Incorporating security directly into the development cycle for a leading insurance provider

Halo significantly reduces cost and manual effort through automation

Business challenge

This major Fortune 100 Boston-based insurance provider had a need for speed. Specifically – the need to create a fail fast – fail often environment as they sought to increase their overall application development/deployment velocity to better serve the needs of their digital customers and the business. This meant not only implementing a whole new DevOps development process, but also cloud-based infrastructures for rapid and scalable deployment.

The challenge? In a highly regulated privacy sensitive business like insurance, cyber security and compliance can not be an afterthought. The applications once developed and let loose in the wild need to be rock solid day one. In the insurance game there are no do-overs. While they were well equipped with security tools for handling legacy application development practices and data center based deployment environments, those systems were simply not able to operate in the highly dynamic and high-velocity environments of the cloud and DevOps. Requiring fixed IP addressing, manual policy and image verification, as well as post-deployment compliance verification for their applications, the inadequacy of these legacy security tools quickly became apparent. From a cost, efficiency, accuracy, and time standpoint, a security platform designed specifically for cloud workloads but could also be deployed back into legacy server environments became the ultimate technical insurance policy!

The solution:

Because Halo is a security as a service solution, they were able to incorporate it directly into their application development cycle – baking critical security controls at build, at registry, and production. Because Halo is fully automated it was able to keep pace with their DevOps cycles and increase overall efficiencies and cost by verifying application compliance prior to deployment – so that if fixes were required, they could be added at the least disruptive and expensive point in the cycle. Moreover, with Halo’s robust Rest APIs, they were able to integrate it with many of their existing analytics and reporting tools including Bamboo, Ansible, GRC, and Splunk.

Result:

“It used to take us days to track down vulnerabilities and map to the image. We would scan weekly or daily. Someone would pull a report and bring it to me and ask” what image is the vulnerability in? I wouldn’t know, because all he had was the IP Address. I would have to look at the history of the IP addresses over the day and say “it was one of these 8 instances. Now I can do it in 11 minutes. Halo can identify the problem immediately and tie it to the instance. People are happier when they are working on projects, not when they are tracking down vulnerabilities!”

By implementing Halo, this global insurer was now able to track and map vulnerabilities in their golden images in 11 minutes instead of days as it took with their legacy tools. In addition, by incorporating Halo at the beginning of the build cycle instead of the production phase as most legacy tools require, they were able to reduce their remediation costs by an astounding 30x! Finally, using Amazon AWS/EC2, they were able to leverage AMIs that they knew were hardened and vulnerability saving significant time and cost in getting their infrastructure spun up and ready – safely. We like to call Halo the ultimate Cloud insurance policy – and these insurance experts would seem to agree!