The Australian non-profit is a community service organization that helps people regain their independence. More than 3,500 staff members work across Australia on initiatives that include affordable housing, reducing homelessness, early learning and youth services, family support, employment, and skills development.
Securing the Azure Cloud
Moving mission-critical applications to the cloud can be a major undertaking for even large enterprises. For a non-profit with a lean IT team, moving applications and data to the cloud and securing them was essential to its goals. The non-profit’s Architecture and Engineering teams had launched the first phase of a cloud-based project designed to improve access to the organization’s CRM application. Much of the CRM data is sensitive, relating specifically to the organization’s clients.
“We’re moving to the cloud to give our staff improved accessibility to the applications they need,” said the Infrastructure Architect at the Australian non-profit.“ As we implement our cloud strategy, we also need to build security around users, instead of devices, to better protect data.”
The non-profit chose Microsoft Azure, an enterprise-grade offering for its cloud computing infrastructure and wanted to implement the highest level of security possible to protect applications and data. The team looked for a security solution that delivered intelligence, simplicity, and manageability. According to the architect, the traditional approach of the Microsoft cloud using the built-in controls of port groups and static firewall rules was just not sustainable over time for the small IT team. The organization also needed scalability with cost-effectiveness.
Finding Check Point CloudGuard Network Security for Microsoft Azure
“The standard Microsoft approach didn’t work for our security approach,” said the architect. “We wanted a smart firewall with high availability deployed between the Internet and our servers. We didn’t want our servers accessible directly on the Internet.”
As the team researched the firewall vendor landscape, they found that some of the firewall vendors didn’t have offerings for Azure. Others couldn’t provide supporting information about how to integrate with Azure. Still, others either lacked experience being new to the security industry. When they discovered the Check Point CloudGuard Network Security (CGNS) for Microsoft Azure solution, it caught the team’s attention.
“I had worked with Check Point products in the past, and our network architect was familiar with Check Point,” the architect said. “The brand familiarity gave us confidence, so we began testing the solution and that’s what we chose.”
Check Point CloudGuard Network Security for Microsoft Azure extends security to the Azure cloud infrastructure with the full range of protections delivered by Check Point’s industry-leading threat prevention architecture. CloudGuard Network Security for Microsoft Azure prevents network attacks and data breaches while enabling secure connectivity to Azure public cloud environments. As the team began to deploy Check Point, they quickly realized that they had to change their application design, because of the way Azure works.
“We were pushing the envelope in Australia by deploying in Azure,” the architect explained. “Very few organizations had deployed both internal and public-facing services in Azure, especially with a security appliance deployed in the middle. That integration was challenging, blazing a new trail with little reference deployments or knowledge to draw upon as no one had done it before.”
A Significant First
The Check Point team answered the customer challenge, working closely with the Australian non-profit’s team to help adapt their application design. As the implementation progressed, the Check Point team brought in assistance from the global organization and the non-profit team fed its discoveries back to Check Point. The result was a solid implementation that secures the Australian non-profit’s cloud-based assets without exposing its servers on the Internet.
“The Check Point team was eager to work with us,” said the architect. “Deploying applications in Azure isn’t common in Australia, and it was our first deployment experience with Azure. Check Point helped us address the complexities around security, routing, and load balancing in Azure. Their support was fantastic.”
One of the non-profit’s goals was to have deeper visibility into traffic within Azure. The team wanted to be able to identify traffic with application level granularity, secure it within Azure, and generate reports from within the Azure environment. Check Point Smart Management software consolidates monitoring, logging, and reporting across the Azure cloud and consolidates it with data from the non-profit’s on-premises network. Intelligent management gives the IT team the ability to consistently deliver the right level of protection across its cloud and on-premises networks.
“The Check Point SmartEvents software made security events and network flows much easier to manage,” the architect said. “Check Point monitoring and logs provides greater visibility than data from Azure alone. The visibility we get is fantastic.”
High Availability for Always-On Protection
The Australian non-profit’s Azure deployment spans two geographical zones. Check Point CloudGuard Network Security for Azure is mirrored in all locations, giving the organization assurance of high availability as needed. The architect says that high availability—without complexity—makes a big difference for the IT team, knowing that users always have access to the applications and data they need.
Peace of Mind
The non-profit achieved its goal of building security centered around users. With Check Point CloudGuard Network Security for Azure, the IT team enables users to be secure everywhere, on any device. And they do it with minimal management or intervention.
“Most days I don’t even look at Check Point,” said the architect. “We’re very clear about what we allow and what we don’t allow. I have peace of mind knowing that Check Point doesn’t allow in the traffic that we don’t want, and it logs all activity. We’re confident about our ability to secure our users now.”
The Australian non-profit completed the first phase of launching its dynamic CRM application securely in Azure. The next step is to expand the CRM deployment to a much larger group of users and to begin deploying other services in Azure. As the organization builds out its cloud, Check Point CloudGuard Network Security for Azure grows with it.
“Check Point CloudGuard Network Security and Check Point implementation assistance saved us 100-120 hours of configuration time,” said the architect. “And it will continue saving us significant time as our Azure network evolves, because we can easily adapt Check Point with it. We’re planning a second data center where we will confidently deploy services going forward in a secure, manageable way.”