Decipha, an Australia Post business, has upgraded the firewall and intrusion prevention systems across its national offices to boost its security posture and ability to comply with payment card industry standards.
The company, which evolved from an outsourced mailroom provider to offer a full suite of digital information services, embarked on the uplift program with Melbourne-based IT provider Basis Networks.
Basis, which was No.4 in the 2017 CRN Fast50, was charged with developing an architecture that transformed the way security controls were applied across Decipha’s seven discrete sites nationally.
There were two main reasons for the uplift: to secure customer data effectively against
modern threats and streamline the company’s ability to comply with PCI-DSS controls, given its complex, distributed environment.
Prior to the uplift, Decipha’s security system used a mix of technologies, and was partially managed by a third party.
This made the environment complex to assess and remediate, particularly for the purposes of meeting annual PCI-DSS audits.
Businesses that handle card purchases have to meet certain data security standards mandated by the payment card industry, and their compliance is regularly audited.
Basis Networks came up with a design that it said “increased the security posture of the organisation, protecting cardholder data with application layer security and threat prevention”.
The new architecture also “simplified security operations activities by introducing automated workflow management, policy analysis, and compliance reporting for management on a centralised platform.”
That was important since control over the security environment was essentially transitioning to a fully in-house model through the uplift program of work.
Basis Networks architected the system based on Palo Alto Networks next generation firewalls.
It is managed by a combination of Palo Alto Networks Panorama management platform for single pane of glass management, and FireMon for automated security policy analysis, workflow automation, and policy remediation.
The entire project was completed within six months – a “highly compressed” timeline due to a desire to have the new system in place prior to Decipha’s annual PCI-DSS compliance
For that reason, the project success was measured primarily through the successful assessment of PCI-DSS obligations, and the elimination of long and costly audits for that purpose.
Alan To, security governance advisor at Decipha, said called Basis Networks "a trusted and dependable partner who come highly recommended for their services.".
"The project had to deliver significant security and compliance requirements within an extremely condensed timeline and complex, difficult environment," To said.
"The response we got from the Basis Networks team was nothing short of outstanding. Decipha was provided with a demonstration of outstanding capability, professional and structured delivery and immense commitment to a positive project outcome."
Basis Networks used an internally developed tool to convert and migrate all configurations to the new platform via APIs.
It then used data from FireMon to identify any areas of the security policy that could be improved, and automated the process to remediate and test policy.
This approach reduced the potential for human error, increased security posture, and ensured the project could be delivered on time, Basis Networks said.
Basis Networks is a finalist in the 'Trusted Systems' category in the 2018 CRN Impact Awards. For a list of all finalists and further details on the awards, please head to the CRN Impact Awards hub. The awards take place during the CRN Pipeline conference. You can get more information and purchase tickets here.