Vice President - Infrastructure & Security at Oman Airports
How Service Providers Use Runecast Analyzer
Our newest customer is a leading provider of integrated ITS and fare collection solution for public transportation across North America. Worldwide, their parent company has over 600 customers and more than 700 employees working in projects in 20 countries making it one of the most recognized companies in the public transportation technology sector. Innovative IT projects play a key role for expansion and their IT team deploys new or expands existing infrastructure environments to host their software for remote clients.
Challenge: Securing customers’ environments
The IT team typically deploys within existing customer-owned virtualized environments or provides new infrastructure sized to the specific customer’s capacity, availability, and grow the needs. As the number of customers grew and the requirements varied, it became a challenge for the IT team to create a support environment capable of managing, updating and securing each customer in a timely fashion. Their Director of IT, David, searched for a solution that would decrease the amount of time to evaluate each environment, eliminate unknown risks,and decrease research effort required for each customer and project without requiring significant additional hypervisor licensing costs or skills.
Solution: Free Trial Detected Critical Issues
Ultimately, the IT team decided to try the free trial of Runecast Analyzer and, within one hour,successfully scanned and generated a list of configuration issues and security hardening problems for one of their newest projects. As such, Runecast was tested on a brand new deployment with the most recent OEM provided hypervisor image, and with all critical and important security updates already deployed through the hypervisor’s update utility. The initial list of problems detected by Runecast resulted in identifying 23 Critical and Major issues, and 18 Medium and Low ranked issues. Among the most critical issues, were unidentified PSOD scenarios, Spectre/Meltdown findings, and security hardening misconfigurations.
With a successful free trial highlighting so many issues, they decided to invest in Runecast Analyzer, deploy it into their most recent project, and recommend it as a standard inclusion in future projects.
Results: ROI Through Reduced Risks and Effort
They are using Runecast to successfully and proactively mitigate issues which could cause an outage. Decreasing risks prior to production deployment and improving availability are primary benefits.
“We’re simultaneously hardening our environment and producing the artifacts required to prove it”, says David. “Through using the persistent notes functionality, our team is able to easily communicate on the status or applicability of each finding thus reducing re-work. Ultimately,it’s the reduction in re-work across all of our environments that will likely be the largest return on investment.”
The addition of Runecast helps identify and refine the process of creating and maintaining secure operating environments. David estimates Runecast will virtually eliminate research time and allow engineers to focus on resolutions. Since research time is the bulk of time spent when evaluating different environments, they estimate that the addition of Runecast in their solution could reduce IT efforts by at least .25 FTE.
By implementing Runecast Analyzer, the IT team has seen several positive results:
- 80% savings in configuration and manual security manhours/effort
- .25 FTE savings in overall VMware maintenance efforts
- 1 hour to deploy Runecast Analyzer to the production server
- 43 important issues detected, including 2 PSOD, during initial deployment.