ShipServ, which is based in London but has a global network of offices, provides the world’s largest e-procurement platform for the marine industry. Founded in 1999, the company enables shipowners and managers to make one connection from their existing procurement system and then trade digitally with all their suppliers – reducing cycle times, improving data accuracy and increasing the productivity of procurement teams by 30%. On the supplier side, it offers tools to help suppliers quote more quickly, serve customers more efficiently as well as gain access to new markets.
The company now partners with 200 ship managers and owners, who operate a total of 9,000 vessels, including some of the largest shipping companies in the world, who are connected seamlessly to over 66,000 suppliers. Trade using the ShipServ platform has reached $3 billion a year.
ShipServ, in a recent move to a more cloud-based IT infrastructure, adopted several Fortinet products to protect the company’s networks. I recently talked to Dominic Aslan, ShipServ’s vice president of IT operations, about the company’s move to the cloud and its use of Fortinet tools.
Maddison: What prompted ShipServ to focus more on using the cloud for its IT infrastructure?
Aslan: ShipServ recently launched several new initiatives and rolled out a suite of new products. One of the major goals of our new infrastructure strategy was an increased use of the cloud. Ultimately, we wanted to transition the majority of our computing resources to the cloud and eliminate as much on-premise equipment as possible.
Maddison: Was there a security component to your new initiatives?
Aslan: In anticipation of this new infrastructure strategy, we conducted an evaluation of the company’s IT readiness, and we targeted the ISO 27001 certification for security management policies and procedures. The certification is extremely challenging for companies of any size, but we knew that attaining compliance with one of the most stringent, globally recognized standards would provide proof of ShipServ’s commitment to the highest levels of security and risk management.
One of the early findings from our infrastructure evaluation was that each of our eight offices and two data centers had firewalls and edge security devices from different vendors. These incompatibilities meant that our protected connections, including VPNs, could not be reliably secured across these locations.
Maddison: How important is security for ShipServ?
Aslan: Data integrity is at the very core of our business. It’s essential that our customers have absolute trust in everything we do. We want to make sure they understand how important ensuring the security of their information is to us.
Maddison: Why did ShipServ decide to use Fortinet products?
Aslan: We looked at the security products we were using and then performed a comprehensive review of the security products offered by major vendors. Fortinet solutions continually rose to the top in many of our key categories and convincingly displaced our existing equipment.
While the feature set, functionality, and performance were our primary criteria, price was obviously important, too. Reputation was also a significant factor for us.
Maddison: How did the Fortinet products fit with your cloud infrastructure?
Aslan: In our move to the cloud, we selected the Microsoft Azure platform and Microsoft Office 365. To supplement Microsoft’s integrated security measures, we added a FortiGate VM for Azure virtual appliance for heightened intrusion protection across our entire cloud infrastructure.
Maddison: What other Fortinet products are you using?
Aslan: We replaced our network and edge security devices with FortiGate enterprise firewalls to improve our threat prevention capabilities and to create more secure connections between our facilities. We also deployed Fortinet Wi-Fi Management to enhance our onsite network security, and we integrated FortiMail into our Office 365 environment.
Email security is especially important for us because it’s a heavily used communications channel. Left unprotected, it can be the most exploited threat vector. FortiMail alleviates the risk from malicious attachments.
Maddison: How important are flexibility and comprehensive capabilities in ShipServ’s security products?
Aslan: They are critical. While the FortiGate has all the features I currently require, as we evolve into the cloud I know I can activate additional layers of protection as our needs develop.
ShipServ is experiencing unprecedented growth, and the FortiGate and FortiGate VM solutions give us the agility and flexibility to support wherever the business needs to go. Being able to spread out the costs of the virtual appliances as an operational expense is also a huge benefit.
Maddison: What is the advantage of using Fortinet as a single security provider?
Aslan: Using a single partner for integrated protection across multiple threat vectors is a key benefit for us. If we need assistance, we don’t have to worry about who to call. We have a modestly sized team, and the common, intuitive interface across all the Fortinet solutions makes the environment much easier to support. Ramping up new team members is really quick, too.
For me, Fortinet is an all-in-one cybersecurity security. Protecting a hybrid cloud/on-premise environment can be very complex, but I’m very proud to say that we have attained full ISO 27001 accreditation. I view Fortinet as playing a big role in this achievement. We couldn’t have done it without the Fortinet solutions we’ve implemented.
This byline originally appeared in CSO.
Download our paper on securing dynamic cloud environments.