Credit Union Improves Network Control & Security with SDWan
Case Study: Credit Union Improves Network Control & Security with Cato
Company profile
Guardian Credit Union, an Alabama-based credit union, had a private network connecting 20 sites across a dozen Alabama counties. The Layer-2 network mixed MPLS and Metro Ethernet point-to-point connections from the datacenter to the branches. Access to the cloud was through a secure internet portal in the central datacenter. Applications included voice and cloud applications such as Microsoft 365 and Zoom.
Guardian was founded in 1958 to provide savings and loan accounts to those in the Alabama National Guard and their families. We have continued to grow in the community to who we are today, a full-service financial institution that is open for membership to anyone that lives, works, worships or attends school in the thirteen counties we serve.
Challenges: Cloud Applications demand greater network visibility, without compromising security or increasing complexity.
Guardian Credit Union is a regional business that faced big network challenges. The credit union needed better visibility and application control, without compromising security or making the network so complicated it would require a team of wizards to operate.
Like many companies, Guardian had relied on a mix of point-to-point, layer-2 connections to connect sites. The MPLS and Metro Ethernet network was configured in a hub-and-spoke, backhauling requests to Guardian's central datacenter to access applications data, and from there through a secured Internet portal. In short, it was the kind of complex configuration typical of legacy enterprise networks.
"I have experience in complex environments so it's not hard for me to get it and support it, but I have other things to do too and so does our team," says Scott Rosen, vice president of technology for Guardian.
Managing a complex network requires lots of training, which Rosen wanted to avoid as a requirement for Guardian's IT operations team. "It takes a ton of time and expertise. You don't just go out and take a couple of courses in how the network works in a complex environment," says Rosen. "So for us, moving to SD-Wan wasn't necessarily about reducing costs, even though that was something that happened, but it was more about the visibility of the network. We wanted to reduce the complexity of the network but maintain its protection and resilience."
Solution: SD-Wan added with Security to replace MPLS
SD-Wan provided a way to simplify the network but that meant adopting Internet everywhere. The inherent risks were obvious. "Now that we're getting away from private connections, we risk exposing ourselves by providing Internet connections now at all locations. So that was something to weigh. How could we mitigate that risk?"
It meant that security had to be part of his SD-WAN assessment. The notion that traffic across the WAN can be trusted, a common belief in legacy network design, had to be upturned. "If you trust the traffic between a branch and a datacenter, you're increasing your risk. If there's a piece of malware in the branch, which thankfully we never had, the malware could propagate across the network. You must inspect the traffic."
And that inspection must be based in the network. "You can use endpoint control in the computers but that doesn't fix IoT or devices that might have different operating systems than the ones you control. You really need to have inspection and control in the network."
Results: Guardian turns to Cato's SASE platform for SD-Wan and more
Cato provided Guardian with the enhanced security, application control, and operational simplicity the credit union required. Cato allowed Guardian to achieve needed security without layering on firewalls and other security service, which would have increased network complexity. "Security wasn't just part of Cato's technical solution. It's in Cato's roots. Your CEO and founder came from that world," says Rosen.
Cato also proved easy to understand, improving the productivity of the Guardian IT team. The IT team could troubleshoot problems quickly without requiring a great deal of network expertise. "Anybody on our team now can go in and understand where traffic is flowing and how it's working," Rosen says.
"Security wasn't just part of Cato's technical solution. It's in Cato's roots. Their CEO and founder came from that world."
—Scott Rosen, Vice President of Technology for Guardian.
"Cato is nimble. When I need something fixed or have a product enhancement, Cato listens.""
—Scott Rosen, Vice President of Technology for Guardian.
