One effect of the coronavirus is to highlight the potential shifts or changes essential to many companies’ business continuity plans. After all, pandemics have occurred before; who could have guessed this one would shut down the world? For an industry like manufacturing, remote work has been a particular challenge for all of the obvious reasons (reliance on physical processes and machines) and all of the not-so obvious (the increase in security risks, for example.)
As the country starts to re-open slowly, the industry will have a chance to reflect on what worked and what didn’t in terms of maintaining business operations. For some, this will be a much needed opportunity to change course or re-evaluate. In the case of one precision machining leader, the company was able to successfully ramp up security solutions without negative affect to business continuity, even as the need for scale increased.
Low Overhead, High Scalability
The company, which has doubled its operations over the past 12 years, had an existing security deployment in place. While the fielded security solution was designed for a much smaller organization, the company was able supplement their existing infrastructure to address security scale challenges.
The company is comprised of 250 associates divided across three sites. The company’s entire IT infrastructure however is monitored, maintained and secured by a single subject matter expert. Finding and deploying a solution that could both scale to meet business growth demands and keep management overhead to an absolute minimum was a significant challenge.
The company’s IT project manager needed a security platform that would enable him to single-handedly manage and secure the company’s entire infrastructure. They also preferred to leverage a single vendor that could meet all of their needs, so that when support was needed, it was a one-stop-shop kind of situation.
This led to the choice of a solution with single-pane-of-glass visibility. With it, the company’s IT director was able to monitor and manage his entire network from one console. Additionally, he is now able to leverage the solution’s integrated machine learning (ML) and security orchestration, automation, and response (SOAR) capabilities to automate, and therefore optimize, processes that would require a much larger team to manage manually.
Simplifying Remote Work
This shift in cybersecurity tool strategy enabled the company to survive and thrive during the 2020 shutdown. Just two months after the solution was fully installed and in place, the COVID-19 pandemic forced the company to rapidly transition to a remote workforce model. Without a remote work policy in place at the time, company leaders worried about how they’d be able to support a large remote workforce.
Despite the lack of a remote work policy prior to the pandemic, the IT team was able to execute the transition successfully. A series of emails sufficed for the company’s transition to remote work. In one email to his security provider’s support team, the IT project manager specifically inquired regarding the cost to support 150-200 simultaneous virtual private network (VPN) connections for employees working from home. He was pleasantly surprised to learn that his existing next-generation firewalls (NGFWs) were capable of managing up to 500 simultaneous connections without any additional costs. “With our security provider and our partner, there was a whole team available. They just made it happen.”
Just a few lines of code on the company’s Enterprise Management Service (EMS) were all that was necessary to configure the company VPN. This code added a selectable VPN feature to the endpoint protection solution and configured it with the proper IP addresses. When this step was complete, homebound employees were informed by email of how to install the solution and use the new VPN feature to connect securely to the company network.
With just these few steps, the manufacturer fully supported their remote employees. And since their security solutions also seamlessly integrate with the company’s local directory access protocol (LDAP) server, remote users are able to employ their existing credentials to access the network. Additionally, the endpoint protection solution supports all operating systems, enabling employees to work remotely from Windows, Mac, Linux or tablet computers.
The enforcement of full traffic decryption and inspection can slow throughput on most firewalls, and VPN connections are computationally intensive. These significantly impact application response times. In this instance, the company opted for hardware-based VPN acceleration to minimize that latency, which is vital when the number of inbound VPN connections and the volume of encrypted traffic surges due to a sudden increase in remote workers.
According to the IT project manager, though the entire front-office staff now connect to the network over VPNs, the performance impact has been negligible. He adds, “One month into the shelter-in-place order, our security products kept us working in constant communication and have proven that all is well and that we can do this. We have experienced zero downtime as a result.”
Many companies, and especially manufacturers, never imagined that they would have to shift to a fully remote workforce. However, in this instance, the company’s existing security investment made the transition quick, painless and safe.
A strong cybersecurity stance enables business continuity and unhindered productivity, both of which are true competitive advantages. Consideration of the best solution practices discussed above make possible a security plan that will help to prepare for life’s uncertainties.
Rick Peters is the CISO for Operational Technology, North America for Fortinet Inc. delivering cybersecurity defense solutions and insights for the OT/ICS/SCADA critical infrastructure environments.