Desafíos

Delivering continuous, unified protection to over 6,500 users across 120+ project locations

Resultados

Blocked 122,821 security threats and prevented 98.8 million policy violations in three months

Protected SaaS and internet access for ~6,000 staff and contractors

Reduced network costs by 50% with cloud native secure access

Sped network access provisioning at new project sites

John Holland Snapshot

John Holland is Australia’s leading integrated infrastructure, building, rail, and multimodal transport company. In 2023, it had 80 projects in Australia, with AU$13.5 billion of work in hand.

Sector:

Construction

Sede central:

Melbourne, Victoria, Australia

Size:

~6000 employees, five HQ locations around Australia

John Holland
Vídeo

John Holland Delivers Unified Protection to 6,500+ Users

Kier Morrison Headshot

Kier Morrison

General Manager, IT Technology Operations, John Holland
At John Holland, we’re focused on protecting our data and our customers’ data. Our environment is significantly more secure because of Zscaler. We now have a fully matured, best-in-class cyber resiliency program.

Estudio de caso de cliente

Building a sustainable foundation for flexible work

John Holland transformed the Sydney Football Stadium into a fan favorite, built Australia’s first driverless metro, and is turning an old gold mine into clean hydroelectric power at Kidston Pumped Hydro. As John Holland designs, builds, and manages large-scale public infrastructure projects for its clients, it needs an agile and scalable IT environment. 

“We need to deliver IT services to stand up project sites and decommission them at the pace of business,” said Kier Morrison, General Manager, IT Technology Operations at John Holland. “We wanted a simpler way to provide our workforce with fast, secure access to their apps and the internet, no matter where they connect from.”

Hybrid work is the norm at John Holland, with five head offices and 140 project locations across Australia and New Zealand. Employees, subcontractors, and joint-venture business partners need access to critical SaaS apps, cloud services, and the internet, whether at project sites, corporate offices, their homes, or anywhere in between. 

Cita

Moving with the Zscaler model meant we were able to drop hundreds of firewalls.

Kier Morrison, General Manager, IT Technology Operations, John Holland

Cloud-first demands security transformation

A cloud-first strategy allowed John Holland to be more agile and deliver better outcomes for its clients. But as the company adopted more SaaS apps, it wanted to provide its users with fast, easy access to authorized apps while speeding IT service provisioning to new project sites, and reducing IT costs. 

“We were cloud-first, but we were still routing all of our traffic, including SaaS-bound traffic, back to our data centers and then out to the cloud,” said Morrison. “As we moved to more SaaS apps to support our work, we needed a cloud native security model.”

The company’s traditional MPLS network and perimeter security architecture constricted the speed of IT service delivery and impacted the user experience. All SaaS and internet traffic had to be routed back to the data center for threat detection and security policy enforcement before proceeding to the cloud provider, slowing application response time, consuming network resources, and adding complexity to the IT environment. Users working offsite needed a remote access VPN, which also slowed application response time and was increasingly vulnerable to compromise.

John Holland wanted to provide users with zero trust network access to critical business apps and the internet. With a security service edge (SSE) solution as part of its network and security transformation plans, the IT team hoped to rapidly deploy secure network services to remote project sites, reduce manual security work, and take a more efficient, programmatic approach to security.

“Our rigorous evaluation of SSE solutions focused on three key areas: agility, security, and simplification,” said Morrison.

Cita

The way that Zscaler interfaces into the Microsoft network makes our life exceedingly simple…

Kier Morrison, General Manager, IT Technology Operations, John Holland

Securing user access to SaaS apps from anywhere

John Holland chose the Zscaler Zero Trust Exchange, a cloud native cybersecurity platform that connects and secures users, workloads, IoT/OT, and B2B partners over any network and from any location. 

“At John Holland, we’re focused on protecting our data and our customers’ data,” said Morrison. “Our environment is significantly more secure because of Zscaler. We have a fully matured, best-in-class cyber resiliency program.”

Zscaler Internet Access (ZIA) provides some 6,000 employees with safe, fast internet and SaaS access from wherever they work. ZIA provides inspection of TLS/SSL-encrypted traffic at scale, cloud sandboxing, cloud firewall, cloud data loss prevention (DLP), and cloud access security broker (CASB) functionality. Users access only their authorized apps or resources and are safeguarded from malware, phishing, and other cyberattacks.

“With Zscaler, users at our project sites from the capital cities to the remote areas of the outback have direct access to the cloud and SaaS apps, which allows them to work securely and effectively,” said Morrison.

Zscaler processed 402.8 TB of John Holland’s traffic in three months, preventing 98.8 million policy violations and blocking 122,821 security threats. “It’s been eye-opening to see how many threats hide in encrypted traffic, as well as how effectively Zscaler protects us,” he said.

Simplifying the network ecosystem and reducing costs

“As a result of Zscaler implementation, we’ve seen a 50% reduction in our network costs,” said Morrison.

With Zscaler delivering security protection from the cloud, users’ SaaS and internet traffic no longer has to be backhauled to the data center for threat detection and policy enforcement before proceeding to the SaaS provider⸺and making the same trip in reverse. Cloud native secure access improves application performance and reduces bandwidth costs. 

John Holland also simplified its security ecosystem by dramatically reducing its physical firewalls. 

“Managing firewalls was a full-time job,” said Morrison. “Moving to Zscaler meant we could eliminate hundreds of firewalls, which has simplified our processes, reduced costs, and made us far more secure.”

With the Zero Trust Exchange, the IT team has a central location for network access policy configuration and settings, updates, and threat intelligence. IT spends less time manually creating and maintaining security policies across firewalls and doesn’t have to worry about policy gaps and configuration drift.

Cita

As a result of the SD-WAN project in the implementation of Zscaler, we've seen a 50% on average cost reduction in our networking costs.

Kier Morrison, General Manager, IT Technology Operations, John Holland

Boosting IT productivity with automation and integration

The rollout was swift. “Our networking and cloud teams worked hand in hand with Zscaler as we assessed our current security and adapted the policies for a modern cloud approach,” said Morrison. “All of our users were operating on Zscaler in about a week’s time.”

The operational efficiencies have continued beyond Day 1 as the IT team provisions new project sites or decommission locations. As its business needs change, IT can easily route traffic to Zscaler from any new project site, and the policies, inspection, and defense-in-depth capabilities are already in place. 

“With Zscaler, we are far more efficient in the way we provide users with secure access to our apps from new project sites,” said Morrison. 

To more easily secure and manage corporate devices, Zscaler integrates with Microsoft Entra ID and Microsoft Intune to provide endpoint posture control enforcement. This integration also automates the deployment and provisioning of Zscaler Client Connector agents to endpoints and applies Intune posture policies. 

Zscaler integrates with Microsoft Sentinel, which allows billions of threat logs and transactions to be quickly ingested. As a result, Sentinel has more data points, which enables better threat intelligence, visibility, and protection. It also facilitates compliance and event correlation. “The way Zscaler interfaces with Microsoft makes our life exceedingly simple, and we know that any interaction the user has on that device is secure and protected,” said Morrison.

The Zero Trust Exchange platform easily scaled as John Holland’s network traffic grew 46% in one year—and will continue to scale smoothly as the company continues to expand. A predictable cost model allows the company to plan for growth and reinvest funds once spent on its legacy network and security to support its expansion into renewable energy.