Morgan Sindall Secures Their Borderless Organization

Binnie explains, “Our web gateways were designed for a different architectural approach. They also gave us limited levels of visibility and control. The on-premise model no longer made sense as we moved towards increased remote working. If we equip employees with laptops and invest in cloud computing, then it’s logical that the workforce should be able to access the things they need to do their job from anywhere. But if the data traffic is having to hairpin back to the data centre for security then they remain tethered, subject to bandwidth issues and delays.”

Binnie continues, “We knew we wanted to move to an internet-based SaaS model for our web security and so the initial RFP focused on cloud Secure Web Gateways.”

As the RFP progressed, Netskope emerged as the clear frontrunner. Binnie comments, “As well as the technical functionality, we had other requirements for the companies in the RFP. We needed them to prove long-term stability and a strong UK and European presence. While these requirements knocked other companies out of the process, Netskope sailed through.”

Although the RFP had started off as a Secure Web Gateway (SWG) requirement, during the process it became apparent that the ability to combine SWG with CASB and DLP functionality would be a huge advantage.

Binnie continues, “Gartner’s SASE vision really aligned to our business challenges. We have a hybrid environment and ultimately need a security approach which can handle a constantly shifting perimeter. The integrated approach also has huge benefits on a tactical, day-to-day management basis. I don’t like gaps as it can be hard to identify who is responsible for things, but if your security follows the data wherever it goes, then those gaps disappear.”

Morgan Sindall selected the Netskope Next-Generation Secure Web Gateway for consistent inline threat and data protection on traffic to and from sanctioned and unsanctioned applications and web, as well as Netskope Cloud Access Security Broker (CASB) capabilities for threat and data protection on data at rest in sanctioned applications.

Binnie speaks highly of the Netskope team, “During the tender process, Netskope demonstrated a really good level of engagement. They understood our challenges and they were collaborative in designing the best approach to solve them. This continued during the implementation, when the professional services team were highly proactive, knowledgeable and helpful. No implementation is without the odd curveball—in our case it was an issue around geo-IP locations—but this was solved by Netskope without difficulty.”

Morgan Sindall does not want to lock down web usage for employees, and is very keen to avoid operating as a “big brother” overseer. Employees are allowed to use social media at work and via work devices, and Netskope now enables that to happen with oversight of patterns of data movement and anomalous traffic to ensure the organisation does not suffer from malicious or accidental data leakage. Netskope integrates with Morgan Sindall’s SIEM, creating insightful reporting and analytics which can be shared both upwards into the group management and back down with IT business partners and line managers within the component businesses.

Binnie adds, “Netskope enables us to meet our employees’ expectations of an optimal user experience (better than the one they get on their own home IT) in the safest possible manner.”

2020 has provided an uncharted landscape for many IT teams to navigate, with remote working occurring at unprecedented levels and minimal opportunity to prepare. Binnie was grateful for Netskope and the work that had been done ahead of lockdowns and temporary office evacuations. Binnie comments, “The very next day after sending home our office based staff, the entire workforce was online, with access to everything they needed and no scalability or bandwidth problems. Because Netskope puts our security workflows into the cloud, there was no need to backhaul data traffic to our data centres and no undue pressure loaded into those network connections.” Baseline user behaviours changed overnight with the workforce working from home. Binnie explains, “In the UK, suddenly BBC iPlayer became our biggest source of incoming data traffic. We would never have predicted that, but in hindsight it is obvious that individuals would put some digital radio on through their laptop while they work at home alone. If we hadn’t already moved away from on-premise SWGs ahead of lockdown then all of that data traffic would have been hairpinned back to our data centres for security purposes.”

Following the initial implementation, Netskope assigned Morgan Sindall a Customer Service Manager (CSM) whose role it is to ensure that Binnie and his team are getting everything that they can from their Netskope investment. Binnie explains the role and relationship, “Our CSM has a scheduled check-in with us fortnightly and we all use this time to evaluate the estate, tune and tweak policies and settings, and drive continual improvements to our implementation. These conversations are not about Netskope upselling to us, and they work very well to ensure we know about the new functionality that is being added all the time to the service. We are ISO accredited and Netskope’s CSM approach fits into our ‘Plan, Do, Check, Act’ model which is a component of that ISO standard.”