Financial Services
Gordon Brothers Achieves Major Cloud Migration, WFH Transition and Centralizes Security with Cato SSE 360
Gordon Brothers Needed a Network Solution for Cloud Migration and Security
The cloud offers organizations agility, flexibility, scalability, and the means to ramp up new services with incredible speed. Migration to the cloud doesn’t happen all at once, however, and can be challenging for global organizations with lots of dispersed locations and IT solutions. Add in a global pandemic and you’re looking at a possible recipe for major business disruption.
Such was the case for Gordon Brothers, a global enterprise that partners with companies, advisors, investors, and lenders to fuel growth, facilitate strategic consolidation, and finance new opportunities.
David Cherenson, Director of IT Operations, sought a way to migrate globally dispersed applications to Microsoft Azure. “In 2017 our apps and data were spread across our main Boston datacenter, the Midwest, London, and some other locations,” says Cherenson, “all of which were connected with point-to-point circuits or site-site VPNs.”
Security came from a mix of dispersed appliances with different capabilities and sets of policies, and management divided between IT and service providers depending on location. “We work with a lot of finance companies, so we’re always asked about security,” says Cherenson. “At that time, I felt security was all over the map.”
Gordon Brothers’ small IT staff rarely had the time or resources to monitor network traffic consistently for suspicious activity. Cherenson felt strongly that he needed to centralize security and get the monitoring piece in place.
Gordon Brothers Starts its Cloud Migration
Gordon Brothers started its cloud shift with Office 365 and Azure Active Directory and then decided on a major Azure migration.
They interviewed several IT cloud migration partners and looked at the proposals, but Cherenson couldn’t shake the feeling that something big was missing. “Nobody talked very much about networking,” says Cherenson, “except maybe how to connect directly to an Azure datacenter. How were we going to move things without impacting our users if the users, data, and applications were spread out all over the place? It was clear to me that we needed a network that could connect to all of them throughout the whole migration process so we could move things around transparently.”
Cherenson started looking for a network solution that could help make the migration seamless. “I did a lot of research, talked to a lot of people, and looked at some companies,” says Cherenson. That was when he found Cato.
“Right away I thought Cato was what I was looking for because we could use it to connect all of our offices, and even our remote users, to one central cloud.”
He also realized that the Cato solution would also solve his security issues. “With Cato Security Service Edge (SSE) 360 we could centralize our security policy globally, rather than having to deal with different policies and brands of firewall appliances in different locations,” says Cherenson.
“Other contenders had security features, but I really felt that with Cato, security was the DNA on which everything else was built, and that’s what I needed to sleep at night.” Cato was also the only alternative that connected remote users to the same network and security architecture as offices and the cloud.
Cato SASE Cloud optimally connects all enterprise network resources, including branch locations, the hybrid workforce, and physical and cloud datacenters, into a secure global, cloud-native service. Connecting a location to Cato is just a matter of installing a simple Cato Socket appliance that links automatically to one of Cato’s 75+ Points of Presence (PoPs) and its fast global private backbone. Cato Edge SD-WAN extends the Cato SASE Cloud to provide prioritized and resilient connectivity over multiple last mile links in physical locations, while Cato SDP Client and Clientless access enable secure and optimized application access for users everywhere, including at home and on the road.
Cato’s cloud-native security edge, Cato SSE 360, converges a Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Zero Trust Network Access (ZTNA), and Firewall as a Service (FWaaS) with Advanced Threat Protection. It fully enforces granular corporate access policies on all applications on-premises and in the cloud, protecting users against threats and preventing sensitive data loss.
Cherenson went to the CITO and told him why he thought they couldn’t go ahead with their cloud migration project until they figured out how everyone was going to connect to everything simultaneously. “I told him I thought we should tackle the networking piece first,” says Cherenson. “Fortunately, he said, ‘I think that’s a good idea.’”
Cherenson did a proof of concept with Cato that went very well, and then moved to a pilot. “We started connecting our main offices and Boston datacenter just so we could try it out,” says Cherenson, “and we connected a small group of users with the Cato VPN client.”
Cato Simplifies Security for Business Transformation
Cherenson was excited about the security possibilities he saw with Cato during the pilot.
“I realized very quickly that Cato SSE 360 took geography out of the equation. We could implement a global policy and use it to control all our network entry points and apply it to every single person on the network. We could also take advantage of Cato’s antimalware, IPS and all that other stuff and apply it not only to WAN traffic but to our Internet traffic as well.”
Cato MDR, a part of SSE 360, would solve the monitoring issue. “Cato’s MDR service monitors the network for us and notifies us if they notice anything anomalous, malicious, or otherwise suspicious,” says Cherenson. “We didn’t get lots of those notifications at first, but certainly more than we get now, because we’ve used that information to keep tuning things over time.”
With the pilot’s success, he decided it was time to connect anything to Cato that hadn’t been connected yet, including other offices, datacenters, and a pilot Azure environment they were testing. “Cato’s performance with Azure was really good,” says Cherenson, “so I felt we could have that conversation about doing a big migration.”
Users didn’t notice any change during the Azure migration. “Let’s say we had a file share in our Boston datacenter. Over a weekend we could cut it over to Azure without having to change anything except DNS and the VPN client would route to the Azure datacenter in Virginia without anyone noticing anything.”
Gordon Brothers Transitions to Work-At-Home in a Week
March 2020 hit Gordon Brothers like a ton of bricks. “One day we were in the office and the next we weren’t,” says Cherenson, “but in a way we were lucky because I told my boss, ‘We have this pilot group on Cato and it’s working very well. I can get everyone on it pretty quickly.’ Fortunately, he agreed again and, so we did.”
Most of the company was on Cato within a week. “We sent out emails to the staff with a few screenshots and the VPN client installers and tweaked as we went along.”
Cherenson was concerned that he was putting all his remote access eggs in one basket, but he felt he had no other option. “Fortunately, it worked out really well,” says Cherenson.
The Cato solution has paid for itself in cost savings and a quick ROI, but most importantly, it’s allowed Cherenson to eliminate some technical challenges and focus on strategic initiatives. “We’ve made a tremendous amount of overall progress in IT and business transformation in the past few years, and I think the implementation of Cato and SSE 360 were huge building blocks that enabled us to do that. We have a lot of things on our roadmap and now I don’t need to waste my time managing individual firewalls and circuits. “
Today, Cherenson has a quarterly call with the Cato MDR team who audit Gordon Brothers’ Cato configuration and make suggestions about how to tighten security. “I feel like we really have security under control now. And we keep making it better as Cato continues to come out with new features.”