InsightCloudSec Facilitates Continuous Multi-Cloud Security for CoStar Amid Mergers and Acquisitions

CoStar Group is a leading provider of commercial real estate information, analytics, and online marketplaces. They conduct expansive, ongoing research to produce and maintain the largest and most comprehensive database of commercial real estate information. Their suite of online services, which include Apartments.com, LoopNet, Lands of America, BizBuySell, and many more, enable clients to analyze, interpret, and gain unmatched insight into property values, market conditions, and current availabilities. To expand their reach, CoStar supplements its core products with complementary services and capabilities through mergers and acquisitions. They have an estimated revenue of $1.2 billion.

CoStar Group, a leading provider of commercial real estate information, analytics, and online marketplaces, has been expanding its reach through mergers and acquisitions (M&A). As of October 1, 2019, CoStar has spent approximately $2 billion acquiring a total of 27 organizations, each with a unique cloud presence and varying levels of cloud competency. The challenge for CoStar is ensuring the security and compliance of its constantly growing and evolving cloud footprint, which spans across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). When growing through M&A, CoStar must be able to understand the cyber risk of the acquisition target, integrate the newly acquired resources, and maintain the ability of these acquired entities to accelerate innovation through the use of cloud services without the loss of control.

CoStar selected the InsightCloudSec platform to establish and maintain comprehensive security for their multi-cloud environment. When acquiring a new company through M&A, CoStar uses InsightCloudSec as part of its onboarding. This onboarding process integrates key infrastructure and cloud service provider security tools, InsightCloudSec, and other third-party tools. Using InsightCloudSec’s Badges and non-invasive Insights as part of their onboarding process, CoStar has immediate visibility of how a new cloud environment scores against their security baseline. If any of the new environments do not meet CoStar’s security or compliance requirements, InsightCloudSec will automate remediation. After using InsightCloudSec to align the new cloud environments with CoStar’s cloud security requirements and validating proper configuration, CoStar integrates cloud account authentication and authorization into its Active Directory. Once the new environments are fully integrated, InsightCloudSec continues to provide critical data, continuous monitoring, and automated remediation while integrating with many of CoStar’s tools.

• InsightCloudSec has enabled CoStar to create a standardized security baseline across products, business units, and cloud service providers. Without InsightCloudSec, CoStar would have to manually aggregate resources and resolve security issues between AWS, Azure, and GCP. InsightCloudSec automatically alerts the CoStar security team of misconfigurations, and in some circumstances, corrects issues automatically. Without InsightCloudSec’s automation, CoStar’s pace would slow and its vulnerability to risk would rise. Through continued collaboration, InsightCloudSec has delivered several features that extend beyond CoStar’s primary goal of achieving rigorous security while driving innovation and growth. InsightCloudSec has become a cornerstone of CoStar’s cloud strategy, which, in turn, supplements their ability to synergize with agile, innovative companies that complement the brand.

• InsightCloudSec completes the onboarding process within about 10 minutes
• Detection and automated remediation can begin in as little as 30 seconds
• CoStar has spent approximately $2 billion acquiring a total of 27 organizations