We used a product called Alert Logic. That was the product that Rackspace wanted us to purchase. I think there are different incarnations of the product now, but because that product was reactive — it was analyzing the logs — this was the thing that we were concerned about. By the time an issue occurred, if 15, 20, or 30 minutes had passed, that could end up being a lot of data that's been taken out of the system. For us, it was a non-starter. ShieldX with its proactive nature was a lot better.

The biggest selling point — and we were being offered various monitoring systems to monitor our website for intrusion detection and alerting, and albeit they were very good — was that ShieldX, at the time, was the only product that would proactively monitor, block, and then report that it had blocked things. It then had the ability to allow that traffic or leave it as denied. For us it was a no-brainer because somebody could suck all the information out of our website within a matter of an hour. Whereas ShieldX, if it detects that sort of intrusion, would lock it down and shut it down instantly.

Our concern was that if somebody is reactively monitoring and they detect an event, there is a 15-minute or 30-minute SLA on it. They then report it to us. If it's 2:00 in the morning and the infection continues until 7:00 in the morning, when we pick up the message, and it then gets locked down, by that time all our data and customer information would have been sucked out of the website. That was one of the main factors for moving to AWS: We had to have some form of proactive blocking and monitoring, intrusion detection, on the website.

For us, Alert Logic was an old-tech product and ShieldX was an up-to-date, new-tech, modern product. When you talk about having a call center monitor stuff on your behalf, there is always going to be inherent delay between an attack occurring, detection, and then notification. The more you can reduce that window when an attack occurs, then the less susceptible you are and the less risk there is to the business. That was one of the main reasons we didn't like Alert Logic. With ShieldX, that window completely closed.

Before ShieldX, we didn't have much of a security posture. We were trying to get there. We tried Illumio and bought the product, but it just seemed very difficult at the time. The person who took over that project left, then I came in, and I was trying to catch up on the products that he had left over. By the time, we looked at Illumio and their dashboard, learning their product seemed more time consuming than we wanted it to be. So, we decided to transition to ShieldX.

Prior to ShieldX, we were using very traditional security controls, meaning traditional perimeter firewalls.

We switched to ShieldX because traditional firewalls are more expensive, and they require you to take all of your traffic outside of your virtual environment to inspect it and then return it back to the virtual environment. ShieldX lives inside of your virtual environment so it's able to protect your workloads without having to send them north to a firewall only to come back down south to another resource.

We began our journey into the cloud some time in 2014. At that time, one of our primary concerns was getting the same level security infrastructure that we had used in our own facilities out onto the cloud. In other words, we didn't want to make a movement to the cloud, then be worried about exposure.

We start to spend a lot of time with our existing firewall vendors, the ones that we had come to love and deployed in our data center, talking about what that might look like in the cloud. It took a couple of years for us to get comfortable with a proper insertion point for our existing vendors in the cloud. That meant that we were spending quite a bit of time both in the provisioning and installation phase, but also in terms of our resources. E.g., how much we were spending to get our existing vendor set up and running.

Almost our entire development team within our organization has quite a large number of developers. We moved from the waterfall method where we were doing maybe two or three software releases a year to a more agile environment, where we might be doing a release every two weeks. These people work at a very different pace than what our developers in the past were working at, which also means that the security teams and the infrastructure has to be built up and designed in a way which is more compatible with the way that we are now doing deployments in terms of how we are scaling up on the cloud. It has become very clear that our old way of doing things wouldn't work for us.

For these reasons, our organization was never really designed with the cloud in mind. It felt like putting a square peg in a round hole. For the amount of time that we were spending getting provisioned and the amount of money that we were spending into the infrastructure, everything was way out of line for what we needed to do. It started to feel a like the security teams were getting in the way of the business. This had to change. This is when we started to engage ShieldX.

Here are the primary reasons that we switched:

1. They weren't designed for the modern hybrid cloud infrastructure. 
2. The licensing and costs were out of whack for what we were looking to do. 
3. They were part of an environment that we couldn't protect because of the way that it was originally designed. We are now able to protect it with ShieldX.