Fortinet completed a case study about the technology solutions Batteries + Bulbs chose on Leeward Business Advisors advice.
While in-house development is a key part of Batteries Plus Bulbs’ strategy, Lehman’s team does not hesitate to use third parties to perform specific functions or to supplement the internal team during specific projects. Cybersecurity is one area where the company has relied on service providers for close to a decade. “Franchisees want secure and compliant systems, and we do not want to pretend that we have the in-house expertise to make that happen,” Lehman contends.
Two years ago, Batteries Plus Bulbs’ contract with its managed security service provider (MSSP) was coming up for renewal, and the team knew they needed to update the way they approached security.
“We engaged our legacy provider eight years ago, at a time when retail organizations were scrambling to meet new security requirements,” Lehman recalls. Specifically, versions 2.0 and 3.0 of the Payment Card Industry Data Security Standard (PCI DSS), released in 2010 and 2014, introduced new, more stringent standards for merchants.
Specifically, Batteries Plus Bulbs appreciated the fact that LeewardBA has both security operations center (SOC) and network operations center (NOC) capabilities and uses the fully integrated security solutions of the Fortinet Security Fabric. “The Batteries Plus Bulbs team saw the value in our broad capabilities,” says Michael Polzin, CEO at LeewardBA. “Our ability to dynamically support the desktop infrastructure, switching, and the wireless infrastructure in addition to the SOC was a huge advantage.”
Deploying Comprehensive Security
The LeewardBA solution is built on FortiGate next-generation firewalls (NGFWs) installed at each store. The FortiOS operating system underlying the NGFW technology also enables all other Fortinet Security Fabric solutions—including third-party solutions developed by Fabric Partners—to be seamlessly integrated. All Fortinet solutions are backed by comprehensive, artificial intelligence (AI)-enabled threat intelligence from FortiGuard Labs. And LeewardBA has access to other sources of threat intelligence that have also been integrated into the Security Fabric.
One welcome feature of the FortiGate NGFWs is FortiGate Secure SD-WAN functionality, which the company uses to connect its 740 stores to the headquarters. This robust software-defined wide-area network (SD-WAN) technology enables the company to safely use the public internet to scale network traffic, rather than relying solely on expensive multiprotocol label switching (MPLS) circuits. “Managing this part of the solution enables LeewardBA to ensure network performance as well as security,” says Jason Klein, CTO for LeewardBA.
Another feature of FortiGate NGFWs that Batteries Plus Bulbs is taking advantage of is intent-based segmentation. “For PCI compliance reasons, our register network is separated from the rest of the infrastructure,” Lehman explains. “Being able to take advantage of the dynamic trust models in the FortiGate makes this segmentation even more robust.”
LeewardBA also manages instances of FortiManager VM and FortiAnalyzer on behalf of Batteries Plus Bulbs. “These tools enable us to provide centralized management from a single pane of glass, detailed reporting, workflow automation, and trends analysis,” says Klein. “This enables the in-house team to get a complete picture of their security posture at a glance, at any time.”
In addition to the consolidation accomplished to date, the FortiOS platform and the Fortinet Security Fabric provide the flexibility to add myriad additional security features in the future—all seamlessly integrated with centralized visibility and control. “The flexibility and scalability of the solution was a big selling point for Batteries Plus Bulbs,” says Peter Van Opens, a client success manager at LeewardBA.
Starting to See Tangible Benefits
The deployment was rather complex, given the number of point products being retired and the number of separate franchise groups Lehman’s team supports. Batteries Plus Bulbs and LeewardBA moved at a deliberate pace and recently completed the rollout. “We are now working on final fine-tuning for this project and planning for next steps,” Klein says. And while specific results are not available yet, the company is beginning to see benefits.
Perhaps the most visible benefit to Lehman’s staff was a greatly increased level of visibility of the company’s security posture and infrastructure. “We were often in the dark with our prior solution,” Lehman remembers. “Our prior MSSP did not provide us with actionable insights about what risks we faced or what we could do about them.”
“Now we have security information by glancing at a screen, and we can drill down to any level of detail we need,” says Dan Dugan, vice president of IT for Batteries Plus Bulbs. “We can take a more proactive stance to managing security. This gives us confidence that we are equipped to manage security threats for the next 5 to 7 years.”
Another benefit is the flexibility of the Fortinet solution. “I was pleased with the many ports the Fortinet devices have,” Lehman says. “This gives us the flexibility to add services in the future without having to rearrange the infrastructure.”
One example of this flexibility is that stores have been able to set up a separate wireless protocol specifically for testing smartphones and tablets that are brought in for repair. “We need to isolate customer devices from company devices,” Lehman explains. “So, it is prudent to be able to have a dedicated testing protocol.”
Controlling costs is another benefit of the LeewardBA/Fortinet solution. “This wound up being a cost-neutral project,” Lehman relates. “When we set up the security infrastructure eight years ago, franchisees starting paying a cybersecurity fee that they had not paid before, and this was frustrating for many of them. The new solution does not increase their fees, yet it delivers much more robust security and performance.”
Finally, Batteries Plus Bulbs now has a scalable solution that makes adding additional security products and services very easy. “Having a single provider gives us economies of scale, and we know that services we add later will be compatible,” Lehman asserts. “Some of what will happen in the future is unknown today, but we have the depth and breadth in our security architecture to provide protection from whatever comes along.”