Client story Leading Retail Real Estate Company Implements Role Based Access Control (RBAC) and Time-Saving Security Automation
By Insight Editor / 22 Mar 2019 / Topics: Automation Networking Cybersecurity Intelligent edge
Client
The client is one of the largest retail real estate companies in the U.S., with more than 160 properties in 42 states and approximately 1,800 employees. The company has annual revenue of over $2 billion.
Industry: Real estate
Challenge
Gain complete visibility into network devices, policy and ultimately enforce security controls for compliance after a recent merger.
Outcomes
After automating their security, this business saves over 1,000 hours of security management annually.
Solutions: Automation, Cybersecurity, Intelligent edge, Networking
The client had recently completed a merger. In the process, IT recognized that it didn’t have a clear and complete understanding of what devices were on its network, what devices should be allowed on its network and what security was in place. The company needed structured policies from the top down that provided for consistent standards and security across the enterprise.
The client chose to work with us based on our knowledge and experience with ClearPass as well as with the multi-vendor network infrastructure platforms already in place, including Cisco® switches, Aruba wireless controllers, as well as MerakiTM switches and wireless access points.
We began the engagement by conducting a security strategy workshop that helped the client and our team understand how best to enhance security on the client's wired and wireless networks. After all requirements and use cases were identified, the client’s existing resources and the Aruba Networks ClearPass Policy Manager were integrated and used to develop the configuration for the RBAC solution.
Once that configuration was finalized and agreed upon, it was deployed in a live production environment as a pilot to prove its validity and answer key questions, namely:
- Would the ClearPass solution achieve the desired level of network segmentation?
- Would the organization see ClearPass as a beneficial and manageable solution?
- Would having ClearPass installed and working within the network convince the client that it was a good fit for their environment as well as their organization?
The answer to all three was, “Yes.”
Following the two proof of concept (POC) exercises, the system was implemented in seven locations served by data centers in Chicago and Raleigh, North Carolina. The solution hardened the networks and allowed for the securing of IoT devices such as video kiosks, network cameras, and Wi-Fi access points that had not be trusted in the past. Designed to accommodate 50,000 endpoints, the new infrastructure can easily be scaled up to 100,000 endpoints with full physical and geographical redundancy.
The benefits: Enhanced security and significant time-savings through automated configuration of access layer devices
Using an Insight developed scripted discovery process, we saved more than 1,000 hours on the initial deployment of our solution. With ClearPass and wireless and wired 802.1X/MAC-Auth in place, the client now has enhanced network security and a high degree of automation in their environment. By implementing security at the access layer, the organization can authenticate and enforce access rights on any approved and sanctioned device on their network while preventing access by rogue devices.
The solution also allows for the automated configuration of access layer devices such as switches and wireless controllers when a device attempts to access the network. This dynamic authentication, profiling and access permission assignment capability will save the client over 620 labor hours annually. This will free personnel previously tasked with making manual changes to the environment when devices moved or new devices were introduced across their vast infrastructure.
The success of the POC and initial deployments has paved the way for implementing the solution at the remainder of the client’s 175 properties. It has also created a process for quickly securing any properties acquired in the future.
