Construction
Gamuda Redefines IT Operations with the Cato SASE Cloud Platform
Underneath Kuala Lumpur runs one of the greatest tunnels in the world. Spanning 6.02 miles (9.7 kilometers), the Stormwater Management and Road Tunnel (SMART) is the world’s first dual-purpose tunnel, serving as a storm drainage and road structure. Kuala Lumpur is often affected by heavy torrential rainfall. To prevent major flooding, especially within flood-prone areas in the city center, the country built SMART, which can be flooded to divert stormwater and turned back to function as a double-decking motorway within a few hours. The engineering brains behind this marvel? Malaysia-based Gamuda Berhad (Gamuda).
An award-winning engineering, property, and infrastructure company, Gamuda’s projects extend far beyond Malaysia’s borders, from the Sydney Metro West-Western Tunnelling Package in Australia, marine engineering projects in Taiwan, and the development of the prestigious 75 London Wall in the UK. “Construction is known to be one of the oldest industries in the world, but it is set for huge growth,” says John Lim Ji Xiong, the Chief Digital Officer at Gamuda.
Lim heads up an innovation team whose primary function is to ensure that Gamuda can continue to build capabilities to sustain its growth. IT is part of that effort. “You’re starting to see a lot more investment in infrastructure worldwide,” says Lim. “As populations grow in urban centers, we need better transport and utility infrastructure. With climate change being a big priority, renewable energies in construction are also a huge sector.”
To those ends, Lim led a SASE vendor evaluation and, ultimately, a digital transformation project that saw the adoption of the Cato SASE Cloud Platform. “As a decision maker, I have peace of mind sleeping at night knowing that we are well protected through our partnership with Cato,” says Lim. “One thing that struck me about the Cato team was their interest in helping us succeed. After meeting their customer success manager and voicing our feedback on the product, Cato went out and changed the product. That’s what I call partnership.”
Tripling Size in Three Years: A Lofty Goal Undermined by Legacy Infrastructure
Several years ago, Gamuda was still a Malaysian-only company looking to triple its revenue and order book within three years and expand internationally. Strategic partnerships were a key part of that strategy, and Gamuda needed a way to integrate companies faster. Operationally, Lim knew the IT organization would have to evolve to support that growth for many reasons.
Gamuda had accumulated over 103 different point solutions, including firewall appliances for securing sites, MPLS for connecting them, VPN servers for remote users, and additional software and hardware for multifactor authentication. The sheer complexity of legacy infrastructure impacted the company’s security posture, IT operations, and user experience.
Users had to VPN into the network with one vendor’s technology and authenticate with multi-factor authentication from a different vendor. Connections weren’t fast enough as well. “It became a whole nightmare,” says Lim.
The usability problem extended to IT operations. IT had to administer each of the branch firewalls separately. “We’re talking 100 offices or more. It was a big job,” Lim says.
Maintaining the firewalls was so complex and time-consuming that corners were cut. It wasn’t long before ransomware got into the network. “Before I joined Gamuda, the team had backups so they could recover, but it meant scanning the environment and trying to make sure that every device was secure. Every laptop, without exception, needed to be returned to the office for scanning. It was quite an undertaking,” Lim says.
Cato: A Single Platform Administered Through a Single Console
Lim wanted a platform that could simplify their process, be easy to understand, and not add more tools to an already complicated legacy IT framework. The platform also needed to be agile to accommodate the many teams working on construction and engineering sites in remote locations.
The company had already moved applications to the cloud when they learned about Cato. “It’s about simplifying and standardizing,” says Lim. “Cato provides us a single pane of glass and a single broker that everybody connects to, whether in the cloud, or in the field. We would have clear controls around who has access to what, regardless.”
The Cato SASE Cloud Platform optimally connects and secures all Gamuda’s network “edges,” including branch locations, the hybrid workforce, and physical and cloud data centers, sending traffic to the optimal Cato Point of Presence (PoP), which for Malaysia is in Kuala Lumpur, or one of the 90+ other Cato PoPs worldwide. All PoPs run the same cloud-native Cato’s Single Pass Cloud Engine (SPACE) architecture, share the same functionality, and are interconnected by Cato’s optimized, global private backbone.
Traffic received at the Cato SASE Cloud Platform is optimized, secured, and directed across the optimum path to its destination. Cato SSE 360, the security portion of Cato SPACE, converges network segmentation and zero-trust (FWaaS), threat prevention (SWG, IPS, NGAM, DNS Security, RBI), and application and data protection (CASB, DLP, ZTNA) into a single-pass architecture. Extended Detection and Response (XDR) provides incident management involving all of these capabilities; network management is provided through the Cato Management Application.
Gamuda provides locations with resilient and secure connectivity to the Cato SASE Cloud Platform using Cato Sockets, Cato’s edge SD-WAN device. Secure work from anywhere is provided with Cato’s scalable ZTNA clients. Gamuda also has the option for secure clientless access. Gamuda connects cloud resources via IPsec tunnels.
Gamuda Improves Security Posture, Uplevels IT Operations, and More
Lim and his team deployed the Cato SASE Cloud Platform, connecting and securing 77 sites and 2047 remote users while replacing the numerous networking and security appliances previously comprising the Gamuda infrastructure.
By moving to Cato, Lim realized significant cost savings by eliminating MPLS, branch firewall appliances and their support contracts, VPN servers, and MFA infrastructure. Gamuda also realized savings in less obvious ways, such as eliminating thin-client licensing costs (500,000 Malaysian Ringgits a year (about $115,000).
With a leaner, smarter infrastructure, IT operations shifted towards more strategic work. “Since we have deployed Cato, a lot of our people have started moving more from the day-to-day mindset of operations to strategically thinking about the threats that we face today and the mitigation measures we need to employ. And I think that’s a profound shift,” says Lim.
Gamuda could now consider DLP and XDR, which previously would have been too difficult to deploy or to use. Overall, Lim significantly improved Gamuda’s security posture with Cato. “Cato has enabled us as a company to focus on threat hunting. In fact, it has even shown us areas where, in the past, we might not have known that it could have been an issue,” says Lim. “We are very confident that we have a much better security posture.”
Completing the IT work of acquisitions also took less time. “When we acquired DT Infrastructure from Downer Group in Australia, the transaction brought on about 1,200 more staff and tens of sites that we had to manage,” says Lim. “We aimed for a transition and cut off from the parenting company within 12 months. With Cato in place, we achieved that within nine months.”
Cato: A Partnership, Not Just a Technology
For Lim, the move to Cato has been an enormous growth opportunity. But just as important as the technology behind Cato has been the relationship with Cato.
“Partnering with Cato has been the right decision,” he says. “I think there’s been a bond of trust that we have built between our companies, and that’s very important to me as a decision-maker. Cato is interested in our success, which has enabled us to achieve stellar results.”