Panorays: Tightening up cyber security with Google Cloud Platform

About Panorays

Panorays automates third-party security management, enabling companies to easily view, manage, and engage on the security posture of their vendors, suppliers, and business partners. With the Panorays platform, companies dramatically shorten their third-party security evaluation process and gain continuous visibility.

Industries: Technology
Location: United States and Israel

Panorays used Google Kubernetes Engine to build a stable, scalable security platform that enables clients to map their security posture and enhance third-party security evaluations.

Google Cloud Results

  • Enables customers to make hundreds of vendor security assessments in days rather than months
  • Develops customized solutions in a flexible environment that allows them to work across multiple cloud vendors
  • Scales at speed with minimal management overheads, allowing engineers to focus on developing new features

Saves companies $150K on their third-party program

Cyber security has never been as important, or as complicated, as it is today. Companies are increasingly required to assess not only their own security, but that of their suppliers and partners, multiplying the workload of information security officers.

"We needed a scalable infrastructure that didn't restrict the amount of customers we could add. We didn't want to worry about DevOps. If we needed to add more customers, we just wanted to push a button without having to change our code."

Demi Ben-Ari, Co-founder and VP of Research and Development, Panorays

Panorays offers a solution to this problem with its Software as a Service cyber security platform. "We help companies get a handle on the cyber security risk of their third parties," says Demi Ben-Ari, Co-founder and VP of Research and Development at Panorays. The platform standardizes and automates much of the rote work of security officers, and gives them a way to efficiently screen and onboard third parties, and then continuously monitor them for any change in their security posture. When Demi and his co-founders first built the platform in 2016, they built it with Google Cloud Platform (GCP).

"We needed a scalable infrastructure that didn't restrict the amount of customers we could add," says Demi. "We didn't want to worry about DevOps. If we needed to add more customers, we just wanted to push a button without having to change our code."

Google Cloud Platform for mature, managed services

Companies often assess the security of third parties with questionnaires that are typically on spreadsheets. This is a slow, ad hoc process. Information security officers send out questions and checklists to vendors manually, and collate the results as and when they come in. Today, in order to be compliant with global regulations, companies have to be much more thorough with their security assessments. However, they often have trouble scaling existing manual processes to meet the new requirements. That's where Panorays comes in.

When it takes on a new client, Panorays takes two approaches. First, it scans the networks of the customer's third parties from the outside, to get a hacker's point of view. "We reveal the attack surface of the third party, which helps us to map all the correlated assets and the security posture," says Demi. Then, through its platform, Panorays manages customizable questionnaires that consider internal company policy while aligning with regulations like GDPR and NYDFS. Both approaches require the ability to scale power and memory at great speed. For Demi and the team at Panorays, the combination of managed services, a mature feature set, and top security credentials made GCP the natural choice for their infrastructure solution.

"With Google Kubernetes Engine we gained all the benefits of a stable, scalable, managed infrastructure. At the same time, we weren't locked in to using only Google Cloud products. It was really easy to change things and adapt them for our purposes."

Demi Ben-Ari, Co-founder and VP of Research and Development, Panorays

When the company launched in early 2016, Panorays initially opted to use virtual machines on Compute Engine, launching a new one every time it had to scan and onboard a new customer. In the early stages this proved effective, but as Panorays added more customers, launching new VMs with each one became expensive and cumbersome. "At a certain point, we were wasting money, and without any orchestration tools it was hard to see exactly what was going on with the platform," says Demi.

Panorays decided to move to a new, service-based architecture running on Google Kubernetes Engine, capable of scaling at speed and automating much of the DevOps management. The company ran its network-scanning environment and its customer-facing platform services on Kubernetes clusters. Over time it began to use more Google Cloud products, such as Cloud Storage, as well as BigQuery, and Google Data Studio for data analytics and reports. Some tasks, however, had to be handled by third-party software or Panorays' own tools. The most important of these was a proprietary task management system that ran on top of the company's Kubernetes environments. The flexibility of GCP allowed Panorays to get the best out of its infrastructure.

"With Google Kubernetes Engine we gained all the benefits of a stable, scalable, managed infrastructure," says Demi. "At the same time, we weren't locked in to using only Google Cloud products. It was really easy to change things and adapt them for our purposes."

"In just one year, we doubled our customer base and scaled our infrastructure almost at the click of a button. Google Cloud makes it easy for us to scale without worrying about DevOps. It means our engineers can focus on developing new and better features."

Demi Ben-Ari, Co-founder and VP of Research and Development, Panorays

Maximum scalability, minimal overheads

2018 proved to be a big year for Panorays. With GDPR regulations coming into force in May that year, the company found itself helping more and bigger clients, including New York based financial services company Payoneer. Panorays worked to make sure Payoneer's security assessments were fully up to GDPR standards, and with the help of its platform, improved the analysis and enhanced follow-up procedures. Not only did Payoneer improve the quality of its third-party assessments, it also made them faster. In just a few days, Payoneer had successfully assessed the security of more than 200 vendors, a process that would have taken weeks before using the Panorays platform.

"I can honestly say that Panorays played a crucial role in our GDPR readiness," says Yaron Weiss, VP Corporate Security and Global IT Operations at Payoneer. "Panorays became a clear player in our information systems flow. We do not move forward until we receive assessment results from them."

Panorays helped several more customers in addition to Payoneer in 2018, dramatically reducing the time needed for security assessments. "On average, we cut the whole process down from 6 months to 8 days," says Demi. "We estimate that over 2018, we saved each customer that works with hundreds of suppliers at least $150,000."

GCP proved itself as a stable, reliable infrastructure that allowed Panorays to grow its business without compromising its service. The company added extra resilience to its platform with the Google Cloud global network, so if one region suffered an outage, the platform could be served from others. The extensive security compliance and certification Google Cloud possesses also gave Panorays peace of mind, which it could pass on to customers. The ease of use of the platform, especially with regards to scaling, helped the company make 2018 its most successful year to date.

"In just one year, we doubled our customer base and scaled our infrastructure almost at the click of a button," says Demi. "Google Cloud makes it easy for us to scale without worrying about DevOps. It means our engineers can focus on developing new and better features."

Since the migration, the company has continued to grow and add improvements to its platform. In 2018, Panorays became a Google Cloud Tech Partner, offering its platform on the GCP Marketplace. Ahead of adding a data science team to its staff, the company's R&D team has started exploring Cloud Dataflow and Cloud Dataprep to make its data pipelines more efficient, working closely with the Google Cloud team in Israel. "I've known the folks at Google Cloud Israel a long time and they're some of the best," says Demi. "They're part of the reason why we came to Google Cloud, and they're great to work with."

About Panorays

Panorays automates third-party security management, enabling companies to easily view, manage, and engage on the security posture of their vendors, suppliers, and business partners. With the Panorays platform, companies dramatically shorten their third-party security evaluation process and gain continuous visibility.

Industries: Technology
Location: United States and Israel