Cable TV and telecommunications provider Virgin Media is the product of a number of acquisitions and mergers, most famously that of NTL and Telewest in 2007. Naturally, its legacy IT estate is therefore a chimera of systems and software.
This caused a number of difficulties as the organisations integrated. One particularly pressing issue was the diversity of security protocols governing the firewalls of each constituent organisation.
According to corporate network manager Colin Miles, this issue degraded application performance as transactions were forced through a bloated and often redundant set of security checks. “Third parties such as our outsourced call centres would be unable to get to the systems,” Miles recalls. “It caused real impact across the entire company.” It fell to the IT staff to correct issues manually, often out of office hours, he adds.
Virgin Media’s solution was to apply a ‘security lifecycle management’ tool from Tufin Technology. Within a day of deploying the Israeli vendor’s SecureTrack appliance, it had identified a single firewall rule out of 650 that was absorbing about 10% of CPU power.
After this success, Virgin Media made the decision to roll out the Tufin tool across its entire firewall estate. In the course of 2009, Miles says, the company successfully reduced the number of exceptions on one of its largest firewall clusters from 750 to approximately 500, while smaller clusters fell from about 150 to as low as 25.
As a result, he claims, his IT staff have freed up about 30% of their time to work on other projects. Despite this, Miles insists that so far they have only addressed “the pinch points” and there is more work to be done.
Miles reports that the freeing up his engineers’ time has allowed the IT department to focus on improving its service to the business. “When you’re faced with constant failures all around your architecture, it doesn’t provide you with any time because keeping the lights on always has to come first,” Miles concludes. “Now all of a sudden we’re not fire fighting anymore. We can spend our time proactively moving forward.”