課題
Replace a legacy MPLS-based traffic routing solution with a scalable, cost-effective, and secure alternative
成果
Provides identical protection for users anywhere, including native TLS inspection and Cloud Sandbox
Reduces costs and complexity with local internet breakouts—up to 80% expected opex savings
Improves user experience with fast, secure access to cloud apps and services
Reduces the time required to deploy and manage additional locations
GHD Group の概要
GHD is a leading professional services provider in the global markets of water, energy and resources, environment, property and buildings, and transportation. GHD provides engineering, architecture, environmental and construction services to private and public sector clients on five continents.
業界:
Services
本社:
Australia
Size:
12,000+ employees in 240+ offices worldwide
事例の詳細
Replacing legacy infrastructure
GHD found itself in a very common position for many companies today: its information and communications technology (ICT) environment had become incredibly complex. With an increasing reliance on internet services, the GHD Information Security team was facing some difficult challenges.
Those challenges intensified after a large acquisition, which brought 100 remote offices in North America into the GHD family. These smaller offices consisted of 10 or fewer employees each and introduced the challenge of connecting these offices within GHD’s legacy network.
“Our existing infrastructure solutions did not scale to that size of an office very well or very cost-effectively,” said Randy Taylor, Global Network Manager, GHD.
With less than 5% of its network traffic being used for voice and video collaboration, the company’s legacy MPLS-based solution was no longer an ideal fit. GHD needed to find a way to securely route internet-bound traffic locally.
Protecting branch and remote offices
Following extensive research, GHD selected Riverbed SteelConnect SD-WAN.
SD-WAN essentially gave GHD the ability to add offices anywhere there was an internet connection. “With this change, we expect opex savings of 70 to 80 percent over the next five years,” Taylor said.
Then, GHD had the task of providing SD-WAN security across all locations.
“Previously, this had meant deploying physical security appliances at each location and relying on security layers not specifically designed to protect systems against increasingly advanced internet-based threats,” said Taylor.
As cyberthreats became more sophisticated, GHD’s existing protections proved ineffective. “We were seeing an increase in the number of laptops returning from the field in an infected or insecure state,” Harding said. “We needed to find a way to ensure these devices would remain protected at all times regardless of where they were being used.”
GHD’s Information Security team recognized that a cloud-based security solution would be the most appropriate security architecture for the company. After a detailed review of a number of potential vendors, they chose Zscaler to monitor and manage all internet-based traffic.
“The fact that Zscaler is a pure-play cloud service—that made it such a good match for us,” Harding said. “It meant we could avoid the need to deploy traditional hardware-based solutions in each office or project site. This significantly reduced deployment time, total cost of ownership, and our risk exposure to internet-based threats.”
Seamless security for all
GHD required comprehensive and intelligent network security that met the needs of some of its most security-conscious clients.
“Being that GHD is a company that provides service to many sensitive organizations globally, network security is very key to objectives. Without the use of Zscaler cybersecurity, we would not have the success that we have today with SD-WAN technology,” said Taylor.
All internet traffic for GHD was now being routed to the nearest Zscaler node from Riverbed SteelConnect SD-WAN. Securing traffic with Zscaler allowed for a consistent security policy at all offices, regardless of location. This meant that all GHD employees were now better protected from web-based threats and were able to use the internet with the confidence that the appropriate protections were in place at all times.
In addition, GHD uses Zscaler Cloud Sandbox to provide further protection from threats not detectable using traditional security techniques. This has allowed the Information Security team to be confident of maintaining an appropriate level of security while broadening access to internet-based services.
GHD’s Information Security team was impressed by the ease with which existing security policies could be mapped to the Zscaler service. Plus, since Zscaler handled day-to-day platform maintenance and management of the solution, the GHD Information Security team only needed to monitor any exceptions that occurred, reducing the team’s workload.
Secure SD-WAN solution
With Riverbed SteelConnect and Zscaler, GHD deployed a secure SD-WAN solution that simplified branch office IT by eliminating the complexity of security appliances and traditional routing operations.
SD-WAN enables GHD’s outbound traffic to flow across the best available path, including low-cost internet connections and 4G/5G, to quickly connect users to the internet and cloud applications. Zscaler, enables GHD to inspect, secure, and protect traffic across all locations and provide identical protection for all users, wherever they connect.
In the end, Zscaler and Riverbed helped GHD reduce the cost and complexity of routing traffic locally and securely, simplify branch operations, and scale to meet their unique business needs.
ソリューション