Central Government Department saves £1 million in efficiencies with simple, secure, connected cybersecurity

This Central Government Department faces many digital challenges – reducing complexity, increasing agility, ensuring compliance, and enhancing availability, to name but a few – and all with restricted central government funding.

Connected Palo Alto Networks platforms target all of these challenges. By simplifying security for more than 10,000 people and devices, the Department is better positioned to deliver secure, change-ready services to citizens. Network-related helpdesk enquiries have dropped by 50%; connectivity performance has been transformed; and the overall network refresh has saved the Department close to £1 million by eliminating redundant devices and circuits and associated maintenance.

Until recently, the Department was relying on a complex mix of different on-premises/cloud network security tools – including Palo Alto Networks ML-Powered Next-Generation Firewalls (NGFWs) – to stay ahead of threats. Over time however, the environment became tangled and complex. Multiple sites were added, each with a unique configuration, to the extent that multiple offices in a capital city and several other locations around the nation required separate, time-consuming network security administration.

“Complexity is the enemy of security,” says the Head of Networks at the Department. “We had defence in depth, but it was a hairball of complexity. There were four different brands of on-premises and cloud firewalls, for example. Each needed to be managed manually and if an incident occurred, it took a while to detect the source of the threat.”

When Covid struck and almost 10,000 users moved to hybrid working, the Department was one of only a handful able to continue working without impact. However, the experience allowed the team to identify ways to further optimise the network service. It also illustrated opportunities to reduce technical/legacy debt and ongoing costs. According to the Head of Networks, “The helpdesk had up to 60 networking enquiries per week, with people needing support on issues such as adapting firewall rules or connectivity to certain services..”

An expert team from the Department defined the architecture and worked with Palo Alto Networks to implement a secure, simple, more cost-efficient approach to cybersecurity. “The platform approach to security resonated with us. It allowed the Department to unify security around one best-in-class partner, using a connected suite of tools to safeguard our environment at less risk and lower cost,” says the Head of Networks.

Having created the initial high-level design, the Department team partnered with Palo Alto Networks to deploy Prisma Access, connecting to the cloud and securing inbound traffic from the internet for all the users and offices. This enabled the Department to protect applications at all sites with a highly-efficient single pane of glass.

This Zero Trust secure access combines least-privileged access with continuous trust verification and ongoing security inspection to protect all users, devices, apps, and data everywhere – all from one unified product.

The Head of Networks comments, “Centralised management gives us complete visibility and streamlined administration. Change management is radically different too – we make one change and it executes on all the firewalls.”

While the team anticipated three months of implementation teething, the deployment was concluded in just three weeks. A Resident Engineer is now stationed at the Department to support the project. “From planning and development to execution and ongoing services, Palo Alto Networks understood our objectives, collaborated professionally, and transferred knowledge quickly and easily,” the Head of Networks comments.

This resilient, modern platform strategy securely connects more than 10,000 people to resources in support of hybrid working.

The benefits include:

• Better, more secure working: By safeguarding data, people, and devices, the Department is better positioned to deliver modern, agile services. For example, by providing discrete IP addresses, which are mandated by certain sensitive areas.
• Reduced helpdesk enquiries: By eliminating complexity, fewer people are contacting the helpdesk. The Head of Networks estimates that enquiries have dropped by 50% following the introduction of Prisma Access and other associated technology initiatives.
• Improved connectivity performance: Fewer ‘hops’ and a shorter datapath have improved connectivity performance. “Prisma Access shaved 40 milliseconds from each transaction. Many people have commented on the improved user experience and the fact that connections are faster.”
• Increased efficiency: The Head of Networks estimates that the entire network refresh has saved the Department close to £1 million. For example, costs have been reduced by eliminating licensing and maintenance charges on the redundant firewalls and MPLS network.
• Enhanced environmental responsibility: By removing redundant technology, the Department is saving approximately more than 230 metric tons of carbon each year.
• Improved team experience: The modern Prisma Access platform, AI-driven security automation, unified dashboards, and other factors enable the Network team to focus on more rewarding strategic tasks rather than firefighting mundane technical issues. This cascades into an improved IT team experience and job satisfaction.
• Increased workplace flexibility: The Department can more easily host other central government tenants in its property portfolio, managing their connectivity. This supports the Government Property Agency strategy to reshape the relationships civil servants have with their place of work.