icare is one of the largest insurance providers in Australia. With more than $32 billion in assets across its schemes, the public financial corporation delivers world-class insurance and care services to more than 3.4 million workers, builders, road users and homeowners in NSW, 296,000 businesses and to two of the world’s most iconic assets, the Sydney Opera House and Sydney Harbour Bridge.
According to David Johnston, icare’s Head of Enterprise Infrastructure: “The decision to move into the cloud was our business plan from day one”. While icare was only established in 2015 through the commencement of the State Insurance & Care Governance Act 2015, the organization inherited a legacy of traditional insurance tools and applications, which were rapidly approaching their use-by date. “We saw this digital transformation as an opportunity to change the way we did business to better meet the demands of today’s insurance and care customers,” said David.
As the first insurance and care organization in Australia to take its service delivery to the cloud through Amazon Web Services, icare faced significant challenges ensuring the expected standards of security and cost-effectiveness could be met through a cloud-based system. icare, having opted for a Software-as-a-Service (SaaS) model for their cloud-based operations, selected Amazon Web Services (AWS) as their cloud provider. While AWS provides a wide range of embedded security services, the sensitive nature of icare’s data required a full-service security partner to help them secure the AWS cloud environment.
icare had three key requirements of their security partnership. The first was finding a security solution that would provide the high-level protection and performance required for an online insurance and care environment. Secondly, icare needed a vendor that could help them fast track their cloud migration without sacrificing any of the security or functionality of their existing systems. Finally, icare was also looking to reduce management and operational overhead.
icare reached out to their existing technology partners for guidance, who advised that the security of the AWS cloud environment could be enhanced through a partnership with Fortinet. Fortinet is an AWS security partner, and as such, a number of our security solutions have been optimized to integrate seamlessly with the AWS cloud infrastructure.
Given the complexity of the migration, it was critical for Fortinet’s local Australian team of engineers and consultants to have a deep understanding of icare’s business model. Fortinet took part in several workshops with icare’s IT team early in the project to familiarize the working group with icare’s core applications, traffic requirements, business rules, operational requirements, and reporting functions. With this understanding, Fortinet was able to work closely with icare’s IT team, AWS and other third-party providers to design and deploy a solution with the appropriate levels of security, performance and flexibility required by icare.
In less than five weeks, Fortinet’s implementation team installed and configured an integrated security framework. It consisted of FortiGate AWS firewalls for next-generation gateway protection at the perimeter as well as for internal segmentation within each Availability Zone, FortiManager for single pane-of-glass security management, FortiAnalyzer for forensic reporting and performance analytics, and FortiToken for secure remote access. This comprehensive security fabric solution provides enhanced threat protection across icare’s entire range of business applications, spanning multiple AWS Availability Zones.
This transformation has been a positive experience for icare and Fortinet, with the implemented security solution proving to be both trouble-free and cost-effective for icare. icare is now looking at phase two of their IT and business strategy in order to improve the customer experience by providing even more self-service capabilities to its stakeholders.
The successful roll out of icare’s new cloud-based business model can be attributed to Fortinet’s proactive account management, our technical expertise and our wide range of security solutions certified for AWS environments. These capabilities enabled the Fortinet team to build strong relationships with icare from the outset; understand their business and technical needs, and meet those needs with a tailored, cloud-based security solution. We look forward to leveraging both our security technology and expertise to further enable icare’s business priorities in the future.
This byline originally appeared in CSO.
Download our paper on securing dynamic cloud environments.