For countless businesses, AI is the new battleground in the fight for competitive advantage. Yet skills are in short supply. According to one recent study, 94% of global business leaders are already facing ‘AI-critical skill shortages,’ with one in three reporting gaps of 40% or more. That’s why many are turning to experts like CloudFactory to help them develop and deploy accurate, trustworthy models.
But as strong as demand is for CloudFactory’s services, the competition is also fierce. The Reading-headquartered consultancy simply can’t afford to let its clients down with poor service. Yet this is what it risked five years ago when network infrastructure challenges came to a head, putting SLAs at risk.
CloudFactory’s business is built on the passion and expertise of a global AI workforce based initially at sites in Nepal, where the company was founded, and Kenya. To ensure these ‘cloud workers,’ as the firm puts it, could perform their jobs effectively for clients, the company had to maintain and configure complex network infrastructure, build in as much resiliency and redundancy as possible, and spend time managing security risk. This posed significant financial and resource challenges. And local ISP outages, equipment failures, and the security risks associated with thousands of BYOD workers imperilled service quality.
When COVID forced CloudFactory to adopt a more distributed working model, it first tried to replicate its on-premises networking set-up in AWS, says Shayne Green, head of security operations.
“We stood up some gateways, some firewalls, and just had people VPN into AWS regions. It was great, but it wasn’t very scalable. It led to a lot of resource overhead on our side for our tech teams,” he explains. “We were looking for global connectivity along with visibility. But we didn’t want to be tied to managing the hardware ourselves. We were concerned about the configuration and operational overheads.”
After looking at various options, CloudFactory found the only one that aligned with this vision and the company’s SaaS-first model was Cato Networks’ Secure Access Service Edge (SASE) platform.
No bumps in the road for CloudFactory
SASE is designed to combine Software-Defined Wide Area Network (SD-WAN) technology with various security features to simplify IT ops, optimise network performance and reduce cyber-related risks. CloudFactory chose Cato Network’s SASE Cloud platform to connect its global offices, physical and cloud datacentres and distributed workforce of over 6,000 people. New locations can be added by installing a Cato Socket appliance. This hooks up local users automatically to one of the SASE vendor’s 75 Points of Presence (PoPs) and high-speed global private backbone. The Cato SDP (Software Defined Perimeter) solution ensures end users are only able to log on to authorised apps, via a client or clientless browser setup, from anywhere in the world.
The whole deployment was remarkably smooth, says Green. “We started off with a pilot, and we just took a sample group of users. The main issue was connectivity, so we worked very closely with Cato to tweak the experience and the performance—looking at latency levels between Points of Presence from our locations to the Cato network,” he explains. “It was a very straightforward deployment: simply a case of standing up a client on an endpoint, getting some physical hardware at our current sites, and then working on the configuration. We made sure there was segregation between policies, workers and work streams, set up routing rules, and then it was a case of learning as we go.”
A key capability which CloudFactory had written into its contract with the SASE vendor was device posturing, which the firm subsequently rolled out to enhance security. This ensures that any user logging onto the firm’s global, private network must first meet various criteria, such as having the latest patches applied and an updated AV client running. CloudFactory has since layered on extra security with extended detection and response (XDR) to check for suspicious network activity, which AV may not pick up. And web filtering and application monitoring to further reduce the attack surface, says Green.
Building confidence and trust
Today, the SASE platform supports CloudFactory offices in the UK, US, Nepal, Kenya and Colombia, as well as thousands of remote workers around the world. It means these employees can connect to the network from a nearby Point of Presence wherever they are, with minimal latency. Meanwhile, Green and his team benefit from centralised visibility and control, just as they would if it were a simple corporate network.
“Regardless of where we are in the world, it’s our gateway. It’s where we go to connect to stuff, which is immense. And the beauty of that is the scalability. If we want to stand up offices immediately in Colombia or the US, we can just do that,” he explains. “At a very base level, the user will just need the client. They connect in, inherit all of our security controls and policies, and away they go. And then within that, we get ISP-level control. We can see where they’re connecting from and what they’re doing. We can put policies in place to block onward access to protect them. And we can see rogue behaviour, like shadow AI.”
The outsourcing of network maintenance and management has also lifted a weight from the shoulders of the three-strong network team at CloudFactory, reducing the risk of human error. This, in turn, helps the business to reassure customers, as it removes “single points of failure in terms of knowledge” and means the SASE vendor is there to support where needed.
Support also comes from a built-in AI assistant, which flags potential risks and tasks to add to the to-do list, and explains XDR alerts in plain English to the SecOps team, says Green. “It’s almost like having a peer on your shoulder constantly looking at the configuration and then advising on areas in which there are weaknesses,” he adds. “And then you’ve got a really high-level report that you can pull out of the platform to present to the exec team.”
The cumulative impact of all this innovation has been not just to improve CloudFactory’s quality of service, but also to build long-term trust with clients, through SLAs and documentation detailing the extra controls, standards and policies that are now in place.
“After five years, there is a general level of confidence and comfort from our clients in all of these capabilities,” Green concludes. “Where we are now from where we were at the beginning is night and day.”
Read more: TUI staff were drowning in HR processes. Here’s how they resurfaced.
