Case Study

Modernising over 400 years of registry history with cloud security


With support from Palo Alto Networks, Registers of Scotland is modernising more than 400 years of registry recordkeeping with cloud security. By standardising on Palo Alto Networks Prisma Cloud as part of a comprehensive Palo Alto Networks cybersecurity strategy, Registers of Scotland has complete visibility into its Amazon Web Services (AWS) cloud posture and reassuring confidence in its configurations and compliance.


In brief

Customer

Registers of Scotland

Organisation Size

1,200 colleagues; two offices in Scotland

Industry

Public sector

Featured Products and Services

Land registry

Location

Edinburgh and Glasgow, Scotland


Challenges

Registers of Scotland is targeting the deployment of multiple new cloud applications as part of its digital transformation. The organisation needed to tackle the complex process of detecting and preventing development misconfigurations that lead to compliance violations.

Requirements
    • Create complete visibility into every deployed resource.
    • Prevent development misconfigurations reaching production.
    • Use intelligent reporting to demonstrate compliance.
Solution

Palo Alto Networks Prisma Cloud.

Download PDF Share

CHALLENGES

Public registry of legal documents

Registers of Scotland is a non-ministerial office of the Scottish Administration, responsible for maintaining records relating to property, and other legal documents.

Registers of Scotland has embarked on an ambitious journey, geared to re-platforming legacy systems to a modern cloud environment. Paper-based Land Registry processes Registers of Scotland has relied on for over 400 years are being replaced by electronic services, making the organisation more efficient, agile, and customercentric.

However, faced with a four-year timeline for this AWS cloud-first strategy and an accelerating pace of digital innovation, the newly formed IT Security team needed to quickly find a solution to better safeguard the organisation’s systems.

Bob Bowden, Security Architect, Registers of Scotland, explains: “The business was eager for digital change and wanted the IT Security function to provide assurance that the cloud was safe. The development architects in turn were coming to us, asking how we would secure their platforms.”

Penetration testing was ruled out as a way to achieve trusted cloud security, owing to the cost of both running the tests and remediating the issues.

According to Bowden, stitching together security data from disparate cloud security tools would also absorb resources and might overlook critical vulnerabilities. “We needed to keep track of changes to AWS services, identify misconfigurations, and focus on the alerts that signal a threat. For that we needed a single, best-in-class cloud security platform.”


quote

The development architects in turn were coming to us, asking how we would secure their platforms.

–Bob Bowden, Security Architect, Registers of Scotland

REQUIREMENTS

Prevent misconfigurations and threats

Bowden and his team established a cybersecurity solution would be required to:

  • Create complete visibility into every deployed resource.
  • Prevent misconfigurations in the development pipeline from reaching production.
  • Use intelligent reporting to demonstrate compliance.

SOLUTION

Complete, automated cyberattack protection

The deployment of Palo Alto Networks Prisma Cloud was the first step in an enterprise-wide implementation of almost the entire Palo Alto Networks portfolio, spanning network security, security operations, and endpoint security. The result is complete, automated protection against cyberattacks.

The initial scope for Prisma Cloud was to provide relatively coarse reassurance that the AWS platform was secure. Bowden and his team enabled policies for both GDPR and PCI, using these to determine the baseline for security. Default altering policies were set for configurations audits and anomalous events of interest. “In just a couple of days, we stood up a monitoring service to identify and respond to issues,” says Bowden.

Registers of Scotland then moved to the next phase of CSPM: code security. “Prisma Cloud is built into our continuous integration and continuous delivery pipeline from the start, automatically identifying misconfigurations and compliance violations in container images. Centralised visibility and policy controls ensure that only secure code is deployed.”

Registers of Scotland also realise the value of shifting security left in the development lifecycle. “Almost everything is defined as code,” says Bowden. “As our cloud-native environments become more automated, we will enforce quality gates into the pipeline.”


quote

The platform play is critical for Registers of Scotland. Prisma Cloud connects with the Palo Alto Networks portfolio to provide integrated Cloud Security Posture Management. The technology is rich with features, like runtime protection and vulnerability scanning. The mild learning curve also means we reach our future state faster.

–Bob Bowden, Security Architect, Registers of Scotland

BENEFITS

“Plug Prisma Cloud in, and AWS is secure”

This cloud-native security strategy has many benefits, enabling:

  • Faster ‘new service’ launches: Complete development visibility, threat detection, and automated response help eliminate vulnerabilities and speed up the launch of innovative new registry services. As Bowden says, “We simply plug Prisma Cloud in, and AWS is secure.”
    For example, Prisma Cloud revealed that half of the legacy vulnerabilities in the containerized, serverless estate were attributable to just 12 systems. “These systems were immediately isolated from the network, providing a measurable improvement to our risk profile,” says Bowden.
  • Accelerates time to value: Bowden forecasts that Palo Alto Networks will help Registers of Scotland complete its digital ambitions more quickly. “This security visibility enables Registers of Scotland to achieve the cloud migration at speed without unquantified risk,” he says.
  • Increases in efficiency: Prisma Cloud security automation saves Registers of Scotland the equivalent of four full-time staff. By analysing, for example, network traffic, user activity, and configurations, IT Security can respond faster. “It’s predominantly self-service now. Our people only chase tickets outside of SLA,” says Bowden.
  • Governance and compliance: Registers of Scotland is eliminating the security constraints around cloud-native architectures, breaking down security operational silos across the application lifecycle, allowing DevSecOps adoption and enhanced responsiveness. Prebuilt compliance frameworks are included, with the flexibility to build custom frameworks.
  • Security ‘from the get-go’: Registers of Scotland is building security into the CI/CD pipeline from the outset of the DevOps process. Security is not an afterthought. The office is also considering the deployment of Bridgecrew to deliver ‘shift left’ security across the entire application lifecycle.

quote

Prisma Cloud is transforming Registers of Scotland’s posture management, cutting through the complexity of managing the AWS environment, and shortening the gap between vulnerability discovery and remediation.

–Bob Bowden, Security Architect, Registers of Scotland

Read the full Registers of Scotland case study, and discover the value Registers of Scotland gained by using Palo Alto Networks Cloud-Delivered Security Services.