This is no ordinary social enterprise, so its IT cybersecurity needs (and consequences of data breaches) are also not ordinary.
For those who do not know what a social enterprise is—such private organizations are defined as profit-driven businesses that prioritize a set of declared objectives to benefit society and the environment.
Some social enterprises are actually cooperatives, except that they are also regulated by governments, such as the National Trades Union Congress (NTUC) Enterprise in Singapore, which created this unique business genre that marries labor unions with governmental support.
With over several hundred business locations across the island, NTUC Enterprise operates a roaring trade including supermarkets, food courts, childcare centers, education centers, nursing homes and a property management arm.
IT in well-funded social enterprise
While most social enterprises are small startups, NTUC Enterprise is a different creature. Due to its diverse range of businesses, NTUC Enterprise has had a centralized IT infrastructure throughout the years. Traditionally, its branches are connected back to its data center where the security of the network is managed.
This hub-and-spoke model worked well in the past as it placed command and control at the data center. The aim had always been to protect the entire network from external threats, and cybersecurity defenses were focused on the IT headquarters.
In the past, every time a new branch was set up, NTUC Enterprise would provision a private leased line or MPLS connection to connect back to the IT data center. To gain access to the Internet, users at each branch would connect back to the IT data center before ‘going out’ to the Internet.
The old network architecture worked well when applications were hosted centrally at the data center. However, with the adoption of cloud-based applications such as Google Workspace and the rapid adoption of the public cloud infrastructure, bandwidth demands at the branches had grown exponentially.
In addition, the legacy hub-and-spoke model meant that branches were protected against external threats but internal traffic between branches were not well-secured. A security breach at one branch could end up compromising other branches. Malware such as ransomware that spread laterally would be a serious threat.
Cybercrooks recognize no social enterprise
Since cybercriminals do not differentiate between large organizations that do good or large organizations that are as profit-oriented as themselves, NTUC Enterprise took the due diligence to install IT security appliances and firewalls piecemeal at the branches. However, the exercise was driving up costs and making centralized IT security management more complex to manage.
According to the firm’s Chief Technology Officer, Ian Loe, the traditional IT architecture needed a complete revamp: “With the exponential increase in bandwidth at the edge and the constantly evolving cybersecurity threats, we needed to have a dramatic shift in the way we look at IT. Security can no longer be an afterthought but must be built into the very heart of our IT plumbing.”
In designing the revamp, Loe dictated the following ‘Secure by Design’ network that:
- calable: Every time a new location is opened and connected to the infrastructure, it will be fully integrated and as secure as the main infrastructure. The latter is designed to be intelligent enough to automatically scan and remove all malicious data traffic going through it at all times.
- Efficient: It will offer faster access speeds and a 10x bandwidth increase over the previous system, and will make use of Singapore’s cost-effective next-gen national broadband network (NGNBN) for connectivity for scalability as bandwidth continues to grow. This will enable the firm to scale up without exponential increases in costs for selected locations or sites where using traditional private leased lines and MPLS connections would not be cost-efficient.
- Easy to manage: the new IT architecture will protect the expanding network against internal and external security threats as well as facilitate easy management of its entire IT network. This increases productivity and allows the IT team to spend more time on higher-value work such as analyzing network patterns and implementing new strategies.
Loe added: “We used to manage the network security of our branches in silos. Now with the network connected to a security core, we can manage the entire IT system from a single pane of glass.”
If you got it, use it
Not every country in the region has the resources and small size to justify a next-gen national fiber broadband network. However, since it exists, a government-linked social enterprise will take full advantage.
In order to satisfy the Secure-by-Design infrastructure envision, the cooperative worked with regional telecommunications and cybersecurity service provider ViewQwest, which leverages on the NGNBN for its business.
By using the widely-available NGNBN fiber instead of the traditional and more costly private leased lines and MPLS connections, NTUC enterprise can add new connections as its business expands and revamps to meet the evolving needs of the nation in the pandemic era.
Instead of setting up firewalls at the edge, the revamped NTUC Enterprise network can support its school campuses and food court outlets with a cybersecurity core that can be managed from a single dashboard from anywhere. This is due to ViewQwest’s own partnership with cybersecurity firm Palo Alto Networks to incorporate the latest and most advanced cybersecurity technology into the revamped infrastructure. The system automatically scans all data traffic that flows within the network, weeding out malicious packets that can potentially harm the network.
According to Vignesa Moorthy, ViewQwest’s CEO: “The world of IT security has changed dramatically. Legacy tech and architecture are now obsolete. Enterprises must reinvent and adapt to new technology to stay relevant, secure and agile in the ever-evolving digital age. In the new world, the data center no longer needs to be the center of the universe. Our customers’ IT networks are secure by design. They do not need to keep adding firewalls at every new branch to protect it. The network itself is already secured from the ground up.”