The Commonwealth Grants Commission in Australia is accelerating cloud adoption and improving staff flexibility with Zscaler.
Established in 1933, the Commonwealth Grants Commission (CGC) is an independent statutory body that advises the Australian Government on financial assistance for the nation’s states and territories.
Initially, the CGC provided advice regarding grants made by the Commonwealth Government. Since the Goods and Services Tax (GST) was introduced in 1999, the CGC now advises on how this source of revenue should be distributed.
Replacing an ageing access infrastructure
For several years, the CGC’s staff had relied on a Secure Internet Gateway (SIG) service based on a 10Mbps network link. This SIG was the only link with the outside world and congestion and performance had gradually become a significant issue.
“In mid-2019, we realized we needed to find a different way to deploy and maintain our IT infrastructure,” said CGC Chief Operating Officer, Greg Freeman. “At that time, we had our own servers and local area networking equipment on-premise and wanted to shift to a cloud-based platform.”
Freeman said this move to the cloud was part of an ‘anywhere, anytime, any device’ strategy that had been adopted by the organization and enables the organization to maintain Business Continuity and rapidly support staff wherever they may be located. There was also a plan in place to shift into new premises in about 18 months and a need to improve performance to access cloud-based solutions.
“To upgrade the bandwidth available through the SIG would have been prohibitively expensive,” he said. “We had already been spending a significant amount annually with our SIG provider for the 10Mbps connection and we were quoted several multiples of this to move to a 100Mbps connection. We knew we had to find a better solution to resolve the incompatibility issues between the traditional SIG services and the Digital Transformation Agency’s cloud strategies.”
A cloud-based alternative
Working with a technology partner, the CGC IT team examined a range of solutions as part of a larger project that involved migrating from the existing, on-premise hardware to the Azure cloud and the adoption of Microsoft Office 365.
The team commissioned a new gigabit network link and deployed Zscaler over the top. The partnership with Microsoft enabled core applications to be migrated to Azure and all staff equipped with a subscription to Office 365 E5 cloud-based suite of productivity apps combined with advanced voice, analytics, security and compliance services. The project began in late 2019 and was completed early in 2020.
“The fact that Zscaler had achieved a successful Information Security Registered Assessors Program (IRAP) assessment gave us confidence that this was the right move,” said Freeman. “We could see this was the best way forward for the organization.”
Indeed, an IRAP assessment provides government agencies with confidence in Zscaler’s suitability for processing, storing or communicating sensitive information, making it easier for agencies to evaluate and adopt the technology.
With Zscaler in place and the new cloud-based resources fully functional, the CGC quickly realized significant benefits. Staff now have the flexibility to work from any location while still enjoying the same level of security they would have when in the office.
“In hindsight, the timing of the move could not have been better as it was completed just before the COVID-19 shutdowns took place,” said Freeman. “We were able to shift everyone from being office based to working from home within a week which would simply not have been possible before Zscaler.
“The concept of a centralized office has now morphed into a collaboration space where staff can meet as required, but our office is now really in the cloud.”
Freeman said there have also been benefits around cost. “We moved to the new business grade gigabit connection and implemented Zscaler for significantly less than the amount we were quoted for the upgrade to 100 Mbps through the existing SIG,” he said.
As the shift to home working occurred so rapidly, the CGC IT team is currently undertaking a review of the new architecture to determine whether any changes or additions might be required.
“Zscaler will certainly help us to achieve this and will continue to be a valuable component of the CGC IT infrastructure for many years to come. We now have in place a secure foundation that will support our activities and allow us to continue to provide our services to the Australian Government,” said Freeman.
We asked Greg Freeman, Chief Operating Officer, CGC, further questions about the implementation.
What were the main reasons you wanted to shift to a cloud-based platform?
A number of factors were in play in the CGC decision to adopt a cloud-native strategy. First up, our on-premise infrastructure was past its end of useful life and in need of replacement. In addition, a tenancy move in mid-2022 will see us significantly downsize our floor space.
The Commonwealth government policy is also now focused on adopting cloud-based architectures and moving to Microsoft 365. Finally, we are constrained in our ability as a small entity, with limited resources, to internally manage the complexities of an ICT capability in today’s cybersecurity environment.
These factors, and a desire that staff be able to work anywhere, any time, on any device, were the key reasons for our transition.
What were your main reasons for choosing Zscaler?
The CGC’s cloud-native strategy required us to look beyond the traditional SIG model. We needed a SIG capability that was not dependent on physical infrastructure and defined office locations.
Prior to terminating the on-premise SIG arrangement, the CGC implemented the full suite of services available under Microsoft’s E5 licencing. In assessing the capability gaps between a traditional SIG and what Microsoft 365 offered, the CGC looked for a solution that would mitigate the remaining risks, allowing us to achieve an ‘engineered to protected’ solution.
At the time, Zscaler’s capability stood out from other products with its market position, simplicity of deployment and their organizational vision resonating most with the CGCs own strategy. We sought a solution that provided a comprehensive cloud first security model that complied with Commonwealth government ISM requirements, had been IRAP assessed and a far more cost-effective solution.
How much confidence do you have in the solution’s level of security?
Zscaler has been in constant communication with the CGC, particularly when global incidents have raised the threat level for potential compromise to our network. This, combined with their Microsoft partnership and recently achieved Protected IRAP status, has given us a significant degree of confidence in their capability.
A number of high-profile Commonwealth entities have also since adopted Zscaler, with their security assessments providing us the assurance we made the right choice.
What are the main benefits the solution has brought to the CGC’s staff?
As a cloud-native service itself, Zscaler has allowed us to easily implement a virtual firewall that is capable of consistently supporting our user base anywhere, anytime. Simplified management, with detailed supporting analytics, provides the visibility and transparency of activity on, and threats to, the network that were simply not available to us before.
Staff now have a solution that truly enables flexible working arrangements, in a secure manner that does not impose any restrictions on how they work.
Can you explain how ZScaler will be a valuable component of the CGC’s IT infrastructure for years to come?
The innovation we see coming from Zscaler and their deep integration with Microsoft services has enabled the CGC to simplify its ICT topology and significantly improve our cybersecurity posture. The cybersecurity landscape is constantly evolving and the need to stay ahead of the curve is a pressure that small organizations need help with.
With less moving parts, comprehensive end-to-end coverage and extensive partner network, we are far more comfortable that as we look to replace our fleet of end-user devices and relocation to new office space, our ICT capability has leveraged some of the best technology available in the marketplace.Click below to share this article