* [Blog](https://www2.paloaltonetworks.com/blog)
* [Security Operations](https://www2.paloaltonetworks.com/blog/security-operations/)
* [Must-Read Articles](https://www2.paloaltonetworks.com/blog/security-operations/category/must-read-articles/)
* Deloitte's Cloud Migratio...

# Deloitte's Cloud Migration Success: Transforming SecOps with Cortex XSOAR

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fdeloittes-cloud-migration-success-transforming-secops-with-cortex-xsoar%2F)  
[](https://twitter.com/share?text=Deloitte%E2%80%99s+Cloud+Migration+Success%3A+Transforming+SecOps+with+Cortex+XSOAR&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fdeloittes-cloud-migration-success-transforming-secops-with-cortex-xsoar%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fdeloittes-cloud-migration-success-transforming-secops-with-cortex-xsoar%2F&title=Deloitte%E2%80%99s+Cloud+Migration+Success%3A+Transforming+SecOps+with+Cortex+XSOAR&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/security-operations/deloittes-cloud-migration-success-transforming-secops-with-cortex-xsoar/&ts=markdown)  
\[\](mailto:?subject=Deloitte’s Cloud Migration Success: Transforming SecOps with Cortex XSOAR)  
Link copied  
By [Bar Katzir](https://www.paloaltonetworks.com/blog/author/bar-katzir/?ts=markdown "Posts by Bar Katzir")  
Feb 06, 2025  
6 minutes  
[Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown)  
[News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown)  
[Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown)  
[Cortex XSOAR](https://www.paloaltonetworks.com/blog/tag/cortex-xsoar/?ts=markdown)  
[Migration](https://www.paloaltonetworks.com/blog/tag/migration/?ts=markdown)  
[MSSP](https://www.paloaltonetworks.com/blog/tag/mssp/?ts=markdown)  
[SaaS](https://www.paloaltonetworks.com/blog/tag/saas/?ts=markdown)  
[Security Orchestration Automation and Response](https://www.paloaltonetworks.com/blog/tag/security-orchestration-automation-and-response/?ts=markdown)  
[SOAR](https://www.paloaltonetworks.com/blog/tag/soar-2/?ts=markdown)

For years, Deloitte's Cybersecurity Center had leveraged Cortex XSOAR on-premises to drive automation across its portfolio. Building on this success, Deloitte Cybersecurity Center wanted to achieve even greater results by migrating its 24/7 cybersecurity center's XSOAR deployment to the cloud.

### **Deloitte's Cybersecurity Center**

Deloitte's Cybersecurity Center, located in Madrid, serves as the base of its managed security services across the EMEA region. The EMEA CyberSphere Center (ECC) operates around the clock, offering customers a comprehensive portfolio of security services that includes threat intelligence, vulnerability management, and cloud security. Backed by a diverse team of international experts and cutting-edge technologies, the ECC enables organizations to proactively address evolving cyberthreats, ensuring resilience and robust protection in the face of modern threats.

### **The Cloud Advantage**

Deloitte has long leveraged Cortex XSOAR in an on-premise deployment to drive automation, enabling the ECC to streamline processes, automate repetitive tasks, and enhance the efficiency of incident response workflows. By integrating XSOAR with various tools and technologies, the team has successfully orchestrated complex security operations, reduced response times, and improved overall operational effectiveness.

Encouraged by its success with Cortex XSOAR, Deloitte decided to migrate the ECC's XSOAR MSSP deployment to the cloud to allow the ECC team to focus on more strategic initiatives. By nature, a cloud-based solution reduces the need to schedule and manage software and hardware updates. By design, the cloud provides higher systems availability, which makes Deloitte's operations more resilient.

> *"Moving to the XSOAR SaaS platform has enhanced our operational capabilities, allowing us to focus more on strategic security imperatives and less on routine maintenance."*
> 
> \*-\*Gonzalo Arteaga Ruiz, Delivery Lead, Deloitte

Deloitte started reaping the benefits of the migration right away. Its cloud deployment of XSOAR improved environment maintenance by:

* Streamlining removal of old and outdated content.
* Enabling a development tenant for use case development and testing.
* Facilitating environment configuration based on current knowledge and best practices.

With the move to the XSOAR SaaS platform, the days of updating servers for the XSOAR console became a thing of the past. Palo Alto Networks ensures that any identified vulnerabilities were promptly addressed, providing a secure and resilient platform for incident response operations. This transition to the cloud not only simplified the upkeep of the system but also underscored Palo Alto Networks' commitment to delivering a secure, reliable, and hassle-free experience for all customers.

### **Elevating the SOC with Cortex XSOAR MSSP Cloud**

Migrating to the Cortex XSOAR cloud platform has dramatically transformed the SOC and daily operations for ECC's security analysts. The move has led to significant improvements in:

\*\*User Experience:\*\*Cortex XSOAR MSSP SaaS has enhanced the user experience for ECC security analysts by improving response times and simplifying resource management. Additionally, the ECC team now has a development tenant, preventing direct changes to the production environment and providing a repository for necessary updates.

* **Improved User Experience:** 90% positive user feedback indicating improved ease of use from the Analyst Responders.

**Faster Performance:** One of the most noticeable improvements is faster performance. Cortex XSOAR SaaS significantly reduces response times, enabling the seamless execution of playbooks and scripts without delays. This enhanced speed ensures a smoother user experience.

* **Scalability and Flexibility** : Ability to scale resources to accommodate a 100% increase in customer traffic without affecting performance.

**System Reliability:** In terms of reliability, SaaS has resolved many of the issues that were common in the previous environment, such as task delays or occasional system slowdowns. The SaaS infrastructure offers high availability by design and ensures stable operations even when running multiple complex workflows simultaneously.

* **Downtime Reduction** : 100% reduction in unplanned and planned OS upgrade downtime.

\*\*Host Management:\*\*Cortex XSOAR SaaS has simplified host management by eliminating the need for manual oversight of operating systems, patches, version upgrades and resource monitoring. The cloud infrastructure now handles these tasks, allowing the team to focus on operational priorities and ensuring consistent performance across all tenants.

* **Operational Efficiency** : 15% faster provisioning of new use-cases from development to production

\*\*Storage Management:\*\*Disk space management has seen a major improvement. In the past, managing storage required manual intervention through tools to free up disk space regularly. With SaaS, this is no longer a concern, as Palo Alto Networks adheres to the disk capacity during data retention.

> *"The Cortex XSOAR SaaS platform has proven itself as one of the best platforms for managing incidents, automating processes, and enhancing security operations."*
> 
> \--- Gonzalo Arteaga Ruiz, Delivery Lead, Deloitte

### **Key Lessons for a Successful Migration**

Any organization planning a cloud transition can achieve the same level of success. This is the playbook that helped Deloitte ensure a secure, value-additive migration to Cortex XSOAR SaaS:

1. **Develop a Comprehensive Migration Plan** Preparation is critical to ensure a seamless migration. Invest time upfront to outline a detailed plan, identifying potential risks, dependencies, and mitigation strategies to be ready to execute effectively.
2. **Assess the Impact of Cloud Migration on Your Environment** Understand how the transition to SaaS will affect your existing infrastructure. For instance, evaluate whether firewall rules need to be modified to allow communication with the XSOAR SaaS environment. Also, review and adjust how user access and authentication mechanisms are managed to align with the cloud-based platform.
3. **Plan for Adapting and Testing Changes** Account for how changes will be implemented and tested during the migration process. Consider implementing change freezes during critical phases to minimize disruptions. Ensure a robust testing strategy is in place to validate functionality and integration before going live.
4. **Address API Differences and Dependencies** Be aware of potential differences in APIs when moving to XSOAR SaaS. For example, updates to URIs (Universal Resource Identifier), headers, or other API elements may require adjustments to existing integrations. Using tools such as [Spotlight.io](http://spotlight.io) can help identify and address these differences effectively.
5. **Migrate Remote Repositories Thoughtfully** Determine how [remote repositories](https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8/Cortex-XSOAR-Cloud-Documentation/Remote-Repository-Management) will be migrated to the SaaS environment. Consider whether you will leverage the built-in Git repository feature in XSOAR 8 Cloud or maintain an external repository. This decision should align with your organization's development and operational workflows.

By incorporating these lessons into its planning and execution, organizations can ensure a smoother migration process, minimize downtime, and quickly realize the benefits of the Cortex XSOAR SaaS platform.

### **Looking to the Future**

Cloud-native security is increasingly important as enterprises move to distributed architectures. Security needs to go beyond perimeter defense to address modern threats targeting microservices, APIs, and serverless functions. The focus is not just on protecting data in transit but also securing ephemeral resources and maintaining compliance across multiple cloud providers.

As Deloitte embraces the cloud, Cortex XSOAR SaaS will continue to arm the security team with the tools and capabilities they need to pinpoint and remediate incidents with unparalleled precision. By drastically reducing the maintenance and administrative tasks, XSOAR gives them even more bandwidth to focus on security tasks that matter most. Meanwhile, the business can take full advantage of the cloud with confidence.

**To learn more about how you can migrate to Cortex XSOAR in the cloud and see similar value to Deloitte's, watch our [webinar](https://panw-global.slack.com/archives/D017R6VA88J/p1724784672524079), check out [Cortex customer stories](https://www.paloaltonetworks.com/cortex/customer-stories), and visit the [Cortex XSOAR webpage](https://www.paloaltonetworks.com/cortex/cortex-xsoar).**

*** ** * ** ***

## Related Blogs

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)

[#### Unveiling the Power of Automation for MSSPs](https://www2.paloaltonetworks.com/blog/security-operations/unveiling-the-power-of-automation-for-mssps/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)

[#### Introducing Cortex Canvas: Unleashing the Power of Visual Storytelling](https://www2.paloaltonetworks.com/blog/security-operations/introducing-cortex-canvas-unleashing-the-power-of-visual-storytelling/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown)

[#### Cortex XSOAR Ranked #1 for SOC Automation](https://www2.paloaltonetworks.com/blog/security-operations/cortex-xsoar-ranked-1-for-soc-automation/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Playbook of the Week](https://www.paloaltonetworks.com/blog/security-operations/category/playbook-of-the-week/?ts=markdown)

[#### Playbook of the Week: Automated Rapid Response to Microsoft Outlook for Windows Vulnerability](https://www2.paloaltonetworks.com/blog/security-operations/playbook-of-the-week-automated-rapid-response-to-microsoft-outlook-for-windows-vulnerability/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown)

[#### XSOAR 8: Re-architected for Performance, Scalability, and Reliability](https://www2.paloaltonetworks.com/blog/security-operations/xsoar-8-re-architected-for-performance-scalability-and-reliability/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown)

[#### Sneak Peak at Symphony 2022](https://www2.paloaltonetworks.com/blog/security-operations/sneak-peak-at-symphony-2022/)

### Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language