The Regional Autonomous Corporation (CAR) of Cundinamarca is the local office of Colombia’s main environmental authority. Through its broad reach, the institution oversees the protection of the natural resources of 1.8 million hectares that support approximately 7.3 million inhabitants. The CAR manages the entire rural area of Bogotá, the country’s capital, as well as 104 municipalities. It covers 7 hydrographic basins that supply drinking water to about 15% of the Colombian population.
For the CAR, the protection of natural resources implies the care of elements such as air, soil, flora and fauna, in addition to issues related to mining and the development of infrastructure projects. The institution carries out this process by collecting data from multiple sources and then analyzing the information to make the best environmental decisions.
THE CHALLENGE
In 2012, the CAR began a technological transformation process to support the amount of data and applications necessary to carry out its purpose. This includes: a Tier 3 data center connected to 14 remote main offices that send data to headquarters, such as the Bogotá River monitoring station (the capital’s main water source); the improvement of the architecture of communications between all the offices; and review of information security protocols.
Before implementing the Fortinet platform, CAR’s security system was fragile and susceptible to third-party intrusions. Although there were no data leaks, internal tests showed that it was possible to access the data of the regional headquarters or to compromise the applications. In this system, it was even possible to intervene in the active directory of the company. At that time, the only protection was a firewall with limited performance, which was restricted to scanning the network and did not offer sufficient security.
THE SOLUTION
The organization reviewed proposals from various vendors and found that Fortinet offered a flexible and scalable solution to meet its needs. “Our biggest concern was keeping all of our information secure. Fortinet gave us the platform to create a secure network for the corporation”, says Luis Adolfo Romero, head of the Information and Communication Technologies Office of the CAR.
The new network is protected by FortiGate Next-Generation Firewall (NGFW), a solution that also protects the data center. These firewalls secure all incoming traffic from offices to internal services, applications, databases, and financial information. In fact, no office has local Internet access: everything connects directly to headquarters.
The CAR has also implemented two Fortinet firewalls in specific locations to protect its ritical infrastructure. The first is the Wastewater Treatment Plant, which centralizes all the monitoring of the Bogotá River and has its own network; the other is the environmental lab, which develops multiple sensors, telemetry, and IoT projects. Individual firewalls serve to protect the sensitive information handled by these sites.
With these measures, they can also connect to applications that need to be hosted on local servers and not on the central server. “We have cybersecurity as a priority. Fortinet gives usthe peace of mind that we have the right equipment and software to block any attack,” says Romero. Fortinet solutions are essential for the security and management of CAR information. In addition to the implementation of FortiGate firewalls, the environmental public agency integrated other Fortinet Security Fabric solutions such as FortiWeb, FortiClient, FortiSIEM and FortiSandbox tools to improve its cybersecurity posture. CAR uses FortiWeb to protect public applications, allowing it to have a highly available network and ensuring that all Internet traffic passes directly through this solution.
With so many end users embedded in its network, the organization benefits from tools such as FortiSIEM for event correlation and anomalous behavior detection and FortiClient for real-time monitoring, management and security of endpoints. In addition, these solutions offer actionable analytics to tightly manage network security, performance, and compliance, all through a single view of the organization. With FortiSandbox, the CAR has done a few real-time tests and labs to achieve a robust combination of proactive detection and mitigation, and to improve the security of the web environment.
TANGIBLE BENEFITS FOR A GROWING ORGANIZATION
With Fortinet’s AI-powered SOC analytics platform, the CAR has access to real-time monitoring of the network, making it easy to detect potential security events and takeinstant action. This is complemented by automated real-time reporting and analysis. “We have full control of the information and resources, so we can immediately consult any data associated with the network,” shares Romero.
In addition, the environmental authority can track the activities of each user and segment the network, which simplifies connection management and directs traffic for optimal security. For example, users no longer connect directly to an application’s server, but instead specifically bind to the port associated with the application. For the institution, centralized management also offers high availability of its communication channels.
By having the entire network integrated under the same provider, the corporation can also manage technical problems more easily, decreasing the demand on time and human resources. Optimizing the installed base is crucial for public organizations like the CAR, which must follow specific parameters to ensure that their implementations do not become obsolete.
Fortinet’s support has been key to consolidating a robust, highly available and secureplatform. The CAR can now scale its infrastructure more easily. “The scalability of Fortinet’s solutions gives me the confidence to grow smoothly, prioritizing the largest or most vulnerable sites,” concludes Romero.