Global Atlantic Financial Group Shifts Left by Integrating Security into the Development Process

Global Atlantic Financial Group selected Prisma Cloud to centralize visibility and governance in their diverse multicloud environment. They tasked Prisma Cloud with migrating legacy infrastructure and on-premises applications into the company’s 2.0 environment. By taking on this challenge, Prisma Cloud enabled the security team to work more closely with the development and operations teams to integrate security into the application development and deployment cycle.

Global Atlantic, a leader in U.S. retirement and life insurance, is committed to delivering high-quality and secure services to meet the evolving financial needs of their clients. To accomplish this, the company transitioned their applications to the cloud and in doing so, has adopted a multicloud approach with AWS, Oracle, and Azure to meet their customers needs.

By migrating the existing infrastructure into this diverse multicloud environment, new security challenges needed to be identified and tackled, requiring the use of a modern cloud-native solution.

Prior to implementing Prisma Cloud, “There was a lack of visibility as well as governance in our cloud environment,” says Cole Horsman, AVP Cloud Security, Global Atlantic Financial Group. “There were a lot of developers who had full access to AWS in our cloud environment and they were largely in charge of owning the cloud environment.”

Cole also states, “Our challenge was to take our legacy environment, migrate it over to our 2.0 environment, and while doing that, we also needed to migrate our on-premises applications.”

Chris Bogaards, AVP of Information Security, Global Atlantic Financial Group, adds, “We had no insight into what developers were doing or what was being developed. Nor did we know what utilities were being used or what systems, applications, or languages they were written in. There were no guardrails in place.”

“Before Prisma Cloud, our environment was open to risk and vulnerable to malicious acts.” Bogaards continues, “The last thing any of us wanted was to see our name in a headline for being breached.”

“As we started evolving and looking into moving into the cloud space with AWS, we knew right away that we needed a solution to help integrate our enterprise security program with our cloud security program,” Bogaards affirms.

Already a satisfied Palo Alto Networks firewall customer, Global Atlantic knew they needed a modern solution to integrate their enterprise security program with their cloud security program. After evaluating potential solutions, it did not take long for them to select Prisma Cloud.

Prior to Prisma Cloud, development and security teams worked in silos. With Prisma Cloud in place; the single pane of glass visibility, governance and compliance installed, the Global Atlantic teams had a secure path to their cloud environment that brought them together.

In the beginning, Cole states, “We found that there were issues clearly not malicious but unintentional.” The primary goals of the security teams were to build tools and solutions to secure the environment while the developers focused on speed to market, agility, and getting the application deployed. In the end though, Cole continues, “Despite the different mindsets and the different objectives, the underlying goal was always the same and that was to build a better product.”

Prisma Cloud provided the necessary solutions and the results followed. By consolidating their entire cloud footprint into a single view and enabling built-in governance policies, Global Atlantic was now able to stay ahead of the threats and risks that come along with deploying applications in the cloud.

It also became apparent that by adopting a shift-left approach the impact of deploying vulnerable applications minimized the cybersecurity threats.

The continued partnership with Palo Alto Networks has been a tremendous experience for Global Atlantic, especially as they continue to expand into the cloud space and grow.

With Prisma Cloud’s centralized visibility and control, Global Atlantic effectively identified dangerous security threats and misconfigurations and remediated them before they impacted the business.

Streamlined Reporting and Remediation Through Automation

The ability to automatically generate reports for developers, application owners, executive-level management, and auditors—within hours instead of days or weeks—enables time-crunched teams to identify and eliminate risks much more quickly.

With consolidated visibility of cloud environments and prioritized risk, the proper teams are immediately alerted to threats, misconfigurations, and vulnerabilities, as well as resources that fall out of compliance. And by leveraging the automation functions within Prisma Cloud, teams can schedule remediation based on the company’s internal controls—which increases operational efficiency—and saves time.

Improved Code Security with a Shift-Left Approach

Catching security threats and vulnerabilities prior to deploying an application into the cloud has become a critical component in the development lifecycle. By embedding security early in the development process, Prisma Cloud greatly reduces the risk of deploying vulnerable code and applications. By shifting left, security teams can identify potential vulnerabilities and misconfigurations based on policies and remediate issues before they reach production.

Global Atlantic, a satisfied user of the Palo Alto Networks Next-Generation Firewalls, sought a modern solution to connect their enterprise security with cloud security. They chose Prisma Cloud after evaluating options. Prisma Cloud automated and simplified code-to-cloud security, uniting development and security teams by offering clear visibility, compliance, and governance across multicloud assets. Initially, risks complicated difficult organizational dynamics, but teams shared the goal of building better, more secure products for their clients. Prisma Cloud consolidated their cloud view, enforced governance, and prioritized risks. Integrating security early in development reduced cybersecurity threats. The ongoing partnership with Palo Alto Networks aided Global Atlantic’s expansion into the cloud.