Customer Case Study

Global Mining Company Automates Risk Mitigationwith Posture Control by Zscaler for CSPM

Build and Run Secure Cloud Apps

Profile

  • Company: Global Mining Company
  • Industry: Energy, Oil, Gas & Mining
  • HQ: USA
  • Size: 30,000 employees on four continents

Background

This global mining enterprise has been a leader in extraction since the 19th century. Headquartered in the US, it operates in the Americas, Europe, and the Asia-Pacific, with significant reserves of precious metals and essential trace elements, including some of the world’s largest deposits.

Challenge

Coordinate a consistent security posture across all development teams and gain visibility for meeting compliance requirements

Outcomes

  • Improves NIST CSF compliance score by 60%

  • Doubles compliance scores across entire Azure application environment, including Microsoft Office 365

  • Enables DevOps to automatically identify and remediate risks during early application iterations, long before go-live

See More Information

Worldwide transformation requires global compliance

To power the digital transformation of its geographically remote mining operations, this global resource extraction leader began transitioning to cloud-delivered applications, resulting in new data security challenges.

“We recently began accelerating our cloud-first strategies, including initiatives such as our Connected Mine deployment,” explained the Deputy CISO for Security Governance, Compliance, and Communication at the US-based company. “Although moving to the cloud is solving historical issues with implementing and managing on-prem applications in remote areas, it also means taking a new approach to data security.”

Zscaler ensures a consistent security posture across all teams

With the company’s lean IT staff relying on an array of partners to drive multiple cloud transformation projects, the data security team sought a solution for coordinating a consistent security posture across all developers. In addition, the company’s executive team and board of directors were keen to gain the needed visibility to ensure compliance requirements were met.

As misconfigurations in cloud applications are a known enterprise vulnerability, the company worked with its professional services provider to evaluate solutions capable of proactively identifying and remediating such defects. Ultimately, it selected Posture Control by Zscaler for cloud security posture management (CSPM).

“Posture Control satisfied each of our primary cloud protection objectives,” said the Deputy CISO.

Posture Control satisfied each of our primary cloud protection objectives.

Deputy CISO for Security Governance, Compliance, and Communication, Global Mining Company

Achieving automated cloud security assurance

By adopting Posture Control, the global mining company receives continuous cloud security assurance that not only identifies misconfigurations, but also has the option to automatically prevent them from happening in the first place. Provided coverage spans IaaS, PaaS, and SaaS, as well as the company’s Kubernetes container environments.

In addition, the company can leverage the solution’s ability to compare SaaS and public cloud application configurations to industry and organizational benchmarks, reporting violations and automating their remediation according to established best practices.

“We gain holistic visibility and control along with efficient and effective risk mediation,” said the Deputy CISO. “This enables us to maintain compliance with various regulatory structures, such as the NIST Cybersecurity Framework [CSF] and the Center for Internet Security [CIS].”

We gain holistic visibility and control along with efficient and effective risk mediation.

Deputy CISO for Security Governance, Compliance, and Communication, Global Mining Company

Compliance scores quickly double across all assets

Within 10 days of deployment to its Azure cloud presence, the global mining company quickly realized a range of asset discovery and assessment benefits.

“We could see our entire environment, including Office 365,” said the Deputy CISO. “The Posture Control dashboard gave us an intuitive representation of all of our vulnerabilities, and the risk level associated with each, enabling us to address the most serious issues first.”

Just four weeks after implementation, the company’s compliance scores soared. “Among other accomplishments, we improved our NIST CSF compliance score 60 percent,” said the Deputy CISO. “And across all Azure assets, we doubled our compliance scores, including for Office 365.”

Enterprises like the global mining company also appreciate the ability to extend policy-based access to multiple security and governance teams, empowering them to drill down to pinpoint vulnerabilities precisely.

“Once we’d improved our posture, we started reporting findings to our board and executive team, which addressed their compliance concerns,” said the Deputy CISO. “Now we can continue updating our leadership team as their business needs arise.”

Once we’d improved our posture, we started reporting findings to our board and executive team, which addressed their compliance concerns.

Deputy CISO for Security Governance, Compliance, and Communication, Global Mining Company

DevOps integration enables early risk remediation

Moving forward, the global mining company will take advantage of Posture Control’s capabilities for tightly integrating with DevOps. Using the solution’s extensive API library, DevOps teams can incorporate CSPM into applications and environments. This enables real-time security posture validation during development, rather than asking security teams to conduct assessments after the fact.

By receiving security scores as rapidly as applications iterate, the company’s DevOps can use Posture Control’s automation features to identify and remediate vulnerabilities well in advance of going live.

“As we move into infrastructure as code, we want to enable spinning up new assets quickly, while also ensuring deployments meet our compliance baseline before they’re released,” said the Deputy CISO. “Doing so will help us evolve applications safely as well as rapidly.”

Although the company’s transformation journey is just beginning, the Deputy CISO is optimistic about the role Zscaler and Posture Control will play. “We’ve definitely experienced impressive outcomes thus far,” he said.