Challenge: How to Connect and Secure 100+ Stores Easily and Affordably
Like many retailers, Pet Lovers needed an effective way to secure its stores and franchises. The spread of massive ransomware outbreaks, such as NotPetya, concerned David Whye Tye Ng, the CEO and executive director at Pet Lovers.
Pet Lovers had already connected and secured traffic between stores with an Internet-based, virtual private network (VPN). Routers at every store directed point-of-sale (POS) traffic across the IPsec VPN to firewalls in the company’s Singapore datacenter housing its POS servers.
But other than the datacenter and four stores, none of the locations had firewalls to protect them against malware and other attacks. Protection was particularly important as employees accessed the Internet directly.
Adding firewall or unified threat management (UTM) appliances at each site would have been cost prohibitive and taken far too long to deploy. For those sites equipped with firewall appliances, managing them was “tedious and slow,” says Ng. All security policy changes had to be implemented by the local service provider running the firewalls.
He considered connecting the sites via an MPLS service. But following a “meticulous” assessment of the costs and offerings of the managed service, he says that neither MPLS nor deploying security appliances could meet his needs for low-cost, rapid deployment, and ongoing management.
“We did not want to be held hostage to the costs of MPLS and wanted a security solution that would be scalable and simple,” he says.
Cato Cloud Simplifies Security and Networking at Scale
Ng had heard about Cato Cloud and it’s built-in Firewall as a Service (FWaaS). He decided to take a closer look.
Cato’s FWaaS includes a next-generation firewall (NGFW) as well as other security services, such as secure web gateway (SWG), Advanced Threat Prevention, and network forensics. All security and networking services are integrated together, enabling Ng to define rich policies tapping security and networking information from across Cato Cloud.
With Cato Cloud, Ng could simplify his implementation. Pet Lovers would be able to aggregate traffic from all stores, its datacenter, and, if necessary in the future, mobile users and cloud infrastructure into a common SD-WAN in the cloud. And since Cato Cloud includes FWaaS, Ng would be able to secure everything connected to Cato Cloud, avoiding the costs of deploying and managing new and existing firewall appliances.
Delivering security from the cloud also appealed to him. Ng had seen first-hand the limitations of UTM appliances. Their feature lists look great on paper. But increased traffic loads or enabling compute-intensive features can force unexpected appliance upgrades. With the cloud’s near limitless resources, he did not anticipate such problems with Cato Cloud.
The cloud also brought another advantage — simplicity. As a result of maintaining the SD-WAN and security functionality in the cloud, deployment of Cato Cloud edge is trivial. That’s crucial when you’re talking about rolling out 100+ international locations.
Rapid Deployment, Complete Visibility
After some initial testing, Ng decided to roll out Cato. The deployment began with a handful of stores, but then was expanded to the rest of the network. Deployment has exceeded his expectations. “We were able to deploy two to three stores per day!” he says.
Converging his entire security and networking infrastructure has made management easier. “Hooking up all my stores in eight countries and being able to precisely and clearly manage them from a single dashboard was a major win for going with Cato,” he says.
Unlike a managed service, Cato Cloud allows him to configure and change security as necessary. “Before security management was tedious and slow. Now, we can implement policies immediately by ourselves,” he says.
Part of that has to do with simplicity and sophistication of security interface “I liked the complete visibility of our security on the fantastic dashboard,” he says, “A security dashboard must be clear and easy to manage. Cato got this one right.”
As a result, security has improved. “Before we were vulnerable and web access was wide open. Now we have tight control,” he says.
Every project faces deployment challenges. But the Cato team “has been very responsive,” he says “and they work well with my team. People was another key success factor in choosing Cato.”
Cato: Good Enough to Recommend to a Friend
Looking forward, he’s anticipating connecting the rest of his locations to Cato Cloud.
Many of those locations are franchises, which can normally be problematic for retail IT teams as they lack control over the franchisee’s infrastructure. “It’s not an issue with Cato Cloud,” he says, “We control all of the security and networking policy infrastructure. They only need an Internet connection and deploy the Cato appliance, which we’ve proven to be ridiculously easy.”
Overall, he says his experience has been “awesome” working with Cato. “It’s been a fast and painless implementation with a friendly and responsive service team. I would recommend Cato to a friend and that’s a big deal for me to say.”