Petronect migrates to the cloud with lower risk and greater flexibility

Petronect has part of its infrastructure on premises and part in the cloud with partner companies Amazon (AWS), Google and Azure, as well as the SAP Cloud Platform. These environments are connected and exchange information intensively.

When Petronect employees identified cases of insecure applications being used without the knowledge or authorization of the IT department, known as Shadow IT, while they were still operating on-site, it became necessary to have greater control over data traffic and application management. “At that time it was important to have visibility of which applications the users, almost 350 professionals at the start of 2020, were using on a daily basis to solve their problems. We needed greater control over information traffic, as well as closer management of cloud services,” says Rodrigues.

“The security team was very concerned about migrating all 350 employees to the home office, because we knew that the number of threats (ransomware, malware, phishing, etc.) would increase significantly. Implementing Netskope’s solutions gave us greater security, a very important pillar for Petronect, since access to the web would no longer be a problem. We had already implemented the Next Generation Secure Web Gateway with very strict rules, using the Cloud Confidence Index (CCI) feature to inhibit the use of applications with a low reputation,” Rodrigues points out.

With the CCI solution, Petronect has automated the selection of systems suitable for corporate use. The tool also analyzes more than 50 criteria including compliance certifications, DLP policy controls, encryption, etc.

Another important highlight of Netskope’s solutions is being able to control the use of cloud applications according to the service instance. With this feature it is possible to give users greater flexibility, since it only blocks specific services and not all of them. “We are currently able to use Google’s corporate instance and block its personal instance if we need to,” says Leandro.

Another highlight of the Netskope platform is that it can be integrated with other security tools, such as the Palo Alto Networks firewall and the Crowdstrike solution.

It’s worth noting that the process of evaluating the use of cloud applications has been optimized using the intelligence delivered by Netskope. “The CCI (Netskope Cloud Confidence Index) feature delighted us with the resources of the Netskope solution, as we had a great deal of work to do analyzing documentation and application security requirements and we were able to automate the entire process of controlling these applications with the CCI,” says the Security coordinator.

Both during the testing phase and after the project was implemented, the Netskope team was very willing to contribute and answer questions.

The work of Contacta, Netskope’s partner in this project, was also highlighted. According to Petronect’s security coordinator, “the channel’s work was fundamental, especially during the testing period, because we knew little about Netskope’s tools, and they were very willing to help us,” says Rodrigues.

With regard to information security, the company has strict guidelines that standardize procedures, as well as enabling and ensuring the protection of its own services, operations, developments and assets, as well as those of its clients and employees, from deliberate or accidental threats in its business processes.

Security is one of Petronect’s main pillars. The company aims to use more cloud services and cloud infrastructure with its partners Amazon, Google, Microsoft and SAP. According to Rodrigues, the company is aiming for an architecture as close to Zero Trust as possible. “With Netskope we are going to make significant progress in terms of Zero Trust, especially in web access. We also intend to expand to other services with new control points such as user authentication, device authentication, etc. We also plan to implement a reverse proxy with cloud services with proactive control of user operations that can be inspected,” says Petronect’s security coordinator.