A large payment processing company in the United States was tasked with increasing IT agility to support their business objectives. This organization delivers solutions for 250,000 businesses and is a leader in end-to-end encryption technology designed to protect cardholder data rendering it useless for cybercriminals. To meet the challenge of faster, more flexible deployment of applications that have a direct impact on revenues and customer responsiveness, and to leverage micro-segmentation, they were evaluating VMware NSX. As a financial entity that processes credit/debit/prepaid cards, the organization must comply with every financial regulatory requirement, including PCI DSS, Personally Identifiable Information (PII), and state regulations.
The evaluation of VMware NSX raised concerns around the administrative overhead of enforcing a unified security policy across multiple platforms, and the burden of managing VMware NSX micro-segmentation. This high priority project demanded automation in order to maintain business agility, establish a repeatable process, and ensure security and compliance by eliminating the human element. The Firewall team was familiar with Tufin’s solution for security policy orchestration for their Juniper and Check Point network devices. They requested similar security visibility, change control and compliance reporting for VMware NSX as they have with Tufin for Juniper and Check Point.
The organization decided on deploying VMware NSX together with Tufin Orchestration Suite because it delivered standard security visibility and controls while being platform agnostic. The integration assured unified change controls, audit and compliance for physical and virtual networks, and resolved the concerns of the customer. Plans are for the joint solution to also be used to stage and push network connectivity changes in a secured, compliant and unified manner across the enterprise network. Instead of identifying required changes per platform/ vendor and then processing them per device, Tufin Orchestration Suite runs path and policy analysis across physical and virtual platforms and in the future will orchestrate the changes to full completion. This not only saves time and effort, but also reduces human error and increases the reliability of the network infrastructure.
