case study As the place where all legislation governing New South Wales originates, NSW Parliament has more than your basic obligations when it comes to ensuring the security of its data. But how can a small government department, with just five network staff looking after a main office and network of 94 branch offices spread across the country, ever hope to keep up?
This question came into pointed reality when NSW Parliament began moving from its previous Frame Relay based wide area network (WAN), which linked the offices in a state-wide mesh, to embrace faster and less expensive DSL-class broadband services provided through the NSW Government's own broadband network.
NSW Parliament House, Sydney.
Courtesy of NSW Parliament.
Moving away from the managed Frame Relay environment meant that the organisation could no longer rely on the good graces of Telstra's security measures to manage security on its network, and hiring additional security-trained consultants was simply too expensive.
In addition, network staff wanted to extend the security infrastructure inside the organisation's network to protect against internal as well as external threats. To meet governance objectives, the team was also eager to get more control over the relationship between their internal network configuration and that of the WAN -- and this had been out of their hands in the past.
-We were moving from an environment that was totally carrier owned, and one of the biggest issues we had was the lack of visibility across the routers," says network manager Neil Dammerel. -We were more or less depending on the carrier's level of security, and we felt quite exposed in that all these offices didn't have onsite support services. We took this opportunity to move into a situation where the carrier just owns the lines themselves."
The solution, as the department made public recently, was to enlist the help of earthwave, a managed security services (MSS) provider that has spent the last year managing 14 different security-related components of NSW Parliament's network. These services range from a managed firewall, intrusion detection and prevention, virtual private network (VPN), mail and Web filtering to vulnerability management, managed two-factor authentication, and managed vulnerability remediation.
These services are delivered using a range of integrated Cisco Systems self-defending network technologies -- including Catalyst 6500 series switches; 800, 1800 and 3600 series routers; 4200 series IPS sensors; 5500 series adaptive security appliances; intrusion prevention; VPN; firewall and secure access control servers.
Because they're designed to work with each other, the Cisco devices are already highly integrated. However, they require constant monitoring -- something for which NSW Parliament simply doesn't have the budget, resources or manpower.
This is a common problem, particularly within small organisations, which is why Dammerel appreciates the fact that earthwave's MSS offering also includes 24x7 monitoring by security trained professionals.
That team includes 14 background-checked, "Highly Protected" cleared staff -- the type of people whose six-figure salaries and extensive training requirements make them untenable for most organisations. The entire earthwave operation is also certified, with AS/NZS17799 and ASIOT4 Certified Security Operations certifications giving earthwave the methodologies and capabilities to work with NSW Parliament to provide a robust, guaranteed level of security.
Nine months after full go-live, Dammerel says, the move to the new infrastructure has produced a robust security model that has significantly increased the overall reliability and configurability of the organisation's WAN environment.
Quick response, regular reporting and rapid analysis of any security alerts ensures that earthwave staff can resolve any issues quickly and without reliance on busy NSW Parliament staff -- unless they need or want to be involved. An online Web portal, which contains a range of status information, event correlation and reporting tools, allows NSW Parliament staff to be as involved or hands-off as they want.
-The only outages we have now are related to carrier issues," he explains. -We don't have network integration type errors to bring our network down, and we're able to manage network upgrades [centrally]. Now that the overall infrastructure is in place, we can focus on looking at ways to increase the bandwidth and improve the actual wide area communications."