Security-first Partnership Protects Customer Data for a Fast-growing Grocery Store Co-op

A fast-growing grocery store co-op—which provides back-office services to hundreds of member stores—goes to great lengths to prevent unauthorized access to the customer information in its systems. “Customers are the grocers’ most important asset,” the co-op’s CIO says. “When they walk into a store and provide information about themselves, the store needs to ensure that information is not used for any purpose other than the customer intended. It is our responsibility to keep our member stores’ customer data safe, and to ensure it is not shared with anybody.”

New Headquarters Presents Opportunity To Upgrade Security

When the co-op moved its headquarters to a larger office space, its IT team worked with the IT solution provider Vandis Inc. to reevaluate the topology of the entire corporate network. The company’s infrastructure was several years old, and in some cases, the technologies were no longer cutting-edge. “Security controls had undergone rapid advancements since we designed our network,” the CIO explains.

“We saw the move to the new headquarters as an opportunity to review current best practices and possibly implement new security options,” the CIO adds. “We decided to treat the new headquarters network as a greenfield project. We would learn and adjust as needed, which would help us make better strategic decisions as we upgraded our store networks.”

One area of opportunity was the consolidation of security features—web proxy services, URL filtering, virtual private network (VPN) access, and multi-factor authentication—into fewer devices.

“As we considered our options for security in the new headquarters, simplification was one of our primary objectives,” the CIO says. “The more devices you have, the more individual points of failure there are within the network. So, we wanted to simplify the topology and reduce the amount of hardware dedicated to security.”

As it planned the security infrastructure for its headquarters network, the grocery co-op also had its eye on the in-store networks, which were essentially extensions of the corporate network. “As we did our due diligence, we discovered that Fortinet solutions could provide security for every endpoint anywhere on our network, whether in our headquarters or stores,” the CIO says.

It was not just the broad applicability of Fortinet’s security capabilities that convinced the co-op to shift its headquarters away from its longstanding legacy network and security vendor. It was also the tight integration between the solutions and the operational efficiencies made possible through the FortiManager management console. “Centralized management of all those devices through FortiManager was a key decision factor for us,” the CIO says. “We saw the opportunity to get a truly 360-degree view of everything that was attached to our network.”

Adds Eric O’Brien, principal mobility architect with Vandis: “The co-op set off on a multiyear journey to modernize its IT infrastructure. The CIO liked the idea of a security-driven network, but also wanted the network to be scalable and inherently simple to manage. Fortinet was able to meet all these requirements with fewer devices, while also being cost-effective.”

Segmentation Provides Stronger Security

The co-op’s IT team worked with Vandis to deploy FortiGate next-generation firewalls (NGFWs) at its new headquarters, both at the network edge and internally, to prevent unauthorized traffic between network segments.

“The network segmentation capability within the FortiGate firewalls is a major advantage,” the CIO says. “Like most companies, we find that many of our users need to interact with cloud-based services. But whenever a device speaks with the outside world, it creates an attack vector that threat actors may potentially use to get into the network. The Fortinet solution enables us to separate the devices that require internet access from the applications and databases that use customers’ personal information.”

Along with the segmentation that has been implemented within the infrastructure, the deployment of FortiManager and FortiAnalyzer have enabled the use of automation stitches to immediately block suspicious traffic from the network and send an alert before further investigation by Vandis Managed Services. Vandis relies on the indicator of compromise (IOC) subscription for FortiAnalyzer to ensure that its threat database is always up to date.

In addition to the firewalls, the co-op deployed secure wired and wireless networking with FortiSwitch Ethernet switches, and FortiAP wireless access points to protect every entry point into the headquarters campus.

In the past year since deploying the Fortinet solution, there has been a drastic decrease of tickets being opened. The number of security alerts has also substantially decreased since introducing the Fortinet Security Fabric. Vandis attributes this to a combination of the secure, fully monitored solution and the ongoing management of the solution by Vandis’ Managed Services team.

Partnership for Greater Peace of Mind

The CIO reports that deployment of the Fortinet solutions, from point of order to full functionality, was about 10 times faster than the implementations that other vendors were projecting. Estimates are that the entire network security infrastructure “was basically racked, stacked, configured, and brought online in about 10 days.”

O’Brien attributes the rapid deployment and ongoing success to his company’s successful partnership with Fortinet. Vandis leveraged FortiManager to provision the security solutions at the co-op’s headquarters and now uses it, together with FortiAnalyzer, to manage the security infrastructure. “The grocery co-op is able to focus on other initiatives with the confidence that Vandis’ Managed Services are providing day-two support, with quick escalation to subject-matter experts in case of any outages or configuration issues,” O’Brien says.

The co-op’s CIO concurs: “The Fortinet management solutions give us much more granular control of any traffic that enters or leaves the network. We also have clear visibility into any potential threats or issues that need to be addressed. This enables Vandis to respond much faster when we need assistance.”

Next, the co-op will deploy FortiAuthenticator to augment its secure access with two-factor authentication. All in all, the CIO says that the combination of Fortinet and Vandis has greatly increased the IT team’s confidence in cybersecurity throughout the company, noting, “Vandis is a complementary partner to Fortinet because they approach any project and any request with a security-first mindset. Sometimes network engineers solve a problem with efficiency as their first priority, and security is secondary. Instead, Vandis looks at security first in all their decision-making, which makes me much more comfortable, as the CIO, that my network is protected."