Case Study

Digital Native Company Skedulo Integrates Comprehensive Cloud Security to Gain Business Value


Prisma Cloud addresses vulnerabilities quicker, prioritises risk, and eliminates blind spots across the application lifecycle.


In brief

Customer

Skedulo Pty Ltd

Product and Services

Mobile workforce management tools

Industry

High Technology

Organization Size

350+

Country

Australia


Challenges

Skedulo required realtime visibility and a comprehensive platform to help the company address cloud-based vulnerabilities and misconfigurations. Also, as a startup, they needed to demonstrate their cybersecurity strategy and controls to investors and customers.

Requirements
    • Improved capabilities: single platform for both IaC security and runtime application security
    • Ease of management:
      comprehensive cloud security posture
    • Business value
    • Established partner in cybersecurity
Solution

They selected Prisma® Cloud from Palo Alto Networks, as it offered better cloud native security capabilities across the application lifecycle, as compared to other solutions.

Download PDF Share

INTRODUCTION

Skedulo Pty Ltd. is a growth stage startup focused on making efficient mobile workforce management tools. They create cloud-based software to allow any company in any industry to schedule, manage, engage, and analyse their deskless workforce. While Skedulo had a lean team of security experts and infrastructure engineers to manage their everyday security requirements, Taylor Reed, Head of Information Security, was on the lookout for a cloud security platform that could complement their cloud native approach (building and running applications using different technologies like infrastructure as code or a DevOps/Agile approach), to give them the horsepower of an enterprise-level security team.

CHALLENGE

Real-time visibility, data security for enhanced cloud security strategies

As an entirely cloud-based company and with a little over 350 people, Skedulo had a mix of security and infrastructure engineers overlooking their security requirements. As head of security, Taylor Reed oversaw compliance, statutory, and regulatory requirements as well as IT, endpoint, and cloud security. To add to this, being a startup, the company needed to assure investors that they had robust cybersecurity strategies and controls in place. “We needed a comprehensive security platform that could integrate seamlessly with our cloud-native approach and offer us real-time visibility into our cloud security posture,” says Reed, before adding, “The solution we opted for, also needed to address vulnerabilities.”

For Skedulo, a software-as-a-service (SaaS) provider, protecting customer data across multiple verticals was of prime importance. For instance, regulatory compliance is mandatory for their healthcare sector customers. Whether it is adhering to the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act, 2009 in the US or the Privacy Act, 1988 in Australia, adhering to regulations is a crucial requirement. Taylor recalls how, in 2021, an application was built by Skedulo to schedule COVID-19 vaccinations. This was adopted by both New Zealand and the state of California, and Skedulo ensured that the data of millions of people were protected using best practices. Taylor reiterates, “Data across all industries is important to us and we are committed to investing in superior security tools to do right by our customers.”


REQUIREMENTS

Comprehensive cloud management, best-of-breed capabilities and improved business value

While Skedulo had a few different security-related applications and dashboards in place, Taylor and his team were on the lookout for a dedicated cloud native security posture management tool. The solution they opted for had to offer:

  • Improved capabilities: a single platform that could manage infrastructure as code, or IaC, security and runtime application security
  • Ease of management: Working with a single vendor would provide a holistic picture
  • Business value: moving away from disparate point solutions to a one-stop shop
  • Trusted partner in cybersecurity: a long-term, well-established partner

quote

We needed a comprehensive security platform that could integrate seamlessly with our cloud-native approach and offer us real-time visibility into our cloud security posture.

— Taylor Reed, Head of Information Security

SOLUTION

A single, unified solution to secure infrastructure across cloud environments

Through a detailed, structured, and proof-of-value phase, the Palo Alto Networks team worked closely with Skedulo to ensure all their assessment use cases were addressed. All parameters that Skedulo wanted in the new solution were included and in-depth training was provided to the team at Skedulo. Prisma® Cloud by Palo Alto Networks was selected as the solution to address all Skedulo needs. This included Cloud Security Posture Management (CSPM), Cloud Workload (CWP) as well as Cloud Code Security (CCS), which, in particular, ensured security is integrated with developer workflows.

“The Prisma Cloud team at Palo Alto Networks spent time walking us through the features that differentiated their offering from competitors, clearly demonstrating that their solution would integrate with our software supply chain to scan code repositories and provide developer-focused security,” says Taylor.

When asked what stood out for him with regard to Prisma Cloud, Taylor responds, “The depth of knowledge that the sales team and solution architects had was particularly impressive. Their knowledge went beyond merely rattling off product data points, and encompassed information security as a whole, which they willingly shared with our team at Skedulo.”


quote

The Prisma Cloud team at Palo Alto Networks spent time walking us through the features that differentiated their offering from competitors, clearly demonstrating that their solution would integrate with our software supply chain to scan code repositories and provide developer-focused security

— Taylor Reed, Head of Information Security

BENEFITS

Complete code to cloud visibility

With Prisma Cloud, Skedulo has gained a comprehensive solution that ticked all the boxes, giving them not only the best possible visibility on their cloud environment but also a preventative-first approach. Taylor compares the environment before Prisma Cloud to that of a dimly lit room. Today, he says, it’s like “a light switch has been flicked on, providing complete real-time visibility.”

Shortened time from vulnerability discovery to remediation

With real-time data and visibility available across all environments, vulnerability management has moved from being manual to automated. Skedulo has reduced dwell time, or the time after a breach has been made to the time it is identified, from weeks to days.

Improved risk assessment

Prima Cloud’s dashboard enables investigation and intelligence with minimal use of time and resources. Taylor highlights how Prisma Cloud comes with built-in policies aligned to compliance frameworks and industry best practices, providing him with a visual reference. Using the quadrant value in the vulnerability section of Prisma Cloud, Taylor has clarity on the level of risk (high, medium, low) and the kind of risk (internal or external), allowing him the opportunity to prioritise and jump on the dashboard and “travel down the rabbit hole rapidly, from a high level to a line level and come back up.”

Enhanced business value

Skedulo was able to deploy Prisma Cloud with limited impact on their resources. Taylor considers Prisma Cloud as a team or force multiplier. “With Prisma Cloud, Skedulo is now able to assess the right things at the right time and prioritise risk, instead of tying up valuable resources manually investigating vulnerabilities.” While onboarding the solution, Skedulo has gained access to several additional features that are readily available with Prisma Cloud.


CONCLUSION

For Skedulo, it was imperative to partner with a security provider of repute like Palo Alto Networks. They were looking for an established company, one that would not be acquired by another organisation, as they had experienced in the past. Taylor sums things up, saying, “With Palo Alto Networks, it’s a win-win situation. On the one hand, we have access to their global reach and continued cybersecurity capabilities, including cloud security. On the other hand, we have local representation, always ready to step in and help.” As the relationship progresses, Skedulo is open to expanding their solution suite and bringing in additional functions from Palo Alto Networks.