Auckland Transport is responsible for providing a safe, efficient and sustainable transportation system that meets the needs of a rapidly growing population of residents and visitors. Leveraging technology as a key enabler, Auckland Transport deployed F5’s comprehensive security solutions to not only improve operational efficiency and effectiveness, but to also provide a safe and optimal customer experience across all modes of transportation.
Auckland Transport (AT) is responsible for all of the region’s transportation services, including buses, trains and ferries, as well as roads and related facilities like foot and cycling paths, and parking. AT also plays a significant role in planning and funding public transportation, operating the local road network, and promoting alternative ways for people to get around.
AT’s operating principle is based on Vision Zero, a Swedish-based approach that focuses on a core life principle that human life and health can never be traded for other benefits, such as journey travel times. Safety lies at the heart of AT’s business, where the top priority is to develop a transport ecosystem that is safe for all users of the roads.
With the number of public transport trips expected to double from 70 million per year in 2012 to 140 million by 2022, AT needed a modern transportation system with the ability to seamlessly connect people, devices and systems, as well as offer enhanced safety, improve commuters’ travel experience and reduce operational costs.
AT views technology as an enabler for achieving these goals, serving as the ‘glue’ to drive more efficiency across all modes of transportation. Digital technology will help AT anticipate future transportation needs, such as semi or fully autonomous vehicles, freight drones, and mobility-as-a-service (such as carpooling or car/bike sharing).
Additionally, AT wanted to address the fast-changing consumer landscape. Commuters and citizens expect dramatically improved levels of service, usability of customer-facing platforms, accelerated response from organizations, and high availability of information related to traffic and transportation schedules.
To achieve this goal, AT had to improve the integration of its transportation network using an integrated single-system approach while moving away from its legacy information technology systems to a cloud-based environment that gives the organization the agility and flexibility to address key challenges. These challenges included issues related to network efficiency, daily management and operation of the city across all transportation modes, as well as support for route decision-making.
The constantly evolving technology also changed the nature of the transportation business, with AT amassing large amounts of customer data, especially through their mobile applications: AT Mobile and AT Park. This meant that AT had to abide by regulatory frameworks—in particular, the General Data Protection Regulation (GDPR).
Finally, AT also recognized the need to protect its systems from increasingly sophisticated and dangerous cyber-attacks that have the potential to disrupt its transportation network.
AT selected F5 to deploy a modern, integrated transport system with F5 BIG-IP Access Policy Manager (APM).
As the volume of apps, users, devices and access points grow, the traditional network perimeter loses its meaning, and access management becomes exponentially tougher. With F5 BIG-IP Access Policy Manager (APM)—a central access management solution—AT is able to provide unified global access control to users, devices, apps, and application programming interfaces (APIs). By implementing context-based dynamic access decisions, BIG-IP APM strengthens AT’s corporate compliance with security standards, corporate controls and government regulations. It also provides improved visibility through a single management interface and ensures users are equipped with appropriate, authenticated, secure application access.
To address the challenges of data encryption and growing privacy concerns, AT utilized F5 SSL Orchestrator to gain visibility into encrypted traffic and expose hidden threats. The ability to process 1.8 million Layer 7 requests and 12 million Layer 4 HTTP requests per second means that AT can use dynamic service chaining and policy-based traffic steering to intelligently manage encrypted traffic flows through the entire value chain. This allows AT to enjoy high-performance decryption of inbound and outbound SSL/TLS traffic, while enabling security inspection to expose threats and stop attacks.
Lastly, organizations today are exposed to a variety of potentially malicious attacks from rapidly IP address. To increase contextual awareness of internet sites and protect requested applications from IP addresses with known malware or viruses, AT added F5 IP Intelligence Services to BIG-IP APM. Having the ability to detect and block bad actors before they hit the data center provides AT a major advantage in its network protection scheme. This significantly reduces risks and increases data center efficiency by eliminating the time spent processing bad traffic.
All of these solutions, managed from a single point of control, gave AT the visibility and the contextual, behavioral-based capabilities the organization needed to ensure they are protecting the app—and the user—from all core points of vulnerabilities. As a result, AT was able to enhance security, eliminate redundant tiers, and simplify management to reduce capital and operating expenses.
With F5, AT established a platform that ensured resilience across all transport modes, providing intelligent transport and optimal experiences to its passengers.
Centralized and Comprehensive Access Control
AT utilizes a number of APIs to ensure all parts of its transportation system are secure. To prevent exploitation of their APIs, AT leveraged F5’s BIG-IP APM’s proxy-based access controls deliver a zero-trust platform for both internal and external application access. This ensured that applications are protected while extending trusted access to users, devices and APIs. With trusted access ensured, AT can now expand beyond traditional security boundaries to unlock new business models and operational efficiencies—without sacrificing security or commuters’ experience.
Improved visibility, control and performance
In the last 10 years, AT saw its average encrypted traffic levels increase from 5% to 85%. The rising volume of encrypted traffic was hampering the ability of AT’s security teams to protect customer data and intellectual property. In addition, the team found that their existing firewall was unable to efficiently process SSL encrypted traffic at the scale and speed its business demanded.
Security is about controlling risk, and control is only possible with visibility. The AT team added F5 SSL Orchestrator into its security stack, which provided an all-in-one solution that was designed to enhance the SSL infrastructure, provide security devices with visibility of encrypted traffic, and maximize efficient use of existing security investment. This solution dynamically chains security devices, independently monitors and scales them, as well as intelligently manage decryption across the entire security chain via a contextual classification engine—reducing administrative costs while utilizing security resources more efficiently.
In addition, by leveraging the health monitoring, load-balancing, and SSL offload capabilities of F5 SSL Orchestrator, the solution enables AT’s security investments to better scale and protect through multi-layered security, even in the most demanding environments. Scaling its existing, deployed security devices with failover protection achieves better utilization and service availability.
Furthermore, F5 SSL Orchestrator ensures encrypted traffic can be decrypted, inspected by security controls, then re-encrypted—delivering enhanced visibility to mitigate threats traversing the network. As a result, AT could maximize its security services investment for malware, data loss prevention (DLP), ransomware, and next-generation firewalls (NGFW), thereby preventing inbound and outbound threats, including exploitation, call back, and data exfiltration.
Increased protection against emerging attacks
As the pace of attack methodologies change increases, AT needed a near real-time host protection to augment their security deployments to mitigate bad actors during attacks. Adding F5 IP Intelligence Services, AT was able to bolster their security infrastructure and effectively guard against malicious internet hosts. Positioned at the perimeter of the network, the F5 IP Intelligence service delivers a database of over 1 million malicious internet addresses to support a dynamic security perimeter with near real-time protection against phishing, attackers, and scanners. This database of addresses is refreshed every five minutes from the cloud to minimize the threat window and keep AT’s data—and its reputation—safe.
In addition, F5 solutions are compliant with the GDPR framework, helping AT become more focused and efficient at protecting personal data from the most likely threats. This ensures the confidentiality, integrity, and available of users’ personal data while also improving AT’s overall security strategy.