A Fintech’s Cloud SQL Database was exposed on a public endpoint

Company Summary

A leading fintech company did not protect their database and left their cloud SQL database to be exposed to external public endpoints.

Cloud Service Provider

GCP

Business Challenges

The company’s Cloud SQL Database accessed from a workload on GCP GKE K8’s was exposed on a public endpoint which led to security risk and vulnerability.

Our Solution

We used our auto-remediation intelligent tool “MatosSphere” to convert the public endpoint to private endpoint with primary focus on the workload configuration and updated their:

• Subnet and firewall re-configuration
• Private IP and network peering
• VPC Native cluster and workload identity
• GSA and KSA and workload identity user
• Cloud SQL proxy as sidecar

The Results

MatosSphere enabled the company to strengthen their workload configuration and security framework on the GCP cloud environment to reduce its exposure to attack. We reduced their cloud costs by 68%, the company was able to automatically detect and fix security-related vulnerabilities and threats to their existing cloud setup.