Teads innovates faster using complete cloud-native application protection platform

Teads is a Global leading AdTech organisation, providing both publishers and advertisers with a modern, digital marketing communications platform branded ‘The Global Media Platform’. Established in 2011 and headquartered in New York, Teads has more than 1,000 staff and operations in 30 countries. Some 95% of Fortune 100 companies advertise with Teads.

Teads helps premium publishers monetize their digital ad space, supporting multiple ad formats like the inRead, a video format located at the heart of editorial content. The company has since expanded providing innovative tools such as an in-house creative studio, powered by data to drive results.

“Our Global Media Platform reaches nearly two billion people every month across the world’s best publishers,” says Oussama Benzaouia, CISO, Teads. “As a supply-side AdTech platform, we collect and use data to help make online advertising more relevant. We also use data for ad delivery and reporting. It’s my job to ensure this data is protected – both from a brand reputation standpoint and for data privacy compliance purposes.”

Data security is especially important in the application development phase. A dedicated, 200-strong Innovation Team in France (Montpellier & Paris) and Romania are continuously creating new features to help publishers achieve their monetization goals and advertisers better reach their audiences. The company already had strong security processes, but business growth demanded a new strategic Information Security programme to cover the end-to-end development cycle, from both operational security and governance standpoints.

“Teads is a cloud organisation through and through. We needed a comprehensive, cloud-native application protection platform to secure the software supply chain – all the way from the code base to the cloud. For example, we needed to monitor whether the cloud configurations are correct and have an auditable overview of what is happening across the platform,” Benzaouia explains.

Benzaouia and his team had two options: implement an assortment of different security tools or leverage a single, unified best-of-breed security portfolio from a proven partner.

Teads chose the latter route.

Teads established multiple requirements for this new cloud-native application protection platform. These include:

• Detect and prevent misconfigurations and threats that could lead to data breaches and compliance violations.
• Secure cloud infrastructure and cloud-native applications through cloud security posture management (CSPM) and cloud infrastructure entitlement management (CIEM).
• Eliminate manual multicloud compliance reporting.
• Scan the infrastructure code (IAC) and remediate potential vulnerabilities at an early development stage.
• Run forensic analysis against incidents and investigate threats with custom queries.

Benzaouia had been a satisfied Palo Alto Networks customer at a previous broadcasting company and was eager to repeat the success at Teads. “Everything is so easy with Palo Alto Networks,” he says. “The native integration is seamless, the visibility is complete, and the automation takes care of the vast majority of monitoring. There’s no impact on our resources either.”

Teads is using Palo Alto Networks Prisma Cloud to eliminate cloud blind spots, achieve compliance, and proactively address risks. This modern cloud-native security platform supports Teads’ entire cloud infrastructure, split between AWS and GCP.

Prisma Cloud provides the security team with 360-degree visibility into everything from data objects to entitlements and user permissions. “Two features are particularly useful. One is the ability to automatically classify objects in cloud storage that contain personally identifiable information patterns. The second is the CIEM module, which allows us to identify baseline behaviour and identify where the user connects from,” says Benzaouia.

Prisma Cloud also secures Teads’ fast-growing, continually changing infrastructure. The distributed team of 200 engineers use an agile, automated continuous integration/continuous development (CI/CD) process.

Teads platform is based on hosted containers (Docker & Kubernetes) which scale up and down, depending on traffic, leveraging cloud-native Autoscaling mechanisms. On average there are 3,000 instances running.

Teads is now also moving to ‘shift left’ security, with Prisma Cloud’s infrastructure as code (IaC) security. “IaC scanning and code fixes are embedded directly into developer tools. This enables our developer and security teams to address cloud risks much earlier,” says Benzaouia.

Unified cloud security posture management provides complete visibility and control over all AWS and GCP environments, from a single console. Separate, non-integrated tools would create friction, complexity, and introduce security gaps, ultimately delaying development. It takes half the time to manage cloud security using Prisma Cloud as it would do using multiple cloud-native tools on separate platforms. The risk of errors, like missed alerts, using the unified security platform is lower too.

A safe compliant Ad

Tech Features such as cloud asset inventory, configuration assessment, and automated remediation provide comprehensive visibility and control, ensuring security is managed to help the team stay in compliance with regulations such as GDPR or achieve its SOC 2 certification goal. For example, Teads leverages the data discovery module to make sure its security controls match the assigned data classification level.

Supports Teads’ future innovation mission

Benzaouia concludes, “Our business is entirely in the cloud, which offers significant advantages in terms of agility, flexibility, and cost. However, gaps in cloud visibility can arise and the attack surfaces widen, both of which threaten security and compliance. By standardising on Palo Alto Networks Prisma Cloud, Teads benefits from a cloud-native security solution that provides preventive security across our clouds, applications, data, networks, and users.”