Case Study

With Prisma Cloud, UTS gains comprehensive visibility, contextual assessment, and simplifies compliance across multicloud environments

In brief

Customer

University of Technology Sydney (UTS)

Product and Services

Undergraduate, postgraduate and doctoral degree

Industry

Education

Organization Size

4,400+

Country

Sydney, Australia

Challenge

UTS was transitioning their IT operations to the cloud and needed comprehensive visibility, contextual assessment of workloads and alerts, and a simplified security standards compliance framework across multicloud environments.

Requirements

  • Comprehensive visibility across accounts and multicloud environments
  • Contextual assessment of alerts and advisories
  • Single-pane-of-glass security for ease of management
  • Address security standards compliance needs

Solution

UTS chose Prisma Cloud by Palo Alto Networks for greater visibility, simplification of management and security standards compliance reporting, and the ability to provide context around data and access.
Introduction

Founded in 1988, the University of Technology Sydney (UTS) in Australia, is a public research university regarded as one of the world’s leading young universities. UTS consists of nine faculties and schools, and is home to 50 research centres and institutes. The university has an enrollment of over 45,000 students, across undergraduate, postgraduate, and doctoral programs and was making the shift to the cloud. This was part of the early stages of digital transformation, moving from conventional on-premises data centres to a multicloud environment, facilitating ease of collaboration internally and externally with other universities.

Working with a small team, Graham Allen, Manager, Cyber Security Operations at UTS knew that the shift to cloud would mean managing competing technologies and competing terminologies, which in turn increased workloads. “The Cyber Security team at UTS was looking for a solution to monitor and manage a multicloud environment with a unified perspective,” he says.

CHALLENGE

Limited visibility, alert fatigue, and manual alert remediation processes called for a cloud platform

Graham’s team had limited visibility into the cloud infrastructure being implemented at UTS and this, he realised, could mean a loss of control over critical aspects of data security and IT management. “One of the main drivers of looking at a platform solution was comprehensive visibility across our environment. Our remediation process required an internal investigation, so contextual information needed to be passed along to remediation teams. This was often manual and reactive, making the process tedious and difficult,” states Graham.

UTS manages distributed global access to their environment, on-prem systems and cloud services, integrations between those systems and other applications, and supports collaborative organisational research. This presents a wide array of data to correlate and review. As Graham explains, “A barrage of alerts meant that our small team had to deal with both alert noise and alert fatigue. The alerts cease to be useful if the analyst viewing it is unable to interpret the information. UTS needed a solution that could automatically add context to alerts that were higher fidelity and keep analysts better informed on how to deal with the alerts,” elaborates Graham.

Alongside this, simplification of management and security standards compliance reporting were important, and UTS wanted a tool that could natively assess, alert, recommend, and remediate within frameworks defined by the organisation across a cloud footprint, leveraging cloud infrastructure and services from multiple providers, all from a single pane of glass.

REQUIREMENTS

Comprehensive cloud-native security for deep visibility and precise control

UTS was on the lookout for a technology that could be easily implemented to evaluate configurations and connections, and monitor and assess a multicloud environment with a unified perspective. Their requirements were:

  • Comprehensive visibility across accounts and multicloud environments. This includes granular security and configuration policies for attack detection and alerting.
  • Contextual assessment of alerts and advisories to understand who has accessed what, where, when, and why. Exploring user and entity behaviour analytics (UEBA) to customise UEBA mitigation policies and track suspicious UEBA activity.
  • Single-pane-of-glass security for ease of management across multicloud environments.
  • Address security standards compliance needs through monitoring and enforcing compliance settings

"A barrage of alerts meant that our small team had to deal with both alert noise and alert fatigue. The alerts cease to be useful if the analyst viewing it is unable to interpret the information. UTS needed a solution that could automatically add context to alerts that were higher fidelity and keep analysts better informed on how to deal with the alerts."

–Graham Allen

Manager, Cyber Security Operations, UTS

SOLUTION

Detailed visibility, threat detection, compliance management, and governance with Prisma Cloud

Originally, UTS turned to Prisma Cloud for Cloud Security Posture Management (CPSM), but has since adopted new capabilities like Cloud Workload Protection (CWP) and Code Security. As a long-term user of Prisma Cloud, Graham talks in detail about how the platform has matured over the years. He feels that the interface is definitely more intuitive and that the platform has developed and kept pace with industry requirements. For instance, infrastructure as code (IaC) did not exist as a widely practised concept when it was deployed in 2018. However, today it is a huge part of not only the platform, but of general cloud management strategy—promoting a more efficient, scalable model of provisioning and growing cloud environments, while also mitigating the element of human error through controlled automation. Containerisation and serverless additions have also been developed as reliance on, and future-planning around, those technologies have grown. In addition, identity security has evolved and grown massively to keep up with the complexity of identity and access management (IAM) and security on all cloud service providers (CSPs). As UTS was moving away from infrastructure as a service (IaaS) into serverless, the need for a secure DevSecOps pipeline process was imperative.

UTS had 4,000 full-time equivalents (FTEs), a total staff strength of 5,000–6,000, 40,000 full-time students, and 200,000+ alumni who needed to potentially access the UTS cloud environment. The cybersecurity team manages over 90 individual cloud accounts, across all major CSPs. Before using Cloud Infrastructure Entitlement Management (CIEM), permissions were maintained in individual platforms, RBAC-based into all environments. UTS uses an intrusion detection prevention system (IDPS)—modern multi factor authentication (MFA) (OAuth, SAML, and such). Prisma Cloud CIEM mainly assists IAM management by identifying role elevation or credential leaks.

The education sector straddles a mix of different security standards compliance requirements. Graham shares, “Prisma Cloud provides definitive answers for security intelligence. Besides the benefits of providing UTS with visibility at an organisational level that we previously did not have, the solution enables us to address Australia-specific compliance requirements, such as the Essential Eight strategies and maturity models. In addition to this, having the option of Australian-based data centres to host the Prisma Cloud solution has most certainly increased the currency of Palo Alto Networks within UTS."

The Customer Success team at Palo Alto Networks has accompanied UTS over the life of its subscription, promoting an optimised experience on the platform via regular health checks, customer success planning, strategy discussions around capability adoption, and periodic operations reviews. Through this years-long partnership, the Customer Success team have become familiar with the environment Graham administers, and the specific challenges being faced by his organisation and team. UTS is constantly engaging with the Customer Success team at Palo Alto Networks to explore what these technology developments bring to the overall platform, and adopting those capabilities that they feel will add the most value to them.

"Prisma Cloud provides definitive answers for security intelligence. Besides the benefits of providing UTS with visibility at an organisational level that we previously did not have, the solution enables us to address Australia-specific security standards compliance requirements, such as the Essential Eight strategies and maturity models. In addition to this, having the option of Australian-based data centres to host the Prisma Cloud solution has most certainly increased the currency of Palo Alto Networks within UTS."

– Graham Allen

Manager, Cyber Security Operations, UTS

BENEFITS

Comprehensive and unified visibility

With a single pane of glass for security, Prisma Cloud has reduced the need and stress of managing multiple point products by integrating capabilities into a single platform. Prisma Cloud provides simplicity when interacting with the ever-increasing API capabilities of new services online. “Prisma Cloud is constantly adding new features into the environment to make it as easy as a dashboard,” says Graham.

Support for security standards compliance and regulatory needs

UTS needed capabilities to assess and improve their existing posture, identify opportunities to improve, and have the ability to customise to their own compliance standards. Prisma Cloud has increased impact for an Australian-based organisation by developing Australian-specific requirements (for compliance monitoring: Essential-Eight, ACSC ISM, and APRA CPS-234). The Palo Alto Networks team was able to provide local support for regionally aligned compliance needs, as well as build consensus among Australian and New Zealand (ANZ) based customers for agreement around the structure of these regionally specific standards.

Providing contextual assessment

UTS needed context; an understanding of system interconnects and why one resource talking to another is a matter of concern. Prisma Cloud was able to contextualise information for UTS to take actionable steps to mitigate any potential risks.

Reduced resourcing requirements

From a cybersecurity perspective, if Graham and his team were to manage all the compliance and analysis across multiple environments, at the very least, this would require 0.5 FTE staff members. This increases more if IaC and DevOps are added into the mix. Continuous assessment of cloud accounts or subscriptions manually at this level of detail is effort-intensive, and will increase resource requirements. With Prisma Cloud, UTS has kept its resource requirements in check and can maximise their resources efficiently.

Customer Success

Being exposed to the ongoing and changing requirements of cloud security with UTS, the Customer Success team was able to bring the more context-relevant capabilities of Prisma Cloud to the security team. Over the life of the subscription, Palo Alto Networks has acquired multiple companies (Evident.io, RedLock, Twistlock, Bridgecrew, Aporeto, PureSec, and Cider Security) and integrated their technologies into the cloud-native application protection platform (CNAPP) offering. Customer Success has worked with the cybersecurity team to assess these capabilities, define their function clearly, and gauge applicability to UTS pain points and use cases. Graham shares, “Working with the Customer Success team has enhanced the value of Prisma Cloud to UTS, and offers an opportunity to consolidate tooling—an important consideration for resourcing.”

CONCLUSION

UTS aims to continue to grow their cloud footprint. “What really sold it to us is that the benefits are tangible,” says Graham. He feels that the platform is constantly developing and evolving to better cater to the changing security needs of UTS. He particularly enjoys the licensing model because it is easy to implement, with a single licensing “credits” system used across all platform capabilities, instant activation of newly added capabilities, and no additional cost considerations beyond having available credits when it comes to utilising any new features.

The Customer Success team has cultivated a close-knit working and personal relationship over the years, which has helped to continue supporting UTS’ footprint with Palo Alto Networks. Graham captures this eloquently as he says, “Whether it’s new features or new product lines, everything feeds the imagination. The Customer Success team has a nuanced approach to providing just the right amount of information to inspire us to try newer technologies that address our pain points.”