will take advantage of Posture Control’s capabilities for tightly integrating with DevOps. Using the solution’s extensive API library, DevOps teams can incorporate CSPM into applications and environments. This enables real-time security posture validation during development, rather than asking security teams to conduct assessments after the fact.

      By receiving security scores as rapidly as applications iterate, the company’s DevOps can use Posture Control’s automation features to identify and remediate vulnerabilities well in advance of going live.

      “As we move into infrastructure as code, we want to enable spinning up new assets quickly, while also ensuring deployments meet our compliance baseline before they’re released,” said the Deputy CISO. “Doing so will help us evolve applications safely as well as rapidly.”

      Although the company’s transformation journey is just beginning, the Deputy CISO is optimistic about the role Zscaler and Posture Control will play. “We’ve definitely experienced impressive outcomes thus far,” he said.