360Learning Matures Its Cloud Security Posture with the Orca Cloud Security Platform

360Learning Has an Innovative Platform for Collaborative Learning

360Learning enables companies to upskill from within by turning their subject-matter experts (SMEs) into champions for employee, customer, and partner growth. Using 360Learning’s innovative SaaS learning management system (LMS), Learning & Development teams can accelerate upskilling with the help of internal experts instead of slow top-down training. These SMEs can create compelling learning experiences without the burden of building complex content or even hiring an instructional designer.

360Learning is the easiest way to onboard employees, teach new skills, train customer-facing teams, and enable customers and partners with new knowledge—all from one place. Founded in 2013, 360Learning powers the future of work at more than 1,700 organizations worldwide.

Asset Inventory and Operational Security Are Top Concerns

Guillaume Seigneuret joined the company in 2021 as Head of Security. “Given the nature of the company’s business, we face multiple security challenges,” says Guillaume. “Our LMS contains a lot of personal data about the people taking training through our system, and our customers expect strong security around that data. Then we have customers that provide us with proprietary strategic information that they want to share with their employees to help them learn the processes, the company strategy, and the way of doing things. We are required to have a high level of security protecting this strategic information.”

The LMS is a SaaS platform built entirely in the cloud. The environment is about 95% Microsoft Azure with some resources in AWS and GCP. “We mainly have traditional VMs because they are less expensive, as well as other services such as buckets and object storage,” says Guillaume. “As for security issues, we have two main concerns. We have the inventory and review of assets, including configurations. And we have operational security, which is coverage of malware, passwords inside files, suspicious ports opened, ports opened by applications we don’t know about, and so on.”

Guillaume began looking at suitable security tools, with a priority to address the need for asset inventory and a means to evaluate the configuration of assets. “I was looking for a tool to control our cloud environment and to know what people are doing with the assets,” he says. “I went to the Orca website and was intrigued by the offering. It seemed to be exactly what I was looking for. After getting a demonstration, I concluded the tool was perfect for us. Orca works to address both sides of our security concerns.”

Guillaume learned that Orca provides many capabilities that are typically derived from multiple different solutions, such as cloud security posture management (CSPM), cloud workload protection platform (CWPP), regulatory compliance, asset management, and others. He eventually would like to take the asset inventory information Orca provides and send it to Axonius. Orca has an integration with Axonius that will help facilitate this transaction.

Weighing Other Cloud Security Tools

Guillaume looked at other security tools before finding Orca. “I looked at CrowdStrike because they are putting inventory capabilities into their cloud platform. What they showed me was kind of interesting but the product was still in development and they weren’t prepared to sell it yet,” says Guillaume. “I looked at Dome9 from Check Point Software but the interface is very heavy and the configuration process is not so clear.”

In a previous job, Guillaume had experience with Prisma Cloud from Palo Alto Networks. “Although it’s a good product, I didn’t like it because it was too heavy to deploy. It’s expensive and very hard to configure,” he says. “The time between engagement with the vendor and having an effective tool on your platform is three months. This is a pain point I didn’t want to go through at 360Learning.”

Guillaume explains the paradox of a tool like Prisma Cloud that requires an agent to be deployed. “Before you buy the tool, you don’t know exactly what you have in your cloud environment. This is, after all, the reason you are buying the tool. But when you don’t know what you have, you don’t know exactly what to purchase. You have to be careful about the licenses because if you deploy badly, you can have a huge invoice at the end of the month.” 

If he were to install an agent-based tool at 360Learning, he’d have to install it on every VM. That means having to write an Ansible playbook to embed the agent and configure it. Guillaume estimates this would take four to five months on installation and configuration. “This would be time spent by the security team and the DevOps team, because DevOps would necessarily be involved installing the agents,” he says. “This causes friction within the teams. DevOps cares about security but they don’t want the added work to deal with it.”

“When you choose an agent-based tool for asset inventory, the first goal of the tool is to do an inventory. You have to install agents before you can do the inventory, but without the inventory you don’t know what you have that needs an agent.”
Guillaume Seigneuret

Head of Security

In contrast, deploying the Orca Cloud Security Platform at 360Learning took about 15 minutes. “Deployment was fast and easy. Within 24 hours I had all the information I needed to have on the assets and the configurations,” says Guillaume. “And now every time something new is installed, we know about it and we don’t have to do anything. Orca is perfect for us.”

Orca Addresses Many Cloud Security Needs

Orca serves many different needs for 360Learning. “During times when we are preparing for security certifications and audits, Orca helps us demonstrate that we have control of our assets,” explains Guillaume. “At other times, day to day, the important thing is to find threats or to have some indication we are not degrading our security posture. Sometimes I go searching for risks or major alerts, like when we have CVEs on the dashboard. We are concerned about the security news so I will go deeper in this section for details.”

One of the tool’s features that Guillaume uses every day is the Orca Security Score on the Risk Dashboard. The score is a composite measure of a set of data-driven performance metrics in the areas of suspicious activity, IAM misconfigurations, data at risk, vulnerable assets, and responsiveness to risks. “I look at this score on a daily basis to see if the mark is degrading at all. If it is, that tells me that something bad is going on so I start digging to see what it is,” he says. “The Security Score is the fastest way to see if we have any ongoing mistakes or problems.”

Guillaume discovered a lot of interesting things using the Orca Platform. “We discovered a Kubernetes cluster set up by developers that wasn’t being used. We discover new machines each week that are being used for tests and the developers forget to stop the machines, which incurs extra costs. Also, I am all about the IAM. I am very focused on this and so I regularly go to the IAM part of the dashboard to see if anyone left the company and the credentials are still active.”

Guillaume has not yet had the time to use Orca’s compliance capabilities but it’s definitely on his roadmap. His intention is to have this set up within the next few months. In the meantime, he uses Orca’s information about controls to satisfy customers’ inquiries about security. “We often have to answer questionnaires for customers and Orca has the answers for a lot of these questions,” says Guillaume. “Before we had to tell them we do manual control and it wasn’t very convincing. Now I can prove we have the controls. This has a lot of value for us because it saves us time and money.”

360Learning’s DevOps team has access to Orca’s data. Guillaume says this team uses the tool to check the delta between their Terraform state and the real state of the cloud accounts.

“Our CTO was obviously concerned about security. I showed him what we are able to do with Orca and he was both amazed and reassured. Security is one less thing to worry about now.”
Guillaume Seigneuret

Head of Security

Orca Advances Cloud Security for 360Learning

Using Orca has definitely allowed Guillaume to increase his visibility into his cloud infrastructure. Before Orca, 360Learning had difficulty getting visibility into all of their cloud accounts and viewing a complete inventory of assets and workloads. “Now I think I see almost everything on the accounts. Our visibility has improved immensely.”

Another benefit is how Orca prioritizes alerts so that the security team knows what to work on first. While other security tools just return a list of non-prioritized issues, Orca filters the most important ones to the top of the dashboard. Guillaume says that if he sees something with high priority, he knows to address it right away.

But more than anything, Guillaume knows he has improved 360Learning’s security posture. “Orca has helped us mature our security stance and given us peace of mind for our security operations.”