CASE STUDY company is that it ’ s a global energy company . We also dabble in a lot of different areas , not just energy , but also the technology supporting and delivering it . Take aviation for example ; not only do we deliver the fuel , we also offer technology to support fixed-base operations for airports , scheduling and co-ordination of private planes , and the fleets associated with them .
Why did you select Sonrai Security ?
One of our values that we try to align with during vendor selection is partnering with vendors that we aspire to be like . The people behind that technology are one of the reasons why we partner with specific companies . That was what really started the relationship with Sonrai and it helps that it has a tool which covers a lot of components that we needed , such as cloud security and posture management . Sonrai also deals with cloud identity and combining the two allows the linking of identity so that we can see the whole life cycle .
Why did you decide to migrate your processes to the cloud and what were some of the potential risks involved ?
If you ' re not migrating to the cloud now , what are you doing ? I think there are a few companies that can justify using data centers or on-premise servers , but most are rationalizing their data centers ; I think more companies should be moving to the cloud . The journey we embarked on a few years ago was to close all 22 data centers and migrate entirely to the cloud . We still have a couple of months left to put over our last two data centers that are working in tandem with one another – that should be done by mid next year . The move has allowed us to be more effective in our current operations , and once that ’ s fully fleshed out , we are already looking at advancing to the next couple of levels and expanding our capabilities .
How does Sonrai Security ’ s technology enable you to solve energy challenges for your customers around the world ? integrations into Jira right now . Sonrai is driving tickets and getting tickets to the specific teams . We have 200 + applications that we develop in-house , and we have a tonne of infrastructure that ' s in the cloud for supporting applications and standard business . So , now we ' re able to generate tickets and show what ' s relevant to the person , not the whole cloud . Teams need to be able to segment off what ' s applicable to them and that ' s something that Sonrai has been able to do for us .
How do you predict World Fuel Services will evolve over the next 12 months , from a technology perspective ?
I see a significant increase in security maturation . We have been building our security program using the NIST Cybersecurity Framework along a more traditional maturity-based development and we are ready to provide security through a more risk-based offering where we ' ll apply threat modelling at the product and business levels , then map that down to threat modelling we do at the technology level . That should allow us to tailor our security capabilities specific to the threats that are related to the different products . We don ' t want to have a standard blanket offering of security , we want to have security wrappers tailored around each of our components .
Then , as we continue to go API-first , data centric and reinvent our cloud into the cloud-native environments , those efforts are going to require even more security tailoring . Being API-first is a huge one for us because that means the portability of our applications , our data and our operations are endless once we get to that fully API-driven environment , so that will allow ultimate flexibility .
What advice would you offer to other CISOs when faced with securely migrating their systems to the cloud and implementing strong operational security into their business model ?
One of the problems we had before I started was a lack of dedicated cloud security engineers . People that were responsible for their segments were responsible for their security as well . So , in the cloud engineering function , they had cloud security pieces , and Sonrai was able to aggregate the data and display it in a way that made it easier for people who were not security native , to solve security problems . We were able to solve a lot of the problems that we hadn ’ t seen prior to having Sonrai .
Now , as we ' re developing Security Engineering function and maturing the engineers , we ’ re able to task things out , for example , we ' re doing some
We know that most cloud breaches are related to misconfigurations , so something like a CSPM is a must – like Sonrai with its cloud security posture management which allows us to find those misconfigurations as quickly as possible and limit our exposure . Then there ’ s the design factor ; patching , updates and standard security will be there , but in the cloud , misconfigurations are far more damaging than a misconfiguration in an onprem environment . So , you need defined principles for the teams to follow and establish secure configurations before you start moving into the cloud . That would be the one piece of advice I would have for that initial transition to the cloud . p
www . intelligentcio . com INTELLIGENTCIO NORTH AMERICA 63