Many companies are poor at practising what they preach.
Communications and media firms have grasped this nettle and with so
many of their staff travelling at any given time, the need for
quick and smooth information flow to central offices is vital.
Essentially, not being able to communicate effectively to dispersed
staff can mean the difference between success and failure in the
highly competitive media business world.
That you would think is a business driver that would prompt
firms to make sure that as many of their staff, no matter where
they where, no matter what systems that they had, could access the
company’s data assets as effectively as possible. And indeed it has
for many, but in communicating effectively, access is not the whole
story: access has to be reliable, prompt and above all secure.
These points have definitely been grasped by OMD, a division of
Omnicom Group, a holding company that manages a portfolio of
companies operating in advertising, marketing services, specialty
communications, interactive/digital media and media buying
services. Headquartered in New York, the firm has more than 140
offices in 80 countries.
Kenneth Corriveau, CIO of Omnicom Media Group, says that
providing IT services for such disparate staff presents a number of
challenges. He sums up the key issues at stake, “We have a lot of
people who travel, especially service teams who may be at clients
and who med information for [their jobs] such as presentations etc.
They are all at different points in our enterprise. [The question
is]: how can we protect the enterprise and balance the needs of the
travelling [staff]?”
These needs can be complicated. Not so much in how and what
staff want to access, but due to the fact that not everybody’s
needs are the same. OMD would not have been able to empower its
travelling staff effectively if it simply enforced blanket access
control from on the road. There had to be exceptions for some
staff, at some times and under some circumstances, to gain access
when other colleagues could not enjoy such privileges.
Also from a control point of view, OMD also wanted to be able to
lock down the network to those users who had somehow triggered off
the anti-virus mechanism whilst keeping open access to those who
hadn’t. Corriveau also wanted to have something that could cope
with zero day attacks in addition to known viruses for which
traditional anti-virus systems had signatures for. In addition
there were also compliance regulations to adhere to.
Corriveau remembers the process of finding technology that would
provide comprehensive protection against both internal and external
threats and address the firm’s unique challenges. “There were
heated discussions to find this balance. [we had to] see what’s out
there and solve [the problem],” he recalls. After assessing a
number of types of products, OMD settled on the CounterACT tailored
network access control (NAC) solution and an ActiveScout intrusion
prevention system from ForeScout Technologies.
Given the distributed nature of OMD's business, NAC seemed
something of a necessity. Such technology would allow rules-based
access control providing the degrees of access that OMD demanded.
Says Corriveau, “we found NAC to be a very innovative solution from
a technological standpoint and easy to implement.”
CounterACT is clientless, a capability that Corriveau says added
to this wish for easy deployment and it also offered business
advantages. He explains, “It scans every single device that touches
the network, and it doesn't disrupt our business. Users don't even
know their devices are being protected, it's that transparent; and
they're able to spend their time being productive rather than
waiting for network access.”
Like with every implementation of security, or any network
technology, there were some teething problems. In the early days
there were issues in developing work outs to make sure that the
rules applied were not blocking out users. That said, Corriveau is
happy with the solution. He says, “[Since] we have been using
ActiveScout…we haven't had a zero-day virus or worm problem since
we installed it. We've caught everything before it could become an
issue. We've since deployed CounterACT appliances to extend that
protection to defend against internal sources as well as external
threats. "
OMD has also enjoyed unexpected benefits beyond protecting
threat protection and ensuring only compliant devices access its
network. For example, the company is able to see when certain
applications are not working properly because of the type of
activity sensed by the NAC solution. An application that is
improperly configured on someone's desktop computer will trigger a
CounterACT alert and OMD can rectify the issue and make sure every
application is performing correctly.
Corriveau expresses satisfaction that ForeScout gives OMD the
service attention that it needs and he has a wish that users are
better educated as to what the network can and can’t (or won’t) do.
There’s a good rationale, he reasons, “It’s important that end
users are given better education. Better communication means that
users will work better.”
After effectively proving the NAC concept in the US, OMD will
roll out CounterACT appliances throughout its international
network. The further roll out will add new challenges, as it will
enable users to upload video to the network. This is a business
requirement and Corriveau believes the NAC is ready to plug any
holes that uploading such content may present.