Overview

Discovery, Inc. is a global leader in non-fiction entertainment, serving a passionate audience of superfans around the world with content that inspires, informs, and entertains. The company delivers over 8,000 hours of original programming each year with category leadership across deeply loved content genres around the world. Discovery, Inc.’s programming includes Discovery Channel, Animal Planet, Science Channel, TLC, Food Network, HGTV, and Travel Channel and is available in 220 countries and territories, and in 50 languages.

Challenge

The company’s popularity meant they managed large amounts of digital customer and company data that was subject to compliance regulations and regular audits. To respond efficiently to these audits, Discovery, Inc. needed clearer visibility into their data estate.

There were several factors that contributed to this challenge. Michael Gillenwalters, Senior Manager of Infosec Engineering, explained that “back in 2018, we were in the middle of a merger. We had a flurry of personnel changes. Much of the older data hadn’t been refactored to be accessible to a new toolset.”

Discovery, Inc. initially used Imperva’s SecureSphere to pinpoint certain schemas and security controls they needed to address, and to then adopt those security controls as required. Using SecureSphere, the company was able to conduct the data discovery scanning needed to gain the visibility required for compliance.

“SecureSphere [Data Activity Monitoring] enabled us to see data down to granular levels,” added Lee Ryan, Discovery, Inc. VP of InfoSec Operations Architecture and Engineering. “The toolset we had been using before didn’t offer this level of detail. The data was there, but it was difficult to use it for compliance.”

Deployment

To help address the challenge of scaling compliance requirement coverage into the cloud, Discovery, Inc. turned to Imperva and its Platinum Partner, GuidePoint Security, a cybersecurity consultancy that helps organizations minimize cyber risk. Discovery, Inc. was expanding into a more cloud-native infrastructure and needed to extend their compliance requirements coverage to both on-premises and cloud-native technologies. The GuidePoint Security team and Imperva worked with Discovery Inc. to help the company in their shift to the cloud.

Having the data visible through a single pane of glass presented a significant challenge for the company. “As we migrate into the cloud, we need to maintain our understanding of our data footprint and meet data security and compliance requirements,” explained Gillenwalters. “Our business operations work with large volumes of data in critical systems. We were prepared to continue meeting our compliance requirements, we wanted to make it easier to discover data successfully in the cloud. Our legacy Imperva infrastructure could not be applied to cloud data infrastructure, but the Imperva Sonar platform can.”

In February 2021, Discovery, Inc. deployed the Imperva Sonar platform to augment the SecureSphere infrastructure and provide visibility into cloud-based data sources for compliance. “We had a Sarbanes-Oxley (SOX) requirement at the end of 2020 to cover all of our database access monitoring for all of our SOX-scoped infrastructure,” Gillenwalters explains. “We managed to build a custom Python script that ingested data from cloud sources, but it required a phenomenal amount of work.” The Sonar platform enables a unified, multi-year view of all on-premise and cloud data sources. Gillenwalters continues, “If we had not begun using the Sonar platform, we would have been compelled to maintain a custom-built solution and had to operationalize and support it to ingest and analyze transactional data from all cloud and non-cloud- based sources.”

To deploy the Imperva Sonar platform, Discovery, Inc. needed to onboard assorted databases to run its application for a large audience, against a hard deadline. They achieved this by leveraging technical documentation and by having stakeholders on board. “From the first meeting, it is important to have the right people and technical resources in place,” said Ryan. “That means involving the business partners, the DBAs, and the people working with the application and the databases themselves.”

Results

While Discovery, Inc. were on track to meet compliance requirements, the Imperva Sonar platform made it much easier for them to achieve the visibility they needed for compliance, particularly in their new AWS environment. The discovery scanning, capacity to make extending compliance requirements to cloud data easier, and efficient console management the Imperva Sonar platform provided has helped Discovery, Inc. save significant time and effort compared to the resources required to operationalize and support a custom-written solution to analyze their data. “Fortunately, we don’t have to maintain that Frankenstein script that I wrote anymore,” Gillenwalters concluded, “we have native support for those compliance requirements now.”

Discovery, Inc. hails the project as a success. “We knew we could get SOX compliance done and the Sonar platform capabilities enabled us to get it done faster and more easily. Those two factors definitely justified the cost and delivered the ROI we were looking for,” concluded Gillenwalters.

The future for Discovery, Inc. and Imperva

What does the future hold for Discovery, Inc., and Imperva? “We are looking to create a bigger data security program,” said Gillenwalters. “We’re doing the right thing by checking the [compliance] box and getting the reports out to the right people, but we want to do more than just supply a report. We want to simplify process improvements using the tools that we already have to deliver a more mature security posture. These improvements could include incident response and creating the ability to get ahead of a policy violation without having to go through a larger mechanism of change control, for example.”

As the company continues on its impressive superfan creation trajectory, it will be relying on Imperva to help to scale its security strategy to meet all the new regulatory and data protection challenges along the way.