CalPERS Adopts a More Secure Networking ApproachBy Samuel Greengard | Posted 2016-09-23 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
The California Public Employees' Retirement System deployed a system with full visibility of physical and virtual networks, boosting performance and security.
At the California Public Employee Retirement System (CalPERS), the stakes are exceptionally high. The entity manages pension and health benefits for more than 1.85 million public employees, retirees and their families in the state. It currently administers more than $13.8 billion in employer and employee contributions.
In the past, the organization had data spread across more than 40 internal systems. It also had an old homegrown software system in place to oversee key elements of administration. "We lacked necessary visibility over the network," states Sonny Ali, lead network engineer for CalPERS.
So, about three-and-a-half years ago, the organization began a migration to a more modern platform and portal called my|CalPERS. It allows employees to manage their assets and conduct retirement calculations online.
At that time, CalPERS installed a network monitoring tool to keep an eye on activity and avoid security breaches. However, "When we started looking for a way to monitor the performance of the network and the applications as a whole, we realized a big gap existed," Ali explains. "We needed to have the ability to do a deep dive under the wire to see where things were less than ideal in terms of performance."
Delivering a Full View of Physical and Virtual Networks
As a result, the organization began exploring how it could address the challenge and build a better operating environment. After surveying the vendor landscape and comparing different products and approaches, it turned to a Gigamon Security Delivery Platform in 2012. The system delivers a complete view of physical and virtual networks, along with scalable metadata extraction for improved forensics, as well as the ability to encrypt and isolate traffic for threat detection.
With it, "We were suddenly able to achieve full visibility for transactions at the server level and the network level," Ali notes. "We were able to record sessions and take a deep dive into performance issues."
What's more, the solutions deliver a level of scalability that allows the organization to monitor and manage the network as traffic continues to grow. Ali says that, among other things, CalPERS can play back transactions from start to finish in order to view problems and fine-tune applications and improve security.
The organization can also view network activity across all of its locations. As the organization migrates to software defined networking (SDN) inside its data center, the benefits are magnified, Ali says.
Ultimately, he reports that the initiative has saved CalPERS money, improved efficiency and boosted security. "In the past, we had times when an employee would spend 30 minutes troubleshooting a problem or threat," he recalls. "Now, we have the ability to identify the issue or problem in real time and take action immediately."
Moreover, Ali says that the IT staff can make sense of issues that in the past flew below the radar. "We previously had multiple streams of data that we were attempting to troubleshoot," he explains. "Once we implemented a deduplicator, we were able to stitch together data quickly and diagnose the problem. That was a significant pain point that no longer exists."