Secures multi-cloud environment with flexible, scalable security solution


TRC is a national engineering, consulting, and construction management firm that provides integrated services to energy, environmental, and infrastructure markets. TRC implements complex, end-to-end projects for a broad range of clients in government and industry. In late 2015, TRC grew to 4,100 employees and 120 offices in the U.S. and London with the acquisition of Willbros Groups’ Professional Services division.

The new division focuses on engineering for internal efficiency and competitive advantage, and on value-added data services. While at Willbros, Jason Cradit, Senior Director of Technology for TRC, played a transformative role and drove public cloud use from an unsanctioned line-of-business transaction (shadow IT) to a strategic priority. Since joining TRC, he sees a great opportunity to expand on the use of public cloud by running a technology team devoted to business outcomes.


Willbros began its cloud transformation in 2011 with Amazon Web ServicesSM (AWS). When Cradit joined in 2012, his first job was to ensure that workloads on AWS were secure. To protect everything in a cloud environment, Willbros needed a security solution that provided visual assurance that all data, applications, and operating systems were secured and managed by their security provider. “We didn’t want to build data centers and manage transactional security-related tasks,” said Cradit.

Cradit discovered Trend Micro Deep Security as a Service (DSaaS) in 2013 and fully deployed it for AWS workloads. Deep Security gave him the confidence that all assets were secure. It also helped him successfully transition the Willbros systems into the TRC infrastructure. However, TRC was preparing to use a Microsoft® Azure® environment and Cradit needed to secure both AWS and Azure® workloads with a multi-cloud security solution. “With multiple cloud environments, we needed one security solution that could protect them all, and do it from a single pane of glass,” said Cradit.

"Deep Security is ideal for multi-cloud environments, because it works the same
 in one cloud as in another. The dashboard and the policy configuration are exactly the same, so there’s no learning curve."

Jason Cradit,
Sr. Director of Technology, TRC Solutions

Why Trend Micro

With a firm understanding of public cloud and three years of stellar protection from Trend Micro Deep Security as a Service, Cradit was confident that his original security choice was still the right one. “The comprehensive capabilities and transparency of coverage made Deep Security an easy sell,” said Cradit.

Cradit showed TRC management that Deep Security plugged directly into the hypervisor, something other security products can’t do. “If you can’t attach to the hypervisor, you can’t quantify what you have. I can log into Deep Security instead of AWS and see my protection,” Cradit added. He also showed that Deep Security avoided the need to add other security products, like intrusion protection, or coverage for Linux systems, which would inevitably add complexity and cost to security.

"With application control, any code, whether it’s malicious or not, is not going to run on a machine without permission. Smart folders will allow us to choose how we want to view our workloads, and sort by AWS tags or other properties

Jason Cradit,
Sr. Director of Technology, TRC Solutions



By advocating the value of Trend Micro™ Deep Security™ as a Service for multi-cloud environments, Cradit was well positioned to educate his new employers about designing cloud services. “The partnership between AWS and Trend Micro allows us to use Deep Security as a Service the same way we use the Amazon services consumption-based model to scale up and down as we need it,” said Cradit

Cradit’s group has implemented all the Deep Security™ features, including the firewall, intrusion detection and prevention (IDS/IPS), anti-malware, virtual patching, web reputation, log inspection, and integrity monitoring. “We always have the firewall on, and we turn on web reputation so we are protected from advanced persistent threats (APTs),” said Cradit.

"Trend Micro has helped us to secure our customers’ critical information in the cloud and get relevant data from it." 

Jason Cradit,
Sr. Director of Technology, TRC Solutions

TRC is so pleased with Deep Security that Cradit is already looking at the new capabilities within Deep Security 10 such as application control and smart folders. “With application control, any code, whether it’s malicious or not, is not going to run on a machine without permission. Smart folders will allow us to choose how we want to view our workloads, and sort by AWS tags or other properties,” said Cradit. “We’re also excited about XGen security because it goes beyond antivirus signature detection to incorporate machine learning. That’s amazing,” he added.



The elasticity of Trend Micro Deep Security as a Service and AWS has benefited TRC’s bottom line. “When the oil and gas industry tanks, we have to lay people off. In the past, we were hit with a fixed depreciation cost for our infrastructure. Now, if we experience a downturn, we can reduce our capacity to scale down our spend,” said Cradit.

The result is a 40 percent drop in infrastructure expenses over the three months following the merger. Also, the need to hire high-level resources at the regional level has changed. With information centralized and secure in a public cloud, TRC can easily share work between dispersed offices, ensuring resources are where TRC needs them.

What’s exciting for Cradit is the CFO, CIO, and CISO have all experienced wins with Deep Security. The CFO didn’t have to write a big check, the CIO gained multi-cloud flexibility, and the CISO replaced the need for multiple security products with a comprehensive security product that was much more than just antivirus.


What's Next

TRC is keeping a close eye on Google Cloud Platform as a possible future addition to its multi-cloud environment. TRC is also planning a virtual desktop infrastructure (VDI) inside AWS, as well as working with the Department of Transportation and other industries to analyze data that comes from a variety of sources. “We’re very excited about the amount of data we’re going to have to protect and who we’ll be protecting it for. With Deep Security, we’re well prepared for explosive growth,” said Cradit.