Sfide
Moving 683/700 employees to a secure work-from-home setup by replacing a VPN that (literally) couldn’t take the heat
Risultati
Gives 700 users private application access without sacrificing user experience
Replaced a legacy VPN that went down during 110-degree weather
Enables immediate onboarding after the 40th acquisition in 14 years
Leverages Zscaler vendor ecosystem to improve endpoint security and threat detection
CAPTRUST Snapshot
CAPTRUST provides investment advisory services to retirement plan fiduciaries, endowments, and foundations and wealth planning services to executives, business owners, and families.
Settore:
Financial Services and Insurance
Sede centrale:
Raleigh, NC, USA
Size:
700 employees
Caso di studio del cliente
How an Outage Prepared CAPTRUST for a Pandemic
The past couple of months have, at times, seemed more like a movie script than actual reality. Fortunately, this movie we are living through includes scenes that make us hopeful and show us a path to where we, as technologists, should strive to be. Let me give you a glimpse into our story, which fits more into the inspiring feel-good category rather than the catastrophic drama that, unfortunately, many of our fellow global citizens are living through at this moment.
Sunday, March 15: CAPTRUST’s leadership team decided that the following day would be our last day in the office. Later that evening, we distributed a message using our urgent notification system to all employees informing them to prepare to work from home starting Tuesday, March 17. From that point on, only 27 named employees out of 700 team members were on the list to be allowed back into any of our facilities.
Monday, March 16: Admittedly, there was a scramble—but not a network or VPN scramble. Our employees were busy packing their monitors, docking stations, keyboards, and mice to replicate their workspaces at home and make working from home as productive (or nearly as productive) as being in their office.
Wednesday, March 18: On day two of our mandated work-from-home journey, we all caught our breath and started to realize that we were good—as good as one can be in the midst of a global pandemic—and people started to settle in for the long haul. Naturally, our people were scared about the looming economic downturn and market volatility, as we are an employee-owned, independent investment advisor with $370 billion of assets under advisement.
The steady drip of negative economic and health-related news that exacerbates fears among our clients with regard to their financial investments and beyond translates into additional work for us as their trusted partner. Hence, not having to be worried about our core technology or our staff being able to continue to serve our clients and the community was extremely important in our Business Continuity efforts.
Since we had implemented Zscaler Internet Access™ (ZIA™) for internet security policy enforcement and Zscaler Private Access™ (ZPA™) as our primary remote access solution, we had no issues (and hope to have no issues in the future) transitioning to a fully remote workforce. With ZIA, our users are still subject to web filtering and internet access policies, protecting them wherever they work. ZPA also provides them access to private applications, such as our phone system, without sacrificing user experience.
Preparing for business continuity in times of stability
I attribute our positive experience switching to working from home to our journey to the cloud, which we began in early 2017. We moved core systems, such as Microsoft Dynamics CE, into the cloud and repositioned most of our server assets to Azure. We shed running our own email and SharePoint, and moved this into Office 365. The year saw so much change! As part of this project, we realized that the cloud experience that we were embracing would be tarnished if we kept our traditional network in place.
At the time, our MPLS network was secured with appliances for our headquarters and a cloud solution from the same vendor for regional offices. It was virtually impossible to keep them synchronized in terms of policy, and we were never able to get the appliances to work properly in our headquarters. Hence, we switched to an SD-WAN solution and knew that, with so many Internet egress points, only a cloud-based security solution would be able to meet our security needs and scale with our growth. After an unplanned but fateful meeting with Lisa Lorenzin from Zscaler at Microsoft Ignite, we embarked on our journey with Zscaler.
Refining BCP/DR after a real-life test
In early 2018, I was tasked with leading our business continuity efforts and to revamp our Business Continuity Planning/Disaster Recovery (BCP/DR) capabilities. Not long after, in June of 2018, we experienced a major power outage in our headquarters building that lasted five business days. While the temperature in our building rose to over 110°F—it’s hot in North Carolina in the summer—250 employees were forced to work either at a business continuity facility that we maintain in a nearby data center or from home.
While our clients did not notice this turbulence, some of our employees were not as effective as they could have been. Our VPN was overloaded, not everyone had a laptop, and the pre-placed disaster recovery machines did not have all the specialized software our employees needed, such as Adobe Creative Suite for the marketing team. Once business returned to normal, as a result, we stopped providing employees with desktop computers and switched almost everyone over to laptops/tablets. In addition, we rolled out ZPA so that our users would never again have to think about VPN.
Preparing early for the pandemic
In January 2020, we knew COVID-19 was coming—to what degree was debatable—and convened our Critical Incident Response Team to take the necessary steps to be prepared for conceivable eventualities. We rolled out softphones. We urged leaders to think about backup personnel for backup personnel in case of mass absenteeism. We asked everyone to validate that they could work from home, and made sure USB dongles, HDMI cords, and Ethernet cables were provided.
When March 17 came around, we did not have to make any network and security changes, adjust capacity, or even install new equipment—any of which would very likely risk the introduction of security misconfigurations or performance failures. For us, Zscaler is an integral part of a solid BCP/DR program and has proven itself in this difficult situation.
While we were all saddle sore the first few weeks switching from mostly face-to-face or conference room speakerphone conversation to Microsoft Teams, imagine how unpalatable this experience would have been if all this traffic had been routed to a central hub and a stack of appliances for inspection?
This transformation has been a true example of an excellent team effort, from our CEO and President who was willing to invest in technology changes to enable the scalability necessary to propel our growth, coupled with the forward-thinking vision of our Head of Information Security & Network Nick Brezinski, our Head of Infrastructure Ken Carter, and our Head of Application Development Scott Andrews. We have been fortunate to have bought into this ecosystem early on, moving to a new network model and security architecture, leveraging a vendor ecosystem, including Microsoft, CrowdStrike, and Zscaler, that naturally complements each other.
Following our mission throughout the crisis
Being able to continue our work uninterrupted has allowed us to constantly serve our clients throughout these turbulent times and continue with M&A activity, which is an important driver for the sustained growth of our business. In March, we successfully completed the 40th acquisition in 14 years, and using ZIA and ZPA, we were able to get our new employees set up and productive almost immediately.
What also drives us at CAPTRUST is giving back to the communities in which we live. Our mission is not only to grow our business and keep our operations stable but also to be a stabilizing factor for our community. Through the CAPTRUST Community Foundation, we strive to enrich the lives of children by raising $10 million by 2026 through employee contributions.
Our CEO issued a challenge at the end of March to raise an additional $100,000 so we could double emergency grants to local agencies that support people through the pandemic. Little did he know that our employees would surpass that total to reach $137,000 in only three weeks. So far, $95,000 has been distributed to 50 nonprofits nationwide.
This situation is taxing for everyone, but I know we will see brighter days ahead. Just as we got through the financial crisis in 2008, we will get through this as well. While we are waiting for a treatment or a cure, we cannot let fear gnaw at us, and we have to stay productive to serve our clients and communities with service beyond expectation, exactly as called for in our company mission.