The Gnutti Carlo Group Centralizes WAN and Security, Boosts Digital Transformation with Cato
M&A Left a Complex Infrastructure
Mergers and acquisitions (M&A) can bring a lot of complexity to an organization’s network and security infrastructure. For the Gnutti Carlo Group, a leading global auto component manufacturer with 16 plants in Europe, the Americas, and Asia, that complexity was becoming a barrier to its digital transformation goals and future acquisitions.
“In 20 years, our annual revenue grew continuously to more than 700 million Euros, primarily thanks to M&A” says Omar Moser, Group Chief Information Officer for the Gnutti Carlo Group. “Since 2000, we have started with an intensive program of internationalization, performing various acquisitions of companies of our sector and even competitors, each with different network and security architectures and policy engines. It was getting challenging to keep policies aligned across the company and prevent back doors and other threats.”
The Group ran several small datacenters across locations for local IT services and took advantage of Microsoft Office 365, Microsoft Azure, and hosted SAP cloud applications. “We had it all: private cloud, public cloud, and on-premises applications,” said Moser. It connected most plant locations via IPsec VPNs. For China, there was a shared MPLS connection between Frankfurt and Shanghai.
The company was also going through a major digital transformation. “We’ve been investing heavily in smart manufacturing and artificial intelligence, which we intend to deploy to all our plants,” says Moser.
At a certain point, Moser realized that the only way to serve the business effectively was to centralize security policy and interconnection control among all locations and between plants and suppliers. Starting in 2011, he created and started implementing a roadmap for IT infrastructure standardization and governance. “Adopting MPLS across the board was too expensive,” says Moser, “so to standardize, I had to wait for an SD-WAN solution.”
The Gnutti Group Investigates SD-WAN and SASE, Chooses Cato
Moser investigated a lot of SD-WAN and security solutions, including traditional appliance-based architectures, but wasn’t satisfied with what he saw.
“The other solutions couldn’t give us a single package with integrated security, networking, and remote access,” says Moser. “Only Cato could do it all in a single SASE solution.”
Cato SASE Cloud optimally connects all enterprise network resources, including branch locations, the hybrid workforce, and physical and cloud datacenters, into a secure global, cloud-native service. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance that links automatically to one of Cato’s 75+ Points of Presence (PoPs) and its fast global private backbone. Cato Edge SD-WAN extends the Cato SASE Cloud to provide prioritized and resilient connectivity over multiple last-mile links in physical locations. At the same time, Cato SDP Client and Clientless access enable secure and optimized application access for users everywhere, including at home and on the road.
Cato’s cloud-native security edge, Cato SSE 360, converges a Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Zero Trust Network Access (ZTNA), and Firewall as a Service (FWaaS) with Advanced Threat Protection. It fully enforces granular corporate access policies on all applications on-premises and in the cloud, protecting users against threats and preventing sensitive data loss.
“I liked Cato’s large number of global PoPs, which would allow us to enter our SD-WAN through the closest door,” says Moser. He also liked that Cato didn’t lock the company in with a single intercontinental bandwidth provider and could select the best providers for its customers anytime.
Moser used a tool his organization provides for choosing technology platforms to decide which solution would meet his company’s needs the best. “We used the tool to compare a few SASE solutions, evaluating features and functionality such as traffic control, monitoring, malware prevention, and intrusion prevention, as well as less technical criteria such as the company’s enthusiasm, growth path, positive relationship with us, and response time. We had a great relationship with Cato and very good response time.”
Other pluses for Cato’s evaluation included Cato’s cloud architecture, forward-looking technology roadmap, single comprehensive network and security dashboard, and the Cato Socket. “I really liked having a very simple device to control the last mile,” says Moser. “If I have a new plant to connect tomorrow, it would be incredibly easy; I just plug in the Cato Socket.”
Moser and Cato agreed to a three-month trial. Over those three months Moser and his team connected 10 plants, two service providers, Microsoft Azure cloud services, and 650 remote users to the Cato SASE Cloud, relying on Cato SSE 360 to secure Gnutti’s plants, Internet, cloud, and remote access connectivity. “Everything passed through Cato,” says Moser. Cato shipped Sockets to all the locations, activated connections, and trained Moser and his team on the Cato Management Console. “We spent 45 days defining policies and another 45 days activating and finetuning everything.
Much to Moser’s surprise, the China installation was as easy as the others and performance was great.
“We were skeptical about how well the China connection would work, but it was probably the simplest installation, and the performance was as good as MPLS or better with noticeably better latency,” says Moser. “Two months later, we closed our MPLS contract for China.”
Cato Boosts WAN Performance, Security, Agility
At first, replacing all the local appliance security policies with global policies was a little daunting, but the benefits were obvious. “During that time, we were able to identify a lot of new risks that we hadn’t known about before,” says Moser. “We found users doing things we didn’t like and optimized the blocking of some process flows.”
In general, security was much improved. “We’ve seen a lot of benefit in controlling and optimizing firewall policies to increase our security,” says Moser. “We have much more control over users–who are connected when and for how long. We can monitor connections and traffic peaks, and the Cato IPS allows us to block risky services that were previously open and ensure users are respecting policies.
“Standardizing firewall policies and knowing I can prevent intrusions and malware has allowed me to sleep much better.”
At first, users pushed back a little on Cato’s remote access VPN capabilities because IT was able to apply controls and policies, such as preventing movie downloads, more effectively. Performance working at home was great, however, which made up for the controls. Cloud performance was also excellent.
Cato also increased the Gnutti Group’s business agility for its digital transformation. “It is my job to be proactive and efficient. If we decide to open a new office, we can do it easily.”
Cato support was helpful and responsive.
“We have a solid relationship with Cato’s technical support staff. They are always well prepared.”
CIO Would Do It All Again
The icing on the cake is that Cato has helped the Gnutti Group conform with German Automobile Industry Association’s Trusted Information Security Assessment Exchange (TISAX) framework for auto manufacturing and supplier information security. “Cato supports TISAX, thanks to its interconnection control, anti-malware, and intrusion prevention,” says Moser. “Cato will be the first option for any security initiative we look to down the road.”
Moser has been so pleased with Cato that his department and the company named Cato its 2021 Best Supplier in the Innovation category. The award recognizes the high value of the WAN connectivity and security the Cato SASE Cloud delivers in support of the Gnutti Carlo Group’s digital transformation initiative. “Thanks to the Cato platform, together with strategic services, the Gnutti Carlo Group has benefitted from a more structured, controlled, and secure ICT landscape across the entire company,” Moser said of the award.
Overall, Moser feels he would do it all over again. Says Moser,
“With Cato we have standardization, an innovative approach, and a single partner we can grow with as we transform digitally.”