In brief
Registers of Scotland
1,200 colleagues; two offices in Scotland
Public sector
Land registry
Edinburgh and Glasgow, Scotland
Registers of Scotland is targeting the deployment of multiple new cloud applications as part of its digital transformation. The organisation needed to tackle the complex process of detecting and preventing development misconfigurations that lead to compliance violations.
Palo Alto Networks Prisma Cloud.
CHALLENGES
Registers of Scotland is a non-ministerial office of the Scottish Administration, responsible for maintaining records relating to property, and other legal documents.
Registers of Scotland has embarked on an ambitious journey, geared to re-platforming legacy systems to a modern cloud environment. Paper-based Land Registry processes Registers of Scotland has relied on for over 400 years are being replaced by electronic services, making the organisation more efficient, agile, and customercentric.
However, faced with a four-year timeline for this AWS cloud-first strategy and an accelerating pace of digital innovation, the newly formed IT Security team needed to quickly find a solution to better safeguard the organisation’s systems.
Bob Bowden, Security Architect, Registers of Scotland, explains: “The business was eager for digital change and wanted the IT Security function to provide assurance that the cloud was safe. The development architects in turn were coming to us, asking how we would secure their platforms.”
Penetration testing was ruled out as a way to achieve trusted cloud security, owing to the cost of both running the tests and remediating the issues.
According to Bowden, stitching together security data from disparate cloud security tools would also absorb resources and might overlook critical vulnerabilities. “We needed to keep track of changes to AWS services, identify misconfigurations, and focus on the alerts that signal a threat. For that we needed a single, best-in-class cloud security platform.”
REQUIREMENTS
Bowden and his team established a cybersecurity solution would be required to:
SOLUTION
The deployment of Palo Alto Networks Prisma Cloud was the first step in an enterprise-wide implementation of almost the entire Palo Alto Networks portfolio, spanning network security, security operations, and endpoint security. The result is complete, automated protection against cyberattacks.
The initial scope for Prisma Cloud was to provide relatively coarse reassurance that the AWS platform was secure. Bowden and his team enabled policies for both GDPR and PCI, using these to determine the baseline for security. Default altering policies were set for configurations audits and anomalous events of interest. “In just a couple of days, we stood up a monitoring service to identify and respond to issues,” says Bowden.
Registers of Scotland then moved to the next phase of CSPM: code security. “Prisma Cloud is built into our continuous integration and continuous delivery pipeline from the start, automatically identifying misconfigurations and compliance violations in container images. Centralised visibility and policy controls ensure that only secure code is deployed.”
Registers of Scotland also realise the value of shifting security left in the development lifecycle. “Almost everything is defined as code,” says Bowden. “As our cloud-native environments become more automated, we will enforce quality gates into the pipeline.”
BENEFITS
This cloud-native security strategy has many benefits, enabling:
Read the full Registers of Scotland case study, and discover the value Registers of Scotland gained by using Palo Alto Networks Cloud-Delivered Security Services.