Prisma Cloud Accelerates Iron Mountain’s Multi Cloud Strategy with Shift Left Security and Continuous Compliance

Focused on expanding its routes to market and providing digital services in addition to traditional brick-and-mortar offerings, the company’s newest product, Iron Mountain InSight, is a cloud native application that uses machine learning and AI to automatically classify, extract, and enrich physical and digital content.

While the central team is responsible for the overall creation and monitoring of cloud security best practices, smaller security teams handle “slices” of the cloud, usually focused on one major cloud service provider (CSP). Well over 100 people—security, developers, and DevOps—support the InSight application alone, which is primarily operated in Google Cloud.

With InSight as the primary focus, Iron Mountain began by outlining its security and compliance requirements. To adhere to FedRAMP compliance standards as well as effectively identify and remediate noncompliant resources would require automation and continuous monitoring of systems.

For security, the company’s strategy and approach needed to enable its multi-cloud development and operations while keeping pace with the speed of the business and minimizing risk. The ability to “shift left” and integrate security into DevOps workflows was deemed critical to keep Iron Mountain and its customers secure.

To be able to move at the speed of business, “Timing is everything,” says David Williams, cloud manager at Iron Mountain. “The speed at which technology moves these days means you have to be prepared to shift at the drop of a dime and work with partners who are able to do the same.”

In working with the right cloud security partner, David and his team felt they could achieve that goal. In fact, Iron Mountain built the InSight product knowing they would have Prisma Cloud as the backbone to secure it. Relying on the native security tools from CSPs simply didn’t provide the levels of visibility and control the company required.

According to David, “Prisma Cloud made InSight possible.” Support for workloads across Amazon Web Services (AWS^®), Google Cloud, and Microsoft Azure^® streamlined the security team’s operations with end-to-end visibility into Iron Mountain’s security and compliance posture. Specifically, Iron Mountain can now see which particular policy or rule is being violated from a compliance standpoint as well as where that violation falls in terms of impact or remediation priority. The single-pane-of-glass management view not only allows the security team to leverage tailored reporting, but also serves as evidence for auditors that there is a defined process in place.

Prisma Cloud has empowered Iron Mountain to focus on what matters most: the team. This is accomplished through:

• Fostering a DevSecOps culture: The ability to shift left and integrate security throughout the CI/CD pipeline, without adding friction caused by non-integrated tooling, has helped shift developer resistance to embedding security checks in their workflows.
• One-click, custom compliance reporting: Being able to continuously monitor for compliance violations in a cloud-agnostic manner has allowed Iron Mountain to use customizable reporting in any cloud environment without needing to reconfigure or start from scratch. As a result, the team can maintain compliance in a uniform manner more efficiently and comprehensively.
• Reliable, trusted security partnership: Palo Alto Networks is a trusted and valued security partner. “Palo Alto Networks’ reputation, and more importantly, the people, made all the difference,” David says. “They didn’t look at us as a sales number or statistic. Instead, they take feedback and share the roadmap to help us plan, prepare, and scale for a secure cloud-first future.”

To learn how Prisma Cloud can enhance your security strategy, visit www.paloaltonetworks.com/prisma/cloud.