FDMG Cuts Costs, Revolutionizes Mobile Experience by Replacing MPLS and Mobile VPN
FDMG Cuts Costs, Revolutionizes Mobile Experience by Replacing MPLS and Mobile VPN Separating WAN from Remote Access No Longer Makes Sense for FDMG
For years, enterprises connected locations via wide area networks (WANs), and remote users via concentrators and other remote access technologies. Keeping networking and remote access separate might have made sense when offices were the rule, and mobility was the exception, but in today’s mobile world, such distinctions only complicate mundane IT tasks. Just ask Jerry Cyrus.
As the technical team leader and information security officer at FDMG, Cyrus knew all too well the complexities and costs of separate remote access and networking solutions. FDMG had many journalists working in the field as well as physical locations. Separate security policies were required for fixed and mobile users; user provisioning was also cumbersome.
And then there were the cost and scaling limitations of MPLS and, for that matter, remote access concentrators. MPLS bandwidth is notoriously expensive, particularly for multimedia companies such as FDMG, where stories involve video and other large data formats.
As for remote access, Cyrus was generally pleased with the concentrator’s functioning but tired of the concurrent-user problem. “We would have 50 concurrent users, and once you wanted to add that 51st, you were stuck,” he says.
Cyrus could have upgraded the concentrator, but that would have impacted the business.
“We’d have had to take down the concentrator for about two hours, which wouldn’t have sat well with journalists filing breaking stories from the field,” he says. “Two hours is a lifetime for them. In the past, many drove to one of our offices just to work — not a very good way to experience IT.”
Instead, Cyrus realized that solving both WAN and remote access problems would reduce costs and a whole lot more. “By consolidating security management, we could give users a better mobile experience and simplify firewall and security system operations.”
FDMG Evaluates Cato Cloud
Cyrus considered replacing MPLS with an Internet-based, site-to-site VPN. That would have lowered his bandwidth costs, but it would also have been a “big head-breaker,” he says. “In some cases, we’d have to upgrade concentrator hardware; in others, we’d have to set up new firewalls, configure the necessary tunnels, and deal with a lot more headaches.”
Cyrus had heard how Cato Cloud converges security services, SD-WAN, and mobile access onto an affordable MPLS alternative. With Cato Cloud, he could connect and secure his entire enterprise — offices, mobile users, and cloud resources — with one seamless network.
“After doing some research, I knew Cato Cloud would fit right in,” he says.
But Cyrus had to deal with internal concerns about working with a new company. “At first, people were a bit scared of moving forward with Cato Cloud,” he says. “They were familiar with vendors, such as Palo Alto and Cisco. Cato was new to them. After several conversations with Cato and showing the product, people became much more comfortable.”
Cato’s ability to be rolled out incrementally also helped Cyrus address those concerns. He started small, proving viability by adding a Cato Socket, Cato’s zero-touch SD-WAN appliance, in the Amsterdam hub and connecting a few users with Cato’s mobile VPN client. Both Socket and the mobile client automatically connect to the closest Cato point of presence (PoP), where the Cato software secures, optimizes, and dynamically directs traffic to the Internet or the optimum path across the Cato Cloud network.
Having validated datacenter access, Cyrus connected an internal AWS site to check Cato Cloud’s connectivity. Once successful, he began converting production sites to Cato. Branch offices with more than ten users received a Cato Socket; freelancers and other external users were equipped with Cato’s mobile client.
FDMG Converges Security, Mobile Access, and MPLS with Cato Cloud
With Cato, site installation has been fast and easy. “Cato gives me ‘no-hassle setup.’ I connect the Socket, and we’re online and secured,” he says. “I don’t have to configure firewalls, establish dozens of security rules, or anything.”
Moving sites has also become trivial. “I’m going to be moving one office to another floor, and the only thing I need to ask is if there’s an Internet connection. If so, we’ll be up and running instantly.”
The newfound agility has not gone unnoticed. “Somebody asked me how long it would take to move the team to a new office. When I told him about ten minutes, he was shocked.”
As for performance, Cyrus says users haven’t missed a beat. “Cato Cloud’s latency, packet loss, and uptime have been basically the same as MPLS — but, of course, much less expensive and more flexible,” he says. “If I want to scale up, it’s easy with Cato. With MPLS, I would need to make all sorts of arrangements.”
That’s not to say there have been no hiccups. “Any new technique encounters some configuration issues, and Cato was no different. Early on in the deployment, Cato upgraded one of our Sockets without our knowing. They resolved the problem quickly, and since then I haven’t had an issue.”
In fact, Cato support has been one of the biggest eye-openers for Cyrus. “Cato is not your typical provider,” he says. “The product is flexible, and support is good. If we have modifications and questions, Cato support is always eager to listen and either adjust or recommend a solution to the problem.”
Cato Improves Mobile User Experience and More
Cost savings might have initially driven FDMG’s WAN transformation, but it’s the operational benefits of increased usability and agility that became particularly compelling. “In the early days, users had to open a browser and navigate to our portal, log in, and only then launch an application to get a VPN connection up and running as if they were in the office,” Cyrus says. “There were so many steps, which not only frustrated users but meant more helpdesk calls for support.”
With Cato, Cyrus sets the policies determining the applications and resources available to users and user groups. Mobile users join the Cato network directly, not a separate remote access solution, making network access much cleaner.
“Now users just push the slider on their mobile device, and they’re authenticated right into the network.
Visibility and ease of security operations have also improved. “Not only do we have greater insight into who’s logging into which application across our network, but our security toolset has become much easier to use,” says Cyrus.
“We decide which users can connect to which resource without having to configure different firewall rules.”
FDMG’s Bottom Line: It’s More than Just the Bottom Line
FDMG’s initial goal was to reduce WAN costs, and Cato certainly did that. “We’re spending about 10 percent less with Cato than with MPLS,” says Cyrus. “Our savings are even greater if we factor in the licensing, installation, and management costs associated with the VPN concentrator.”
But more than just costs, Cyrus has gained value. “With Cato Cloud, I increased bandwidth, replaced two things with one solution, improved user experience, maintained performance and uptime, and made IT more agile. That’s what I call a huge win.”
O-I Taps Augmented Reality and Cato SASE Cloud to Realize “Impossible-to-Count” Savings
O-I Taps Augmented Reality and Cato SASE Cloud to Realize “Impossible-to-Count” Savings O-I Needed a Quick Digital Transformation
For many organizations, digital transformation can be a painful experience that consumes lots of time and resources. If you’re a small IT department at a large enterprise, a single solution that can transform and simplify several functions at once can be a big transformation enabler. Such was the case with O-I, formerly Owens Illinois, one of the world’s leading glass bottle and jar manufacturers. In just a few months, O-I deployed the Cato SASE to 200 locations, boosting cloud and internal application performance, enabling work-at-home for its 24,000 employees, and beefing up security across 70 plants in 19 countries.
Before Cato, O-I’s carrier-based MPLS network was showing signs of age in a cloud-enabled, hybrid work environment. “We were a long-term traditional MPLS customer with the typical routers on the edge, network-based firewall appliances, and legacy VPN concentrators,” says CIO Rodney Masney. “As we reached the end of our agreements, we felt the time had come to rethink our approach to networking and security.”
O-I had been transitioning applications to the cloud, with a broad implementation of Microsoft 365 and plans for other SaaS and cloud services. “There simply wasn’t enough bandwidth for all we had to do, whether it was SharePoint access, Microsoft Teams video conferencing, or working with our other cloud and internal applications,” says Masney. “We needed a cost-effective way to increase bandwidth to our locations and to the cloud.”
Security had always been a top priority of Masney’s relatively small IT team and maintaining and refreshing multiple legacy firewall appliances took time and resources away from transformation initiatives.
Perhaps the final straw was the sudden explosion of the COVID-19 epidemic. “We had to send thousands of employees home where it was challenging for our legacy VPN to provide the bandwidth and utility executives and other staff needed every day to get their work done,” says Masney.
In summary, OI faced a lot of challenges all at once. “Swizzle all that together and you come to the sudden realization that you need to do something transformational,” says Masney.
O-I Crafts and RFP, Chooses Cato SASE
O-I put out an RFP to find solutions for its various issues. “We sent RFPs to several suppliers, including our incumbent, and looked at a range of alternatives, from continuing with our current provider at lower cost to solutions that could provide a total transformation.
After some research, Masney’s team narrowed the choices down to two principal contenders, a major security solution provider and the Cato SASE. “I liked the other provider’s technology from a security perspective, and it worked well,” says Masney, “but it was a lot more complex and time consuming to deploy than the Cato SASE.”
After doing proofs of concept for both, Masney’s team felt strongly that Cato was the best solution for O-I in terms of technology, cost, ease of deployment, and support. Masney knew that with a team so committed to the Cato solution, he would get the best results.
Cato SASE Cloud optimally connects all enterprise network resources, including branch locations, the hybrid workforce, and physical and cloud datacenters, into a secure global, cloud-native service. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance that links automatically to one of Cato’s 75+ Points of Presence (PoPs) and its fast, global private backbone. Cato Edge SD-WAN extends the Cato SASE Cloud to provide prioritized and resilient connectivity over multiple last-mile links in physical locations. At the same time, Cato SDP Client and Clientless access enable secure and optimized application access for users everywhere, including at home and on the road.
Cato’s cloud-native security edge, Cato SSE 360, converges a Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Zero Trust Network Access (ZTNA), and Firewall as a Service (FWaaS) with Advanced Threat Protection. It fully enforces granular corporate access policies on all applications on-premises and in the cloud, protecting users against threats and preventing sensitive data loss.
O-I’s deployment of the Cato solution to almost 200 locations and thousands of home users was quick and easy. “We’ve installed Cato to internal locations, the cloud, and home and hybrid work users at a much faster pace than we ever thought possible,” says Masney. “We don’t have to wait weeks or months for circuits to be upgraded or changed like we did with traditional MPLS. The Cato Sockets just show up at our plants, we connect them, and off we go.”
Cato Delivers Transformation with Cost Savings
The business benefits of the switch to Cato have been dramatic. “Cato has transformed our ability to connect to our network in a very different, meaningful way,” says Masney. “People working at home and the office get much better throughput for both internal and cloud application performance with much higher levels of security. The Cato solution has improved our ability to service our plants, including those in obscure locations, by collaborating using MS Team’s video and audio, which didn’t work very well before. MPLS circuits are expensive in some areas but with Cato we can get tens or hundreds of megabits at a very favorable cost.”
Hybrid work has also been a big success thanks to Cato. “The VPN client is a real treat,” says Masney. “It’s easy to deploy, works very well, and we haven’t seen any service issues. I’m really pleased with it.” Cato has since enabled O-I to move to a connected work policy that encourages employees to work at home but also provides the option to work at the office.
Since the Cato transition, O-I has started taking advantage of Microsoft HoloLens, an augmented reality application that allows engineers to troubleshoot plant manufacturing issues from afar. “If someone has a problem at a plant, an engineering expert at another location can just slip on a HoloLens headset, see for themselves exactly what’s happening, and give relevant, specific advice without having to hop on a plane. You can’t use HoloLens if your bandwidth is always getting tapped out. The savings we get with Cato and HoloLens are almost impossible to count.”
Masney estimates that with Cato alone he’s saving somewhere around 20 % in communications costs compared to the previous solution, even though he’s still running MPLS to some locations, while getting the security bonus Cato provides for both locations and home and mobile users.
He feels that the strong security services the Cato solution provides fit the purpose for his company. “It has improved our security posture immensely,” he says. “Cato is much simpler to deploy and quicker to value than other systems we evaluated,” says Masney.
He adds, “With Cato we have a good, solid sedan with the speed of a Porsche that got us exactly where we needed to go fast.”
Devro Boosts Network Visibility and Enhances the Hybrid Work Experience with Cato
Devro Boosts Network Visibility and Enhances the Hybrid Work Experience with Cato Devro Investigates Firewall Replacements, Chooses Cato SASE Cloud
It was clear that Devro needed to replace its aging firewall appliances, which is why it started working with its technology partner to investigate options, including those from firewall appliance vendors. It soon became evident, however, that there were business benefits to a single solution encompassing firewalls and other functions, such as a secure Web gateway and even SD-WAN connectivity. “Some of our manufacturing plants are in remote locations where connectivity wasn’t always great,” says Cappie. “That is what made Cato’s SASE, SD-WAN solution so appealing. Once we saw what Cato could do for us in terms of SD-WAN, remote access, and security, we started discussing those capabilities with competing vendors.”
Cato SASE Cloud optimally connects all enterprise network resources, including branch locations, the hybrid workforce, and physical and cloud data centers, into a secure global, cloud-native service. Connecting a location to Cato is a matter of installing a simple Cato Socket appliance that links automatically to one of Cato’s 75+ Points of Presence (PoPs) and its fast, global private backbone. The Cato Socket, Cato’s edge SD-WAN device, extends the Cato SASE Cloud to locations, providing prioritized and resilient connectivity over multiple last-mile links. At the same time, Cato Client and Clientless access enables secure and optimized application access for users everywhere, including at home and on the road.
Cato’s cloud-native security edge, Cato SSE 360, converges a Secure Web Gateway (SWG), Zero Trust Network Access (ZTNA), Firewall as a Service (FWaaS), Secure Web Gateway (SWG), Data Loss Prevention (DLP), and Remote Browser Isolation (RBI). It fully enforces granular corporate access policies on all applications on-premises and in the cloud, protecting users against threats and preventing sensitive data loss.
It soon became apparent that Cato was the only solution that combined so many critical functions under a single SASE and management pane of glass. “Other solutions felt like a bunch of separate pieces bolted together and had too many add-ons and options,” says Cappie.
“Cato’s single pane of glass made a big difference for us in simplification, standardization, and troubleshooting across all those functions and using role-based access to divide the management of areas, regions, or subsets of users amongst the team,” Cappie said. Getting support directly from Cato, rather than a third party was also appealing.
With Cato’s single sign-on users would no longer have to log onto the VPN every day for remote access or the Web gateway client for Internet access, and IT would get 24/7 visibility across user and remote office systems. “Thanks to Cato we’ve been able to run vulnerability scans, security updates, and policies across all connected systems any time night or day,” said Cappie.
Cappie also liked that deployment of the Cato SASE Cloud solution would be seamless and non-disruptive. “It was clear that the other solutions would have required more planned downtime,” says Cappie. “From a business perspective, Cato’s easy deployment was a big selling point.”
At Last, Reliability and a Single Pane of Glass
Deployment of the Cato solution was easy as promised and Cappie found Cato support responsive--not only for user and IT troubleshooting but adding new features. “There were a number of things we and other customers suggested that ended up in the platform within a matter of months,” says Cappie. “With the other vendors, it would more likely have taken years, if it ever happened.” And Cato was always there to suggest ways to use its solution more effectively. “We leaned heavily on Cato’s professional services team, which was really good at coming back and saying that we’d be better off doing something one way instead of another or trying this other option.”
What Cappie likes best about the Cato solution is its ease of management. “The platform interface is well laid out,” says Cappie. “It is so easy to access lots of detailed information, or just the high-level stats if that is all you need. It is great to have that dashboard with the overview showing all your sites online and how many users are connected at any given time and the event screen is incredibly useful. Our old firewall interface seems so archaic in comparison.” And all of Cato’s functions are baked in, rather than bolted on as options. “In terms of being intuitive, Cato’s platform is undeniably the best possible solution,” Added Cappie.
Reliability and performance have been excellent with Cato and user feedback has been overwhelmingly positive. “Users love that once they do that initial sign-on, the VPN is always on and they can just do their work and forget about it,” Cappie said. “Cato’s user experience, easy management, and robust security have come together to make a significant difference for everyone at our company, even at the board level.”
“The platform interface is well laid out,” says Brian Cappie. “It’s so easy to access lots of detailed, useful information, or just the high-level stats if that’s all you need.”
“Some of our manufacturing plants are in remote locations where connectivity wasn’t always great,” says Brian Cappie. “That is what made Cato’s SASE, SD-WAN solution so appealing. Once we saw what Cato could do for us in terms of SD-WAN, remote access, and security, we started discussing those capabilities with competing vendors.”
“Cato’s single pane of glass made a big difference for us in simplification, standardization, and troubleshooting across all those functions and using role-based access to divide the management of areas, regions, or subsets of users amongst the team,” Brian Cappie said.