Build an in-house security infrastructure to standardize and protect the company and its clients while assimilating new company acquisitions and their legacy systems – all while meeting an SLA of 99.999 percent uptime.
Palo Alto Networks Next-Generation Security Platform provides ACI Specialty Benefits with the agility to rapidly scale its business while preventing threats to the company’s growing volume of users and clients.
URL Filtering, GlobalProtect, WildFire, Panorama
ACI Specialty Benefits offers best-in-class benefit solutions to engage the new workforce and drive business performance. A top-ranked, global provider of Employee Assistance Programs, Student Assistance Programs, Work-Life Benefits and Corporate Concierge, ACI consistently helps customers achieve Healthiest Workplace awards and Best Place to Work rankings as well as improve engagement, retention, productivity and performance. Founded in 1983 and headquartered in San Diego, ACI has grown to international prominence with a 95 percent customer retention rate and 12 million lives covered.
ACI Specialty Benefits, a SaaS provider of employee benefit programs, has grown rapidly in recent years, due in part to the acquisition of smaller companies. Although terrific for customers seeking solutions for healthier, more productive global workforces from a single provider, these acquisitions presented significant IT challenges.
It's a common theme: newly acquired systems and assets must be quickly assimilated for rapid delivery of new services, yet ACI's technology team finds itself inheriting disparate legacy systems to secure. For ACI, lack of visibility into the growing ecosystem posed new threats and rising risk levels. The company's technology team knew it had to improve security while managing costs and administrative load. The comprehensive functionality of Palo Alto Networks® Next-Generation Security Platform, with the advanced detection and prevention capabilities of WildFire® cloud-based threat analysis service, delivered everything the company needed. Now, Panorama™ network security management enables ACI's technology team to centrally manage the company's firewalls while quickly deploying uniform polices to all devices with the push of a button. GlobalProtect™ network security for endpoints protects mobile users and delivers operational efficiencies, allowing ACI's technology team to onboard 50 percent more mobile devices.
Driving Enterprise Security at Scale
ACI Specialty Benefits learned an interesting lesson as it grew rapidly through acquisition of new firms: too much and too little are essentially the same problem. The variable in this case is visibility. As ACI grew rapidly through the acquisition of niche companies in the employee well-being and corporate concierge space, ACI's technology team found that monitoring all the activity across systems was not just overwhelming – it wasn't meaningful.
"The technology team needed visibility into ACI's whole enterprise, including newly acquired systems and users, but we needed the right visibility," says Ryan Fay, global chief information officer. "The technology team had no way to see only what was needed, and it was limiting the ability to scale securely while continuing to deliver a great user experience."
ACI's mission is to help companies and employees thrive by providing total well-being benefits. By delivering a range of employee benefit programs, such as Employee Assistance, Student Assistance, Work-Life Benefits and Corporate Concierge, ACI helps companies mitigate mental and emotional health issues in the workplace, reduce work-life stress and support the diverse needs of the modern workforce. With a global customer base of companies that are also growing quickly, ACI handles about three petabytes of incoming data per month. ACI's technology team needed a way to quickly isolate threats and ensure security without getting overwhelmed or mired in tasks not focused on ACI's core business.
ACI evaluated several vendors in search of the next-generation security it needed to scale and continue to grow, while supporting the growth of its fast-moving, global client base. The choice to use a vendor with subscription services was easy.
With new users constantly coming into its environment, ACI needed a way to increase IT's application awareness. Panorama delivers visibility into applications and user identity, affording Fay's team increased agility.
"ACI's technology team uses multi-level device groups and can now segment by user audience and/or geography," Fay explains. "We have been able to create a template that gives us an easy, intuitive way to import rules into the next-generation firewalls. That also makes it easy to export them for further analysis when needed."
Palo Alto Networks Next-Generation Security Platform has increased his team's efficiency and reach in several ways, notes Fay. They've improved network speed by 40 percent and safely enabled numerous types of apps for different networks and servers.
"With increased insight into what users are doing on their devices, ACI's technology team could see just how much bandwidth employees were consuming listening to YouTube, Spotify, Pandora and the like," says Fay. "By consolidating and moving that to its own server, ACI has increased mission-critical network bandwidth and can better manage the performance of the most important applications."
Dramatic Efficiencies: Doing More With Less
A simplified network and increased efficiencies are more than "nice-to-haves" in today's environment. The ever-present mandate for IT organizations seems to be to do more with less – and Palo Alto Networks has helped ACI Specialty Benefits do that – but it's about more than the cost and time savings. Today, it's part of being secure.
"As has been reported in the news lately, cyber breaches are happening at an alarming rate, and continue to challenge most businesses and industries. This is due to many factors, including lack of employee training and inattention to technology fundamentals," says Fay. "Lack of or insufficient training, which is challenging given the myriad technologies and rapid release cycles happening today, leaves employees vulnerable to routine mistakes and oversights. So ‘simple to use' matters more than ever."
The Next-Generation Security Platform, coupled with daily training, has enabled ACI to stay ahead of the curve while doing the impossible: keeping customer data secure while making benefits easily accessible worldwide 24/7, year-round.
Fay's team has been able to effectively use the Next-Generation Security Platform with very little training and can boast some significant gains: they are 40 percent faster at getting apps out to users, and costs are down at least 20 percent due to device consolidation and reduced network administration.
Overall, Fay estimates a 40 percent ROI from the company's Palo Alto Networks investment to date. "Palo Alto Networks has been a real game-changer for ACI," he adds.
With the provided scripts and intuitive graphical user interface, implementation was fast, easy and free of issues. Fay's team was able to install and deploy the firewalls over a weekend and meet the company's SLA of 99.999 percent uptime.
Serving the Modern Workforce
Today's workforce is mobile, and ACI's global clients need employee benefit programs delivered safely to a growing array of devices – including wearables and mobile phones – while maintaining HIPAA compliance and a great user experience.
Fay says ACI has been able to lower its overall cost of service delivery by 20 percent and, thanks to GlobalProtect and WildFire, accommodate 50 percent more BYOD endpoints in its clients' workforces.
"This increased capacity is critical to ACI's business. The technology team has been able to handle far more devices without incurring more IT overhead," says Fay. "Before ACI had GlobalProtect, the team had to manually onboard devices, and it was not sustainable. One of ACI's major competitive advantages is offering 24/7/365 access to employee benefits and services from any location, across any device, and ACI's continuing value lies in the ability to collect data from those devices while managing costs and workload."
GlobalProtect is especially valuable in this regard, adds Fay, as it enables ACI to extend security policy to all users in a consistent manner regardless of location or device type, such as by running an SSL VPN gateway on the firewall, with User-ID™ and App-ID™ technology automatically extended to all internet traffic.
"With Palo Alto Networks as part of the team, my employees can focus far less on technology and more on ACI's business and customers," says Fay.
Helping Out in Times of Crisis: The Hurricane Harvey Disaster
The increased visibility afforded by the Next-Generation Security Platform was a lifesaver – almost literally – when Hurricane Harvey hit Houston. More than 700 ACI clients were directly affected, with one reporting that 30 percent of its employees had lost their homes. Thanks to GlobalProtect, ACI could safely onboard and manage its clients' systems to spare them business disruption.
"In times of crisis, it's critical that ACI provide rapid response and support to all clients impacted," says Fay. "With GlobalProtect and WildFire, ACI could ensure there wouldn't be any malware or CryptoLocker viruses as ACI continued to service clients and provide assistance during the disaster."
WildFire Delivers Quick Root Cause Analysis
"ACI can rely on Palo Alto Networks to be on top of threats in its environment, because it picks up on and looks at such a wide range of activity," Fay says. "WildFire gives ACI's technology team great, actionable information, so it's easy when we want to show a clear picture to management, and it runs right on its Palo Alto Networks firewalls, giving us early warning when and where we need it. I would say the technology team has reduced the number of threats in ACI's environment by at least 20 percent."
Choosing a Partner: Why Palo Alto Networks Won
ACI evaluated the usual suspects, including Fortinet® and FireEye®, among others. Ultimately, selecting Palo Alto Networks next-generation firewalls, along with URL Filtering, Threat Prevention, WildFire, GlobalProtect and Panorama, was about more than just solid technology.
"Palo Alto Networks really had the full package in terms of the overall vendor relationship," says Fay. "They excel at socializing customers, so ACI's technology team is always in touch with the latest knowledge. Also, they showed ACI a really solid roadmap. At the rate of changing security threats out there today, ACI needed a forward-thinking partner – one that had a full stack today and a strategy for the future."
ACI issued a proof of concept for competing vendors. The way GlobalProtect and WildFire could inform the company of threats in multiple geographies was a key selling point.
"It was clear the Palo Alto Networks platform had the best overall capacity," says Fay. "WildFire is a vital component of ACI's platform today. With its machine learning and static and dynamic analysis, including the capability to run evasive malware on bare metal, it helps ACI get beyond the constraints of some of the legacy systems the technology team deals with from the acquisitions."
Overall, Palo Alto Networks has helped ACI become even better prepared to meet the changing needs of today's global workforce.
"The technology team can see exactly what's happening in all of ACI's data centers. ACI can now deliver high-quality, secure and compliant employee benefit programs at scale, while avoiding the cost and complexity of managing them in-house," says Fay.