A modern secure access service edge (SASE) remote connectivity strategy is transforming Wealden District Council’s hybrid working, making public services delivery faster, easier, and more secure.
Hybrid work makes network security more challenging
Wealden District Council is a local government district in East Sussex, England. Based in Hailsham, the district’s largest town, the Council supports more than 160,000 residents in a catchment area of 323 square miles.
Until recently, the Council relied on an alternative firewall and a secure mobility client as endpoint access tools to help its employees work from anywhere. However, over time, an increasing number of users became frustrated by the complex connectivity experience - and the IT team became concerned about the platform’s resilience and cybersecurity.
Robert Manktelow, Digital Services Network Architect at the Council explains: “The user experience was very coarse. People used multifactor authentication software to generate an access code. Remote maintenance and management were tricky too, as we could only access a device when its user was logged in.”
COVID-19 was the catalyst for change, with changes in working patterns exposing the flaws in the previous platform and prompting Robert and his team to reimagine the connectivity strategy.
"Once people returned to the office after the pandemic, we decided to act. We needed complete, unified visibility of network traffic across the hundreds of applications used by the Council, from housing and finance, to planning, and tourism. That way, we could control what people did with their devices and detect threats before they impacted the Council services."
– Robert Manktelow
Digital Services Network Architect
Wealden Council
Easier, more-secure approach to connectivity
Wealden District Council undertook an extensive market test before choosing the ML-Powered Next-Generation Firewalls (NGFWs) and Prisma Access based on the integrated Zero Trust security, flexibility, and ease of use. Robert explains “Our goal was to create an easy and resilient connectivity experience. With Prisma Access, people can connect just as easily from home or a coffee shop as they can from the office.”
Working with the Palo Alto Networks reseller partner Softcat, this modern secure access service edge (SASE) platform gives the Council granular visibility of all applications and traffic – who the user is, where they are trying to go – coupled with best-in-class continuous security inspection. Robert comments, “If a user authenticates themselves but there is malware on their device, we can inspect that connection for vulnerabilities. It also inspects the tunnel for data loss, so we’re protected in both directions.”
The Council has an on-premises data centre, with the two ML-Powered NGFWs deployed in an active/passive, high availability configuration. A cloud-delivered service, Prisma Access secures users, apps, and data at cloud scale, making it easier and quicker to expand access to as many employees as is required. “In the unlikely event of a data centre outage, people can still work as normal. Our users would not be left unprotected. Everything is compliant with the Council’s policies,” says Robert. Having a unified security solution using Palo Alto Networks Strata Network Security platform also saves time and money through increased ease of use in manageability and policy control.
With budgets under rigorous scrutiny, Robert and his team knew the Palo Alto Networks SASE solution was the right choice. “We could have chosen something cheaper, but quality and resilience were our overriding considerations. We were confident Palo Alto Networks would give us the proven depth of security, usability, and support no other vendor could match. Other local authorities we spoke to shared their enthusiasm for Palo Alto Networks.”
Modernising remote access at speed and scale
This SASE strategy is protecting Wealden District Council hybrid workforce with cloud-delivered Zero Trust Network Access (ZTNA) 2.0, unified security, and a fast, easy user experience. The benefits include that it:
- Provides highly resilient connectivity: The platform protects the Council’s workforce with ZTNA 2.0 to secure both access and data, dramatically reducing the risk of a data breach.
- Significantly reduces bandwidth: Users access the same agile performance for on-premises, cloud, and SaaS-based applications, with secure direct-to-app connectivity and ongoing traffic inspection.
- Delivers intuitive user experience: Users experience much less friction, so they can stay productive whether they’re in the office, in a public space, or at home.
- Improves visibility and reporting: The Council has complete, unified insight and control over all applications, whether it’s in finance, housing, or any other area. “We use the dashboard reporting to drill into traffic flows and monitor what the network is being used for, which includes some Netflix and gaming activity,” says Robert. “We can also troubleshoot configurations faster.”
- Reduces security administration: The Council benefits from single-pane-of-glass visibility and management with the Strata platform, consistent policies, and shared data for all users and all apps. It also makes it simpler to safeguard and control remote access to critical systems and data.
- Lowers help desk enquiries: Robert comments, “I can’t remember the last time we had a help desk call regarding connectivity problems.”
- Lowers cost of operation: Although saving money wasn’t the driving force behind the decision, the Council is saving money on VPN licences, multifactor tokens and other processes. “We have the best platform to move into the future,” says Robert.
"The end-to-end implementation and support have been brilliant. The Palo Alto Networks team are incredibly responsive, taking control of problems and resolving them very quickly. I don’t think it could have gone much better."
– Robert Manktelow
Digital Services Network Architect
Wealden Council