Case Study – The Educational Institution
The client in question is an educational institution comprised of staff and students, with a mixed usage profile demographic of over 1000 unique users.
During the timeframe covered by Adept’s investigations, the client had experienced several changes which affected their firewall services:
- Increased security requirements due to the addition of an on-site wireless network (a Bring Your Own Device shift can increase the amount of users by at least 1.5 to 2 times)
- A large expansion of intranet traffic caused by the rise in internal network communications and servers
- Expansion of Internet bandwidth, resulting in much larger data volumes for the firewall services to manage
- Ever-increasing numbers of Internet-capable devices (mobile phones, tablets and laptops) used by the client’s personnel and student complements
When these factors were coupled to a proactive approach towards expansion and capacity planning, it became clear that the client’s firewall services in their current form could potentially turn into a liability within less than 3 years.
Further investigation, including a set of comprehensive audit resolutions attended to by Adept, prompted a full review and optimisation of the client’s firewall services. Over a staggered period of time, each change and optimisation to the firewall services was implemented, until the client was satisfied that their system was optimal, and hardware limitations became the sole limiting factor to further improvement.
Turning a Process Into a Solution
The case above highlighted the requirement for a niche product, in the form of an all-encompassing managed firewall service, built for universal application and customisable to every client’s needs. The product would be available in varying iterations, to cater to all needs within the business spectrum.
Using insights gleaned from this and other cases, and with industry-specific best practises in mind, Adept’s solutions architects devised a plan to create an offering matching these specifications.
A comprehensive solution encompasses a minimum set of specifications, and firewall services are no exception. Given the wide scope that these products are meant to work in, the key elements that were considered are summarised below.
A system that operates on security concerns should be actively monitored. Managed Firewall products should include active monitoring capabilities, with options for multiple items to be monitored, triggered and trended.
All Firewall Management products would enjoy support from dedicated personnel, the availability of up-to-date patching and support structures based on proactive monitoring.
The argument for manages services includes a mandate for priority engagement as well as delivery, in order to facilitate Enterprise-level support as is likely necessary for high-end requirements.
All clients with Firewall Management services would thus be entitled to priority support, regardless of which package is selected. This means that a service provider would prioritise requests from these clients over clients without managed services portfolios. Furthermore, since a large proportion of managed services suffer from a lack of constant communication, an ideal provider would offer feedback not just when issues arise, but to confirm everything is in working order as well as offer optimisation information.
To ensure as broad an implementation capability as possible for potential clients who are already making use of their own firewalls, the Firewall Management products and associated services should be designed to be compatible with industry-leading vendors’ firewalls.
Currently, models from the following device types are supported:
- Linux-based (IPtables)
- Mikrotik (RouterOS)
- Cisco ASA
Service Level Agreement
A managed service at business level benefits from a well-structured SLA. Having such an agreement clearly defines the scope and responsibilities of the relationship to all parties. In addition, it sets out the performance and communication parameters which form an integral part of service delivery.
Firewall management is an integral component of any firewall solution. Based upon our findings and subsequent testing, we have taken the initiative and successfully “productised” the Firewall Management niche into a set of viable solution options. We are confident that all requirements are addressed across the product range and that our solutions are in line with evolving industry best practises and standards.
Our experiences with this and other practical case studies have resulted in a more formal approach to problem-based innovation, taking each case on its own merits and difficulties, while using information from all available instances to ensure a more diverse and flexible offering. In the applied environment, the Firewall Management service’s primary aim will be to promote far less downtime, the bane of any client’s network edge.