Making a cloud-native approach secure—and compliant—across every cloud.
- Gain visibility into the cloud-native InSight DXP application (and all cloud-native workloads) in Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure, and beyond.
- Maintain the highest level of security in a complex and evolving multicloud environment with a lean InfoSec team.
- Ensure compliance with a range of cybersecurity frameworks and government regulations around the globe.
"We don’t consider Palo Alto Networks a vendor. We consider them a partner."
– David Williams
Information Security Officer, Iron Mountain
Securing a cloud-native application from the start
When Iron Mountain set out to build Iron Mountain InSight DXP, its AI-driven cloud-native application, it needed an upgrade from its cloud service providers’ native security tools. “With all three major clouds and six or seven tools, whenever there was an issue, it was a pain to try to figure out which cloud or vendor it was,” explains Information Security Officer David Williams. More tools resulted in more complexity, redundancy, confusion, and labor.
Already a Palo Alto Networks client, Iron Mountain selected Prisma Cloud to resolve its multi-console problems.
Seeing everything, down to the grain
According to Williams, Prisma Cloud “made InSight DXP possible.” Support for workloads across AWS, GCP, and Azure streamlined the security team’s operations with end-to-end visibility into Iron Mountain’s security and compliance posture. Specifically, Iron Mountain can now see which particular policy or rule is being violated from a compliance standpoint as well as where that violation falls in terms of impact or remediation priority.
"Prisma Cloud not only made my job and my team’s jobs so much easier; it made our jobs possible. We didn’t have this type of insight into our environment without jumping through hoops...but now we have a solution with everything laid out in one place where we can dive deeper and see a robust picture."
– David Williams
Information Security Officer, Iron Mountain
-
Consolidation changes the game
![]()
Before Prisma Cloud, closing security gaps required a series of time-consuming and duplicative tasks. Cloud security engineers and analysts would log in to each cloud, look up common vulnerabilities and exposures (CVEs) in the global CVE database, find the criticality levels, conduct remediation, and mark the task as finished. Now, with Prisma Cloud, everything can be viewed in one place—“served up on a platter,” Williams marvels. He credits Prisma Cloud with increasing his team’s efficiency by a full 30%. “With the number of hours that Prisma Cloud saves us,” he says, “it’s like the difference between riding a bicycle and riding a motorcycle.” -
Distilling alerts down to their essence
Iron Mountain was no stranger to alert overload, and with identical workloads across clouds, redundancy was a major pain point. Before Prisma Cloud, if there was an issue within Kubernetes in Google Cloud, the same alert would signal in AWS and Azure Kubernetes too. Then those three alerts would get multiplied by the number of Kubernetes instances—as many as 100—resulting in 300 alerts for a single issue. Prisma Cloud consolidates all 300 alerts into one, dramatically reducing the signal-to-noise ratio for Williams and his team.
-
Bringing security into the code
Another significant benefit of Prisma Cloud is its ability to empower DevOps with security capabilities, which has been transformative at a company with hundreds of developers and only a handful of InfoSec personnel. “I was able to turn our developers into junior security engineers because they’re now policing our code in real time through Prisma Cloud,” Williams reports. Misconfigurations are much easier to catch and fix, too, giving Iron Mountain the ability to be preemptive and proactive instead of reactive.
-
Baked-in support for global compliance
Before Prisma Cloud, closing security gaps required a series of time-consuming and duplicative tasks. Cloud security engineers and analysts would log in to each cloud, look up common vulnerabilities and exposures (CVEs) in the global CVE database, find the criticality levels, conduct remediation, and mark the task as finished. Now, with Prisma Cloud, everything can be viewed in one place—“served up on a platter,” Williams marvels. He credits Prisma Cloud with increasing his team’s efficiency by a full 30%. “With the number of hours that Prisma Cloud saves us,” he says, “it’s like the difference between riding a bicycle and riding a motorcycle.”
-
Reporting that shows and tells
![]()
The reporting capabilities in Prisma Cloud—especially the one-click feature—are also responsible for big leaps in efficiency. Williams can pull from hundreds of out-of-the-box reports, customizing them to meet the needs of individual regulations or customers. When auditors want to observe the security tools in action, Williams does a live screen-share. “We show the green checkmarks and allow the auditor to take screenshots, showing exactly what we’re doing, how we’re doing it, and how efficient we are.”
Before Prisma Cloud, closing security gaps required a series of time-consuming and duplicative tasks. Cloud security engineers and analysts would log in to each cloud, look up common vulnerabilities and exposures (CVEs) in the global CVE database, find the criticality levels, conduct remediation, and mark the task as finished. Now, with Prisma Cloud, everything can be viewed in one place—“served up on a platter,” Williams marvels. He credits Prisma Cloud with increasing his team’s efficiency by a full 30%. “With the number of hours that Prisma Cloud saves us,” he says, “it’s like the difference between riding a bicycle and riding a motorcycle.”
The reporting capabilities in Prisma Cloud—especially the one-click feature—are also responsible for big leaps in efficiency. Williams can pull from hundreds of out-of-the-box reports, customizing them to meet the needs of individual regulations or customers. When auditors want to observe the security tools in action, Williams does a live screen-share. “We show the green checkmarks and allow the auditor to take screenshots, showing exactly what we’re doing, how we’re doing it, and how efficient we are.”"When I’m on a video call and an especially tough customer asks what tools we use for security, I like watching their face when I say Prisma Cloud. Often enough, they’re ready to move on immediately. They use the tool, too, so they know we’re taking care of business."
– David Williams
Information Security Officer, Iron Mountain
An AI-forward future
It’s important to Williams that Palo Alto Networks is embracing AI, just as Iron Mountain has done with their InSight DXP app. “We have a small team,” Williams says. “If AI could find a problem, report it, and even remediate it, that’s going to be game-changing for us.” With AI handling alerts all the way through remediation, Williams and his team would be able to embrace even more innovation in the cloud. Fittingly, he has a close eye on the new cloud detection and response (CDR) offering from Palo Alto Networks and will be evaluating it soon.
Find out more about how Palo Alto Networks best-in-class solutions can improve security for your organization. Learn more about Prisma Cloud here.
"Our customers trust us to be at the forefront of security so they can sleep at night. I trust Palo Alto Networks to be at the forefront of security so I can sleep at night."
– David Williams
Information Security Officer, Iron Mountain
Share this story
