CASE STUDY
World Fuel Services , headquartered in Miami , is 91 on the Fortune 500 list and provides energy procurement advisory services , supply fulfillment and transaction and payment management solutions to the aviation , marine and land transportation industries .
The problem
World Fuel Services needed to consolidate its data centers to optimize costs and to deliver technology at the pace of a start-up , so it set an audacious goal to migrate to the AWS public cloud and get out of the business of running data centers , within two years . operations between cloud , security , audit and DevOps teams . For this reason , WFS partnered with Sonrai to implement best-of-breed cloud security .
Increase security
To date , World Fuel has closed 20 of 22 data centers and Sonrai now provides security controls for World Fuel ’ s 200 + AWS accounts and Azure subscriptions , with over 6,500 AWS roles , 1,000 Azure service principals , 10,000 + compute instances and hundreds of data stores .
The result
“ Security is absolutely foundational for any large-scale migration to the public cloud ,” said Richard Delisser , Senior Vice President of Land Technology , Cloud and Infrastructure , World Fuel Services . “ Sonrai Security and the Sonrai Dig platform is central to the World Fuel Services cloud security operating model . The elimination of identity and data risks , automation and continuous monitoring has transformed our cloud security operations and helped accelerate our cloud migration .”
The goal
Reduce risk
Any large-scale cloud migration has to be built off a foundation of strong operational security , and World Fuel quickly realized traditional first-generation CSPM platforms would overwhelm cloud and security teams with alerts as the cloud footprint increased . An exploding number of roles and identities would add identity and access complexity which , combined with increasing alerts , would have raised the risk to an unacceptable level .
Maximize efficiency
World Fuel Services knew the current method of triaging and resolving security problems was not suited to an agile cloud-first company , and a new ‘ Cloud Security Operating Model ’ was needed to bridge
ANY LARGE-SCALE CLOUD MIGRATION HAS TO BE BUILT OFF A FOUNDATION OF STRONG OPERATIONAL SECURITY .
To eliminate identity risks , this customer leveraged automatic analytics based on Sonrai Dig ’ s resource graph . The IAM data collected across all World Fuel Services AWS accounts and Azure subscriptions by Dig were compiled into a normalized graph data model that quickly surfaced complex IAM and data relationships across all cloud identities . Unlike many solutions that only show singular IAM relationships ( e . g . a role with EC2FullAccess or an owner of a subscription ), Sonrai Dig connected the dots to show all relationships in a single picture and uncovered hidden risks . Excessive privilege risks can be eliminated and ‘ least privilege ’ enforced .
The impact of automation has been stunning . Sonrai Dig organized analysis , alerts and actions for environments into approximately 40 ‘ swim lane ’ – automatically directing issues to the right World Fuel team owners or bot responsible for remediating . Dig gives each environment an overall importance and a single pane of glass with a visual representation of security posture and risk . The right issues go to the right team , eliminating alert fatigue . Sonrai Dig helped the team improve inventory management of people and non-people identities , providing an end-to-end view to manage coverage for all of its dynamic cloud assets . The ability to filter and get immediate information for any instance or object in its environment was key . Dig now monitors the organization ’ s entire cloud ( QA , development and production ) for any configuration or access drift .
Shawn M Bowen , CISO , World Fuel Services , discusses how Sonrai Security ’ s technology offering enables the organization to solve energy challenges for its customers around the world .
Can you tell us what your role entails as the CISO of a major energy company ?
It ’ s the same rules for any CISO , except the implications are significantly higher as you move up the food chain of size of companies . The interesting aspect about this
62 INTELLIGENTCIO NORTH AMERICA www . intelligentcio . com