A push for greater network visibility and global security standards drove Orbia, an $8.2 billion company that operates in more than 100 countries, to deploy secure access service edge (SASE) technology.
Visibility into network traffic across distributed locations would help Orbia minimize security risk, enable more control over global internet traffic, and provide secure access to cloud services. It would also help Andrea Foppiani, senior manager for global IT infrastructure and cloud security at Orbia, move the company closer to achieving its goal of zero-trust network access (ZTNA).
“We wanted to bring everybody under the same security and compliance standards, managing one global policy and adding visibility into all egress traffic from our networks toward internet services,” Foppiani explains. “There was definitely a big security risk reduction driver as well as portfolio optimization and financial opportunities to streamline and focus on strategic partners.”
Global security standards
Orbia has five business groups that manufacture advanced materials and specialty products in sectors including building and infrastructure, agriculture, and energy materials. Collectively, they’re focused on solving three global challenges: food and water security, decarbonization and the energy transition, and connectivity and information access.
Before settling on SASE, Orbia had multiple security solutions handling different functions such as security service edge (SSE), cloud access security broker (CASB), and more across its business groups. The company needed a standardized approach that would increase visibility and support centralized policy management for its global presence.
Foppiani kicked off a SASE evaluation process to tackle the disintegrated security systems, help Orbia reduce security risk, and enable consistent access for users across different locations.
“We started our ideation project around SASE in mid-2023, and at that point, we had seen opportunities to standardize a number of capabilities across endpoint security, email security, and network access across our organizations,” Foppiani says. “We realized we had way too many fragmented solutions, for example, handling SSE, CASB, secure web gateway [SWG], and so on.”
A key requirement was to be able to integrate the various security tools with Orbia’s existing infrastructure, such as SD-WAN, identity providers, and observability platforms, to gain a consolidated view of internet traffic and access patterns. Orbia wanted a provider with a truly global network presence with multiple points of presence, because relying on localized or regional security tools could result in visibility gaps for internet traffic originating from different locations.
Following an RFP process, Orbia decided on Netskope One, a converged security and network-as-a-service SASE platform that combines Netskope’s Intelligent SSE with its Borderless SD-WAN offering. Among the reasons Netskope stood apart from other vendors evaluated included Netskope’s ability to integrate well with Orbia’s existing SD-WAN strategy, which Foppiani says allowed for a more seamless transition. Gaining a global point of presence network —Netskope has POPs in 75+ regions—helped provide consistent access for users across different locations.
“What stood out was certainly the integration with our SD-WAN, and the ability for us to deploy at scale this integration across all of our environments, global points of presence, and the ability to have both agent and agentless private access,” Foppiani says. “With our cybersecurity observability pipeline, these were big factors that made us choose Netskope in the end.”
For instance, Netskope’s integration with Orbia’s cybersecurity observability pipeline enabled better visibility and threat detection across their environment. And the implementation of Netskope’s ZTNA capabilities helped Orbia secure access to its operational technology (OT) environment, which was also a key requirement for Foppiani. As a sustainable solutions company with a variety of manufacturing facilities around the world, Orbia needed to provide secure remote access to its OT environment.
“We need to ensure our global shield is effectively covering what we expect to protect,” Foppiani says.
Continuous security improvements
Orbia plans to keep gaining value from its Netskope investment.
“We have decided to pace this implementation to really extract value and operationalize each and every capability that makes up the whole secure service edge. It’s a continuous improvement,” Foppiani says.
Following the Netskope implementation, Orbia was able to measure quantifiable benefits in terms of risk reduction by using third-party validation tools before and after the Netskope deployment. The biggest benefits include Netskope’s ability to help Orbia consolidate its security tools, improve its overall security posture, and provide measurable risk reduction across its global operations.
“Our last stage in our journey is what I consider universal zero trust network access. That is the very last stage. Irrespective of where you are, you can apply zero trust network access principles, whether you are home or whether you are in your office or in a coffee shop, and your experience accessing your on-premises or cloud resources is exactly the same,” Foppiani says.
Source:: Network World