Regional Telecom Provider

Regional Telecom Provider standardizes on Tenable for CIEM and CNAPP enterprise-wide

To accelerate its business growth and agility, a large regional telecommunications provider made a strategic decision to migrate from an on prem IT environment to a full cloud environment. Soon after, the pandemic hit, momentarily stalling an ambitious five-year migration plan. About a year and a half ago the organization re-commenced the project and today their cloud transformation is in full swing.

From the start, a key focus for the enterprise was to comprehensively incorporate security best practice across their new cloud estate.

Moving cloud forward in a large organization. The telecom provider’s extensive IT operation comprises three key groups: Cloud Operations, Cloud Architecture and IT. The operations group itself comprises teams responsible for cloud governance, cloud applications, cloud data and cloud infrastructure. Of these, the cloud governance team, responsible for supporting security and governance for business solutions, was tasked with overseeing and securing the enterprise’s cloud migration.

The Challenge

The enterprise sought to put in place solutions that would ensure its cloud security overall, including with better visibility across its cloud infrastructures. Native tools were not an option because its cloud environment spanned both Amazon Web Services (AWS) and Microsoft Azure, requiring a multicloud security solution. To meet required compliance standards, the executive team had already standardized on a solution for cloud security posture management (CSPM). This piece of the organization’s security strategy addressed governance needs from a reporting perspective. However the cloud governance team, cognizant that identities and permissions are a major point of failure in cloud security, was concerned that a CSPM tool alone would not adequately reveal identity risk and sought to better secure their IAM operation. Cloud infrastructure entitlement management (CIEM), an emerging security category, had gained their attention for its deep risk analysis of born-on-the-cloud identities and permissions.

At liberty to choose point security tools, the cloud applications team began researching CIEM solutions

The Solution

After comparing competitive offerings, followed by a demo and then a proof of concept, the telecom company chose Tenable, citing the benefit of an identity-first approach to addressing its IAM security concerns and the high accuracy of findings revealed in the evaluation phase.

Swift implementation. Rollout was swift. To date, the telecom provider has implemented Tenable in two organizational groups and is underway to standardardize Tenable across their entire cloud environment. These teams are using Tenable’s combined CIEM and policy-based alerting capabilities for overall assessment of its cloud security posture and fine grained visibility and risk detection across identities, resources, network and permissions.

Use cases and ROI. The groups are using the platform to reduce excessive permissions and expand least privilege, integrating its guided recommendations and right-sized policies into development and engineering workflows for acting on by those teams. The enterprise is also using Tenable for anomaly detection use cases, alerting relevant stakeholders about unusual cloud activity to accelerate investigation and response.

Both groups credit Tenable with enormous time savings in prioritizing, and reducing cloud configuration and identity risk in their growing cloud environment.

Next steps. The enterprise next plans to better control user and developer access through Tenable’s Just in Time management portal, which curbs risk and streamlines developer access requests by automating the approval process and revoking the elevated privileges right after use. Spurred by their strong Tenable outcomes, the team is trialing the platform with a broader requirement – building a business case for gaining approval to standardize on Tenable for full CNAPP usage across the entire enterprise.