How I built it: A unified WFH and cybersecurity platform

Posted on November 24, 2020

Since I started telling my story about being prepared for the pandemic with a work-from-anywhere IT solution built in 2019, everyone has been asking me for details and lessons learned. My October article explained the approach we took to build a global infrastructure and unified communications. This blog continues the story, explaining how the network and security were designed as one strategy to securely enable the remote workforce. Here’s how we were prepared for the challenges of work-from-home from a security perspective.

Problems with security

Before the pandemic, two challenges got in the way of security: performance and visibility. When an organization is struggling with poor connectivity, security is always overlooked. Fundamentally, network leaders and engineers understand the criticality of security, but when applications are running slow, systems are inaccessible, and executives are complaining, interest in security is quickly displaced by the loud call for performance.

Prior to 2020, security was a topic that was viewed as a “necessary evil.” As a directive from the Board, it was necessary to discuss and plan for, but it was not given the right visibility at the senior levels of the organization.

Therefore–outside of the troublesome phishing events–security did not garner the attention that was needed to make a meaningful change in the culture of the organization.
And while all of that was about to change in 2020, there was a key turning point that helped me see the vision for our unified WFH and cybersecurity platform.

The marque moment: Tying infrastructure, applications, and security together

In the beginning of 2017, I received the Board mandate to establish and build the Cyber Security capabilities for our organization. As with all broad directives, the details and criteria for success were left open to interpretation. Part of the initiative was to address the global infrastructure, security for end users, as well as regulatory compliance, but there were also applications and system performance issues. Securing our environment was only part of the challenge, ensuring that performance and user accessibility were not impacted was another–and yet the two are interrelated.

I quickly learned that creating an approach that tied all three together–infrastructure, applications, and security–would allow us to address the Board directive, while also tackling the pressing business issues of a degrading network and poor performance with our cloud applications.

Key lesson: New challenges call for new concepts

Looking back now, it is evident that the approach was not only addressing the challenges we faced at that time, but laying the groundwork for establishing the capabilities that would allow us to navigate the pandemic while allowing our entire workforce to work from home without encountering any of the limitations that would have occurred had we not taken a broader view. It was also a lesson in planning not only for the future, but a future that will look quite different from anything we considered to be “normal” in the past. New challenges always call for new ideas and an open mind to new concepts.
OK, now back to the story–how I built it.

Building a unified approach: Step one is knowing your business-critical apps

With a new focus, my first step was to simplify the process used to determine our list of business-critical applications, while also establishing the best approach for cloud computing.

To address this, we developed an Application Rationalization Project that used business insights and analytics to identify which applications were critical and their true cost. Our findings were surprising to say the least! After a scan of our network, and confirmation with business owners, we discovered over 790 applications that were running within our environment. Of those, only 70 applications were truly being utilized to run the business. The remaining were either from past acquisitions or were one-off solutions that the IT department was never made aware of. With a condensed application list, the next step was to decide which ones to migrate to the cloud and how. This exercise made the task of improving performance all while achieving the Board’s security directive a much more manageable target.

Already engaged with Masergy on our Global Network Migration Project, I proceeded with partnering with Masergy to assist us with improving our Cyber Security Practice as well.

Overcoming security budget constraints with services

With a condensed application list, and a new cloud computing strategy, we were now ready to proceed. Before we began though, it was necessary to make the assumption that I would not be allowed any additional headcount or increases in my budget to meet the end goal. With this in mind, Masergy proposed a solution that took both limitations into consideration. Their approach used machine learning and behavioral analytics to intelligently identify threats as well as respond to them with SOC services delivered by Masergy’s certified security analysts across the globe. This allowed me to quickly implement the first phases of my strategy without concern.

With the security analytics engine and cloud security technologies in place, we initiated our first full scan of our global IT environment. At first, the results were a bit alarming with over 1 million potential risks identified. Working closing with Masergy over the next few days, we began to painstakingly address the security alerts. The hard work paid off. As our process matured, our ability to identify false positives improved, and alerts dropped dramatically within six months. By the end of the first full year, we were only averaging 500 per month, by the end of the second year it was less than five per month.

Today, we call it SASE: Secure access service edge

The ability to combine the strengths of our network and security capabilities into a single end-to-end design, seemed like a natural next step. And with the support of our partners, I was able to establish a fully integrated solution that delivered network services, security services, and voice services.

Today, of course, Gartner would call this a SASE-based approach. We were building on the converged concepts of SASE years before it became today’s buzz term. For organizations looking at their work-from-anywhere needs and at their multi-cloud IT environment, SASE is truly the best approach. These consolidated platforms allow for a completely integrated solution that is easier to manage and offers the flexibility needed to support a long-term WFH policy. With the expansion of cloud computing and managing a hybrid workforce of remote and office users, SASE provides capabilities that simply cannot be matched by attempting to string together multiple point solutions. Including unified communications into our SASE solution only magnified our benefits, by integrating voice, data and security together.

For these reasons, the success of the project drew the attention of the Board of Directors and furthered support for continuing to drive the maturity of the overall initiative. Our next goal was to eliminate scores of complex internal manual processes, and our plan was to include our ERP and business applications to fully extend our security and AI reach in ways that would enhance our automation capabilities.

Stay tuned for more information on our next phase of growth–AI and automation.

Want to read all of the articles in this series?

How I built it: Designing a WFH platform without the pressures of the pandemic

Enabling 5,500 remote employees in one weekend: How one CIO was already prepared for COVID-19

Joseph Gracz

As the CIO/CISO for a fortune 1000 company, Joseph Gracz is an accomplished career IT leader who aligns his organization to targeted business outcomes. With over 20 years of experience in the Information Technology space, Joseph has been responsible for building end-to-end automated IT solutions, integrating and aligning ServiceNow, AI, and networking/security technologies. His background includes experience in energy, manufacturing, healthcare, financial services, and consumer packaged goods.

Related Content

AI for cloud apps: Masergy’s new AIOps is like a digital fortune teller optimizing your video conferencing

Managing cloud applications just got a lot easier thanks to Masergy’s latest AIOps innovations which can predict and prevent application outages.

Read more

Masergy Zenith Program welcomes Blue Equinox, DVP Technologies and RealCom Solutions as Apex members

Congratulations to our partners Blue Equinox, DVP Technologies and RealCom Solutions for attaining Apex level status in the Masergy Zenith Program!

Read more

ZK Research Webinar: Automate your IT operations with AIOps + SASE

Are you ready to prevent network outages with AI? AIOps is the best way to work smarter not harder, and this webinar will help you capitalize on AI.

Read more