Case Study

Simplifying secure remote access at Wealden District Council

In brief

Customer

Wealden District Council

Industry

Local Government

Country

UK

Organisation Size

Supports 160,000+ residents

Partner

Softcat

Challenge

Enable hybrid workforce to deliver public services easily and securely from anywhere. Existing Cisco network security was complex and outmoded.

Solution

Palo Alto Networks® Network Security platform:
  • ML-Powered Next-Generation Firewalls
  • Cloud-Delivered Services including:
    Panorama®
    WildFire®
    Advanced Threat Prevention
    Advanced URL Filtering
  • Palo Alto Networks® AI-Powered SASE with Prisma® Access

Benefits

  • Provides highly resilient connectivity.
  • Significantly reduces bandwidth.
  • Delivers an intuitive user experience.
  • Improves visibility, monitoring and reporting.
  • Reduces security administration.
  • Eliminates connection-related help desk enquiries.
Introduction

A modern secure access service edge (SASE) remote connectivity strategy is transforming Wealden District Council’s hybrid working, making public services delivery faster, easier, and more secure.

CHALLENGE

Hybrid work makes network security more challenging

Wealden District Council is a local government district in East Sussex, England. Based in Hailsham, the district’s largest town, the Council supports more than 160,000 residents in a catchment area of 323 square miles.

Until recently, the Council relied on an alternative firewall and a secure mobility client as endpoint access tools to help its employees work from anywhere. However, over time, an increasing number of users became frustrated by the complex connectivity experience - and the IT team became concerned about the platform’s resilience and cybersecurity.

Robert Manktelow, Digital Services Network Architect at the Council explains: “The user experience was very coarse. People used multifactor authentication software to generate an access code. Remote maintenance and management were tricky too, as we could only access a device when its user was logged in.”

COVID-19 was the catalyst for change, with changes in working patterns exposing the flaws in the previous platform and prompting Robert and his team to reimagine the connectivity strategy.

"Once people returned to the office after the pandemic, we decided to act. We needed complete, unified visibility of network traffic across the hundreds of applications used by the Council, from housing and finance, to planning, and tourism. That way, we could control what people did with their devices and detect threats before they impacted the Council services."

– Robert Manktelow

Digital Services Network Architect
Wealden Council

SOLUTION

Easier, more-secure approach to connectivity

Wealden District Council undertook an extensive market test before choosing the ML-Powered Next-Generation Firewalls (NGFWs) and Prisma Access based on the integrated Zero Trust security, flexibility, and ease of use. Robert explains “Our goal was to create an easy and resilient connectivity experience. With Prisma Access, people can connect just as easily from home or a coffee shop as they can from the office.”

Working with the Palo Alto Networks reseller partner Softcat, this modern secure access service edge (SASE) platform gives the Council granular visibility of all applications and traffic – who the user is, where they are trying to go – coupled with best-in-class continuous security inspection. Robert comments, “If a user authenticates themselves but there is malware on their device, we can inspect that connection for vulnerabilities. It also inspects the tunnel for data loss, so we’re protected in both directions.”

The Council has an on-premises data centre, with the two ML-Powered NGFWs deployed in an active/passive, high availability configuration. A cloud-delivered service, Prisma Access secures users, apps, and data at cloud scale, making it easier and quicker to expand access to as many employees as is required. “In the unlikely event of a data centre outage, people can still work as normal. Our users would not be left unprotected. Everything is compliant with the Council’s policies,” says Robert. Having a unified security solution using Palo Alto Networks Strata Network Security platform also saves time and money through increased ease of use in manageability and policy control.

With budgets under rigorous scrutiny, Robert and his team knew the Palo Alto Networks SASE solution was the right choice. “We could have chosen something cheaper, but quality and resilience were our overriding considerations. We were confident Palo Alto Networks would give us the proven depth of security, usability, and support no other vendor could match. Other local authorities we spoke to shared their enthusiasm for Palo Alto Networks.”

BENEFITS

Modernising remote access at speed and scale

This SASE strategy is protecting Wealden District Council hybrid workforce with cloud-delivered Zero Trust Network Access (ZTNA) 2.0, unified security, and a fast, easy user experience. The benefits include that it:

  • Provides highly resilient connectivity: The platform protects the Council’s workforce with ZTNA 2.0 to secure both access and data, dramatically reducing the risk of a data breach.
  • Significantly reduces bandwidth: Users access the same agile performance for on-premises, cloud, and SaaS-based applications, with secure direct-to-app connectivity and ongoing traffic inspection.
  • Delivers intuitive user experience: Users experience much less friction, so they can stay productive whether they’re in the office, in a public space, or at home.
  • Improves visibility and reporting: The Council has complete, unified insight and control over all applications, whether it’s in finance, housing, or any other area. “We use the dashboard reporting to drill into traffic flows and monitor what the network is being used for, which includes some Netflix and gaming activity,” says Robert. “We can also troubleshoot configurations faster.”
  • Reduces security administration: The Council benefits from single-pane-of-glass visibility and management with the Strata platform, consistent policies, and shared data for all users and all apps. It also makes it simpler to safeguard and control remote access to critical systems and data.
  • Lowers help desk enquiries: Robert comments, “I can’t remember the last time we had a help desk call regarding connectivity problems.”
  • Lowers cost of operation: Although saving money wasn’t the driving force behind the decision, the Council is saving money on VPN licences, multifactor tokens and other processes. “We have the best platform to move into the future,” says Robert.

"The end-to-end implementation and support have been brilliant. The Palo Alto Networks team are incredibly responsive, taking control of problems and resolving them very quickly. I don’t think it could have gone much better."

– Robert Manktelow

Digital Services Network Architect
Wealden Council