Bright Horizons

Bright Horizons secures families’ sensitive data and provides services with help from Cloudflare

Bright Horizons is an early childhood education and education services provider operating in seven countries, including the United States, UK, Ireland, Netherlands, Germany, Canada, and India. The company partners with employers to offer high-quality childcare, elder care, and career assistance across 1,400 sites. They have been recognized with numerous awards, including a Fortune Best Workplace for Diversity award, 21 years on the Corporate Equality Index, and one of Boston Business Journal’s Best Places to Work.

Challenge: Securing families’ PII at a global scale

Bright Horizons holds the personally identifiable information (PII) of hundreds of thousands of clients. Protecting this data against unauthorized access and potential breach is essential for the company’s regulatory compliance, reputation, and revenue. A data breach would harm the company and their customers, and being able to demonstrate strong data security practices also helps differentiate Bright Horizons from competitors.

Bright Horizon has a lean 15-person security team protecting 1,400 locations distributed across seven countries. Robust, scalable security solutions are essential to protect against denial-of-service (DoS) attacks, data breaches, and other frequent thefts.

Protecting sensitive data against unauthorized access

According to Bright Horizon’s CISO Javed Ikbal, one of his core goals is to make security a key business driver, rather than a cost center. He says, “The business outcome that I am most interested in is to keep unauthorized parties away from our infrastructure but deliver to authorized people our products and services at scale and at speed.”

A key part of his strategy for accomplishing this goal is linking the many sites his team supports with network protection from Cloudflare Magic Transit. While he appreciates the improved performance that routing over Cloudflare’s global network provides, he values the security benefits more. He comments, “We have some persistent threat actors that we identify by the fingerprint of their attacks, and we see where they're coming from. And Cloudflare Magic Transit enabled us to just shut them out instantly.”

Enhancing security efficiency and scalability

With a small security team protecting over 26,000 spread across 14,000 sites and seven countries, scalable security is vital for Bright Horizons By partnering with Cloudflare, the company has been able to improve efficiency by reducing incident volumes and streamlining workflows.

One way that Bright Horizons limits the number of attacks that they experience is by managing access to their online services. For instance, with Cloudflare Magic Firewall, they block traffic from certain countries where they do not provide services. Since this traffic isn’t legitimate, blocking it does no harm to their customers but prevents attacks from being launched from these IP addresses.

Automation is important because a rapid response is essential to minimize the potential cost and impact of a security incident. The difference in the amount of damage that an attacker can do given two minutes vs. two hours is astronomical. According to Ikbal, “Having Cloudflare raise the alert, escalate appropriately, and respond automatically where possible has been a huge, huge help to us. We know that there is this giant shield around us that's protecting us, and we only respond to the highest-level severity alerts.”

When the team does need to respond to a potential threat, they’ve taken advantage of Cloudflare’s API and automation support to expedite the process and cut down on response times. Ikbal comments, “Being able to automate, being able to orchestrate our response with Cloudflare programmatically through the APIs and reconfigure on the fly is extremely valuable.”

Extending Zero Trust capabilities

Cloudflare Zero Trust is featured strongly in Bright Horizon’s security roadmap. According to Ikbal, “Zero Trust is one of the foundational pillars of our security program. We are looking at Cloudflare’s Zero Trust offering to see how we can enhance and optimize that.” This next step is intended to enhance his team’s core goal to streamline legitimate access to service while blocking attempted attacks.