Gas South is a leading provider of natural gas. It serves more than 300,000 residential, business, and governmental customers in Georgia, Florida, North and South Carolina. Gas South offers simple and competitively priced rate plans, outstanding local customer service, and a promise to give back 5% of its profits to help children in need. Since 2016, Gas South has been recognized as one of the “Top Workplaces in Atlanta” by the Atlanta Journal-Constitution.
Ensuring Cloud Access for Business Continuity
In 2016, Gas South migrated its previously outsourced IT infrastructure to Microsoft. It chose Office 365 as its new email platform, created its own Active Directory domain, and migrated its server infrastructure to Azure. Soon, many business-critical applications and DevOps functions were running in Azure. The decision to use Azure as a virtual data center gave Gas South more agility and scalability. It also presented the IT team with a
The on-premises data center was still an essential link between users and Azure-hosted applications. Users connected via an on-premises Check Point Next Generation Firewall with IPSec VPN links. However, if the data center became inaccessible due to a storm or disaster, or the building lost power, no one could access business-critical applications in the cloud. Unfortunately, power outages have been a recurring problem from fiber cuts that happen during numerous construction projects in the vicinity.
“We’ve suffered several outages from connectivity providers’ fiber cables being cut,” said Rajiv Thomas, Senior Systems Engineer for Gas South. “Whenever that happened, we had zero access and no visibility into our Azure cloud deployment. An outage disrupts customer service, sales, and online operations.”
Even without construction activity, data center outages are common. The Uptime Institute Ninth Annual Data Center Industry Survey 2019 found that 34% of data centers surveyed suffered an outage or serious service degradation in the past year—many with serious financial consequences. Ten percent (10%) of all respondents said that their most recent significant outage cost more than $1 million. The Uptime Survey also reports that half of those using public clouds for mission-critical applications said they do not have adequate visibility into their assets.
Seeking the Secure Link
One option was to establish a public Internet connection to the Azure cloud, but that would significantly increase risk and complicate regulatory compliance. Seeking private access, Gas South chose to implement Azure Express Route, a virtual private connection to ensure confidential access to their data as well as enhance reliability and lower latency.
While the team had private access, they still had the traditional cloud security risks and needed a security complement. The IT team tried a Microsoft solution to secure and protect cloud access, but it was not adequate for Gas South’s complex network. Next, they tried a third-party appliance in Azure for the solution, which didn’t work either. When Thomas learned about Check Point CloudGuard Network Security, he immediately knew it would be the right solution.
“We quickly arranged a POC with Check Point,” said Thomas. “The setup and configuration were so simple that we had the POC up and running in three days. The POC confirmed our choice, and we put it into production.”
Check Point CloudGuard Network Security delivers advanced, multi-layered security for Azure environments, protecting assets in the cloud from attack while providing secure connectivity between the enterprise network and the company’s Azure deployment. CloudGuard Network Security delivers fully integrated security protections, including firewall, Intrusion Prevention System (IPS), antivirus, and anti-bot defenses against unauthorized access and malicious network attacks. The IPSec VPN blade allows secure connectivity over a dedicated and encrypted tunnel between Azure Virtual Networks (vNETs) and the enterprise network. With built-in remote access capabilities, users now can connect to Azure via an SSL-encrypted connection, two-factor authentication, and device pairing. The CloudGuard ID Awareness blade helps ensure that only authorized users can access services.
Gas South’s assets are secured in the cloud with elastic scalability and high availability through CloudGuard Network Security’s native integration with Azure. CloudGuard also simplifies security management and policy enforcement across the enterprise data center and the Azure deployment.
Business as Usual
“Check Point CloudGuard Network Security has been a saving grace for Gas South,” said Thomas. “It is the only solution that gives us stable, complete access to our critical applications and services in Azure. Our users now can work anywhere, in spite of an outage.”
As an example, Gas South’s commodity traders conduct live trading on gas trading websites. These sites filter traders’ IP addresses to authenticate users. Gas South traders must be physically onsite to do their work—trying to log into these sites remotely through an ISP appears to come from an unauthorized IP address and users are thus denied access. In one outage, the data center lost power and trading operations ceased. When Thomas and his team received the call, he was able to quickly provide them with authorized access through CloudGuard Network Security.
“Thanks to the CloudGuard Network Security integration with Active Directory, each user has only one ID and password,” said Thomas. “We quickly had them log into the cloud and everything worked perfectly.”
Agile, authorized access through CloudGuard Network Security has greatly increased uptime for many groups within Gas South. In one incident, an air conditioning system in the data center failed, causing the data center to overheat and shut down. Immediately, users were logged into applications through CloudGuard Network Security and there were no complaints.
“When you have a basic understanding of security, the CloudGuard solution is so easy to deploy and use,” said Thomas. “We have a fully functional firewall with the added value of secure remote access and secure VPNs to vendors’ sites hosting mission-critical applications.”
Seeing Clearly in the Cloud
Through Check Point R80 Unified Security Management, Thomas and his team now have clear visibility into their assets and traffic activity in Azure. They can view inbound connections, see traffic sources, and know how connections and assets are being used and by whom. This visibility increased overall security, enabling Thomas to blacklist specific IP address ranges and malicious URLs.
An Even Better Place to Work
Check Point CloudGuard Network Security has even enhanced the company’s reputation as a great place to work. With the ability to access systems remotely, the company allows its customer care agents to work from home one day a week. And when winter ice storms shut down roads, agents can continue to serve customers without interruption.
“Our employees are most important to us,” said Thomas. “Every person is needed for the team to deliver outstanding service. Being able to offer a flexible work-from-home day isn’t typically within the realm of a typical security solution, but Check Point CloudGuard Network Security isn’t typical.”
The IT team is seeing steady growth in the number of employees logging into Azure directly instead of through the on-premises connection. As more groups deploy workloads and applications in Azure, Gas South can increase its visibility across CloudGuard-protected assets to further enhance the company’s security.
“Check Point CloudGuard Network Security solved a huge business continuity challenge for us, which enabled us to reduce overall business risk,” said Thomas. “We consider Check Point a trusted advisor and look forward to extending our CloudGuard deployment with additional capabilities and automation. For example, we have started to evaluate CloudGuard Posture Management further visibility into our network, to improve our overall cloud security posture and for its continuous compliance capabilities, and we are looking into CloudGuard Log.ic for advanced security analytics.”