Cloud applications demand greater network visibility, without compromising security or increasing complexity
Guardian Credit Union is a regional business that faced big network challenges. The credit union needed better visibility and application control, without compromising security or making the network so complicated it would require a team of wizards to operate.
Like many companies, Guardian had relied on a mix of point-to-point, layer-2 connections to connect sites. The MPLS and Metro Ethernet network was configured in a hub-and-spoke, backhauling requests to Guardian’s central datacenter to access applications, data, and from there through a secured Internet portal. In short, it was the kind of complex configuration typica of legacy enterprise networks.
“I have experience in complex environments so it’s not hard for me to get it and support it, but I have other things to do too and so does our team,” says Scott Rosen, vice president of technology for Guardian.
“I have experience in complex environments so it’s not hard for me to get it and support it, but I have other things to do too and so does our team”
Managing a complex network requires lots of training, which Rosen wanted to avoid as a requirement for Guardian’s IT operations team. “It takes a ton of time and expertise. You don’t just go out and take a couple of courses in how the network works in a complex environment,” says Rosen. “So for us, moving to SD-WAN wasn’t necessarily about reducing costs, even though that was something that happened, but it was more about visibility of the network. We wanted to reduce the complexity of the network but maintain its protection and resilience.”
One reason improving visibility was particularly important for Rosen and his team was because of the struggles voice and cloud applications had across private networks like Guardian’s. The company was increasingly looking to adopt video conferencing, Microsoft 365, and other applications so providing quality of service (QoS) at the edge was very important.
SD-WAN Requires Security to Replacing MPLS
SD-WAN provided a way to simplify the network but that meant adopting Internet everywhere. The inherent risks were obvious. “Now that we’re getting away from private connections, we risk exposing ourselves by providing Internet connections now at all locations. So that was something to weigh. How could we mitigate that risk? “
It meant that security had to be part of his SD-WAN assessment. The notion that traffic across the WAN can be trusted, a common belief in legacy network design, had to be upturned. “If you trust the traffic between a branch and a datacenter, you’re increasing your risk. If there’s a piece of malware in the branch, which thankfully we never had, the malware could propagate across the network. You must inspect the traffic.”
And that inspection must be based in the network. “You can use endpoint control in the computers but that doesn’t fix IoT or devices that might have different operating systems than the ones you control. You really need to have inspection and control in the network.”
Rosen Considers SD-WAN Solutions but Finds Security, Management Lacking
Rosen investigated conventional SD-WAN solutions, but none of those alternatives prioritized security. “We led with ‘security first’ in our assessment, but conventional SD-WAN solutions sold security as an add-on or required a separate security solution.”
“We led with ‘security first’ in our assessment, but conventional SD-WAN solutions sold security as an add-on or required a separate security solution.”
Also, conventional SD-WAN solutions required going through a telecom provider or ISP, who would manage the solution for Guardian. The credit union was already dissatisfied with telco support and did not want to give telcos more responsibility. “It’s hard enough to get them to fix the services they were already providing,” Rosen says. “You already experience problems and now they want to sell you a complete turnkey management solution where they manage your entire network.”
Rosen Turns to Cato’s SASE Platform for SD-WAN – And More
Cato provided Guardian with the enhanced security, application control, and operational simplicity the credit union required. Cato allowed Guardian to achieve needed security without layering on firewalls and other security service, which would have increased network complexity. “Security wasn’t just part of Cato’s technical solution. It’s in Cato’s roots. Your CEO and founder came from that world,” says Rosen.
Cato also proved easy to understand, improving the productivity of the Guardian IT team. The IT team could troubleshoot problems quickly without requiring a great deal of networking expertise. “Anybody on our team now can go in and understand where traffic is flowing and how it’s working,” Rosen says.
“Security wasn’t just part of Cato’s technical solution. It’s in Cato’s roots. Their CEO and founder came from that world.”
And the transition to Cato prepared Guardian for the Covid-19 pandemic. “Who knew that the steps we took months and months ago to improve our network would prepare use for Covid-19,” says Rosen. “But moving to Cato was instrumental in us being able to be elastic and more dynamic in helping us respond to not just the shift to remote workers. Not only could Cato support our remote workers, but we didn’t need to bring cloud and Internet traffic back to our datacenter and consuming our resources. We could keep that traffic where it belonged in the cloud. “
Cato Support Proves to be ‘Nimble’ and Responsive
Overall, Rosen is extremely impressed by Cato’s commitment to customer service. Rosen notes that one night he called Cato after 9 pm and Cato offered to do a remote support session despite the lateness of the hour. Guardian was at that time doing a proof-of-concept (PoC) with Cato — though Cato didn’t know that until later — and Cato’s above-and-beyond commitment to support helped Guardian decide to give Cato its business.
Cato has also proven responsive to enhancement suggestions. “Cato is nimble. When I need something fixed or have a product enhancement, Cato listens,” says Rosen.
“Cato is nimble. When I need something fixed or have a product enhancement, Cato listens.”
And Guardian and Cato both share a common corporate culture, of putting the customer first. “Honestly, I’d love to tell you it was all about the product, but your people, too, are a differentiator.”