Download The Case Study
Visibility into 3000+ Cloud Apps
Identification of high-risk services in use
Validation of Cloud readiness for known Cloud services
Remediation plan for high-risk Cloud services
Nephos Technologies were selected to deliver our Smart Discovery service by one of the UK’s leading financial services organisations to identify unsanctioned Cloud usage and develop a strategy to apply governance to their Cloud-based services. Like most financial services organisations, the customer is moving toward digital channels when it comes to engaging their clients, with a desire to reduce costs and speed up time to value.
The organisation has developed a “Cloud first, not Cloud only” strategy; meaning that where possible services will be consumed from the Cloud – whether that be SaaS, PaaS or IaaS, to accomplish this. There are two challenges with this model for a regulated business:
The customers current toolsets cannot cope with this new delivery model. The organisation acknowledged this potential gap and went to the market for a solution in the CASB space, but before doing so wanted to gain a baseline level of visibility into the current state of Cloud usage to identify:
The customer partnered with Nephos Technologies to answer these questions, as well as to help inform their decision-making process when it came to vendor selection to resolve these issues. Nephos Technologies delivered these answers through our Smart Discovery service. Nephos Technologies Smart Discovery service provides actionable insight into the Cloud services in use, as well as the risk that they pose to your data.
We deliver results in less than four weeks, and with no hardware/software deployment required from the customer. The combination of the simplicity of the approach, the breadth of Cloud services we identify (over 30,000) and the speed to get results were all critical factors for the customer when evaluating potential partners to work with. Nephos were selected as we demonstrated an ability to meet each of these criteria and were capable of working within the customers’ data handling processes.
Nephos identified over 3,000 Cloud services in use, almost 100x more than expected, posing a potentially significant risk to the clients’ data. Each of the services identified is given a risk score based on over 20 critical criteria, and this forms the basis of the remediation plan provided by Nephos. As part of the investigation, Nephos identified the following key information:
In addition to these areas, Nephos were also able to identify a number of Cloud services that contain regulated data, including 92 HR applications (only 5 of which would be classified as enterprise-ready) as well as number of Cloud services that lack compliance certifications or datacenter standards, such as SOC-1/2 or PCIDSS. Nephos’ Smart Discovery service gave the customer some much-needed visibility over their actual Cloud usage and risks, as well as informing their overall Cloud security strategy.
Nephos Technologies Enables Leading UK Financial Services
Firm to Identify Shadow IT in the Cloud