We also realized a year-over-year saving of $84,000.
Our new network security infrastructure includes multiple FortiGate-500A appliances deployed at our corporate
data center and a FortiAnalyzer appliance for centralized
logging and network analysis, as well as a FortiManager
appliance for managing all appliances, no matter where they
are located throughout our network. The FortiManager
appliance enables the IT staff to easily manage our corporate data center’s cloud-based firewall, eight plants and four
home offices from one platform.
In addition, the newly designed MPLS
network includes FortiWifi-60B appliances
at each plant, which has allowed our IT team
to offload content filtering, an intrusion prevention system (IPS) and antivirus functionality. This increased the speed of the overall
network, enabling our users to directly access
resources such as the Internet, e-mail and
other business applications without having to
route all the data back through our corporate
data center.
One of the biggest benefits we’ve experienced with our new security deployment has
been the ability to make our environment less
complex by eliminating extra appliances. Our
network security revamp also enabled us to
reduce energy costs by 14 cents an hour and realize significant space savings with the removal of unnecessary appliances.
We were able to consolidate multiple vendors’ appliances into a few Fortinet appliances, thereby reducing
expensive data center real estate, which is extremely valuable to a company our size. And even with the extra security appliances, we also were able to scale back 5U worth
of rack space.
Chris Johnson, senior
system administrator
for US GreenFiber
Being able to allow and disallow specific parts of these
social networking tools as needed is invaluable because it
further protects us from possible threats. Application control is the one additional step our IT team is taking to protect GreenFiber from data leakage and other threats.
SETTING POLICIES
In addition to deploying a consolidated security infrastructure, our IT and management teams developed internal policies to shape the way our employees use social networking
as business tools. We developed policies that would protect
against both internal and external security threats, such as
data leakage.
To reassure employees who may have worried that IT
was playing Big Brother, our IT department held lunch-and-learn sessions to communicate corporate, remote and
plant policies. Open forum and e-mail communications to
employees focused on how the policies are meant to protect business-critical data.
The application-control feature in our security appliances allows us to set policies to control who is permitted
to use Web applications. Social networking sites are a business tool for our corporate employees, but Fortinet’s application-control functions ensure that unnecessary features such
as MySpace or Facebook chat aren’t activated. Other social
applications, including AOL Instant Messenger and Yahoo!
Messenger, are allowed, but chats are stored and logged
within the FortiAnalyzer appliance in case a situation arises
that makes it necessary to review IM conversations.
EVOLVING AND NEW THREATS
In the past year, our IT team deployed a private cloud on
VMware’s vSphere to host many internal applications,
Fortinet data leakage prevention (DLP)
technology has helped us secure the movement of confidential and sensitive company
and personal information. Confidential data
traversing through our network—including
Social Security numbers and credit card
information—is now protected. This helps us
safeguard our customers and employees from
having their data maliciously siphoned off
by either external and internal threats.
Security affects all aspects of IT, even areas
that people rarely consider, such as the help
desk. A business help desk is the reactive department of an
IT organization: The less they have to react to employee
requests for assistance, the more operational the business
as a whole is.
Because of our network security deployment, we have
experienced a dramatic decrease in help desk calls regarding
spam, malware, viruses and computer/network latency
issues. Our help desk tracking software, Numara’s Track-IT!, shows that we have reduced help desk calls by about
32 percent. This is just one way our IT team measures the
success of the security deployment at GreenFiber.
Our IT team is always looking for innovative techniques
to secure the information of our business, our employees
and our customers—and to thwart security threats that are
evolving daily as cyber-criminals continue to get smarter and
more malicious. We will “tiger team” our network infrastructure [test its security by attempting to defeat it] from time
to time by means of social engineering, localize denial-of-service attacks on our test-bed cloud and explore exploitation frameworks such as Metasploit.
These efforts help our IT team defend against both
external and internal threats, while achieving business
objectives that help our bottom line. That approach will
enable US GreenFiber to grow steadily and securely. 3
Chris Johnson, the senior system administrator for US GreenFiber,
has more than 10 years of experience in the information technology
field. Prior to joining US GreenFiber, he worked for Newell
Rubbermaid, General Dynamics and Lead Technologies.
JOB OPENINGS: Submit your Job Site article
submissions to editors@baselinemag.com.
