Cloud-Based Security Helps Aspen Fend Off Malware
September 25, 2013
A small team of three full-time IT employees for the city of Aspen, Colo. has the challenging task of managing a fiber-connected network for Aspen and Pitkin County that runs through 32 facilities in central Aspen and in more distant locations such as the Aspen airport, which is three miles away from downtown.
The city maintains two data centers, one in city hall and a second in another county building two blocks away. Together, these data centers house 75 Dell servers, which support over 500 desktop and mobile devices on the network plus an assortment of applications used by various departments, such as the assessor’s office, the roads department, and the treasurer.
- Forrester Study: The Total Economic Impact of VMware View
- HP Datacenter Care: Enterprise-Wide Support For Business-Critical IT
“Virtually everything is connected to our network. Even the fuel pumps for our transportation are monitored for consumption,” said John Sobieralski, Aspen's network coordinator.
In managing a network of this magnitude and diversity with limited personnel and a tight budget, maintaining security became increasingly difficult.
“One of the challenges we were constantly facing over a number of years was being victimized by malware attacks,” Sobieralski said. “We’re a small shop, so it was difficult for us to respond to security issues as fully as we needed to.”
The problem intensified as malware attacks accelerated. “It reached a point where we were experiencing as many as four or five security episodes a day,” Sobieralski said. “As a staff, we were working as fast as we could to clean up infections, and of course, there were user complaints.”
Unfortunately, the expensive security appliances the city had previously installed on the network weren't helping.
"They didn’t do a good job of detecting and mitigating security threats and at any given time, there were always a number of network infections we were fighting,” Sobieralski said. “On top of this, we were experiencing problems with our Internet services provider, which was constantly being hit with denial-of-service attacks that could take our network down.”
[Read how open source tools can help small businesses with few resources defend themselves against today's sophisticated malware in "Using Open Source Tools For Malware Detection."].
When the time came to replace the old devices, Sobieralski jumped at the chance to consider a new security approach. He opted for a cloud-based service that eliminated the need to install physical hardware and software on the city's network.
Aspen implemented OpenDNS’ Umbrella, which provides cloud-based security for the network plus roaming security support for Macs, PCs and iOS devices, and is managed from a central Web-based dashboard. “We get reports each day on security status and events, and we also have expanded visibility of every end user computer and mobile device, and where they’re located,” Sobieralski said. “Since we have many mobile users who are out of the office, this is important.”
The service monitors security, applies organizational security policies and detects malware threats before they can become problems. This provides relief for Sobieralski and other network technicians, since Aspen has an internal network, a Wi-Fi network and a couple of DMZ networks to patrol and protect.
“We didn’t turn the full cloud service up at once,” Sobieralski said. “We began by just using the DNS service, which filtered for malware and blocked it. This past year, we implemented a service that connects right into our Active Directory so that our [internal] servers and servers in the cloud are communicating with each other. Now, we have visibility from the cloud of security-related activities on our internal servers and devices. This enables us to track a malware invasion to a specific end user device.”
Sobieralski said that perhaps the best benefit was being able to identify malicious websites so a network administrator could take preemptive steps by blocking users from accessing those sites. “Since we’ve been using this capability, our malware attacks have dramatically diminished,” he said.
As a result, Aspen's networks have gone from what Sobieralski described as “cycles of drive-by infections” to rarely having any infections.
An additional bonus is the security protection and mitigation for mobile devices, which grew into a major IT challenge once the city implemented BYOD policies. “From an IT perspective, having improved mobile device monitoring capabilities is going to help us with that because we didn’t always have control or visibility of the devices employees were using,” Sobieralski said.
The new security approach has paved the way for Aspen to look at future phases of security and network management, such as setting up a full-featured, centralized system for the management of mobile devices, along with automated “push” technology that places software updates directly on devices as they connect to the network.
“We’ve come a long way with our network security, and without adding headcount,” Sobieralski said. “Initially, we were just trialing a cloud-based technology that addressed security. But I can tell you that since that early pilot, it has delivered a huge time savings for our staff, not to mention peace of mind.”
[Don't miss the panel discussion "What's Next? Emerging Trends in Information Risk Management and Security" at Interop New York Sept. 30-Oct. 4.]