Case Study

Turkcell Global Bilgi construct a secure, software-defined data centre infrastructure with Palo Alto Networks

RESULTS

50%

reduction in network security management resources

70%

decrease in deployment time

Increased

incident response times

In brief

Customer

Turkcell Global Bilgi

Services

Contact centre CX services

Country

Istanbul, Turkey

Industry

Communications

Organisation Size

15,000 employees across 19 locations in Turkey and Ukraine

Challenges

During the pandemic, enable 14,000 agents to be able to work from home. Safely enable customer experience applications at Turkey’s largest CX provider. Bring visibility, control, and protection to CX applications running on VMware vSphere/NSX-T data centre environment.

Requirements

  • Secure, flexible SDDC infrastructure.
  • Protect east-west and north-south traffic.
  • Automate security processes in the virtual environment.
  • Ensure security keeps pace with speed of server provisioning.

Solution

Palo Alto Networks VM-Series Virtual Next-Generation Firewalls for VMware vSphere and NSX-T cloud environments, Panorama, GlobalProtect, and Cloud-Delivered Security Services – including Threat Prevention.
Introduction

Turkcell Global Bilgi, Turkey’s leading digital customer experience (CX) centre, are building for the future with Palo Alto Networks. When 14,000 Turkcell Global Bilgi agents needed to switch to working from home in the COVID-19 pandemic, the company deployed Palo Alto Networks Next-Generation Firewalls – and the GlobalProtect network security client for endpoints – in just a few days. Now, by using Palo Alto Networks VM-Series virtual firewalls to safeguard their VMware NSX-T dual-site software-defined data centre (SDDC) investment, they are reducing the attack surface and reaping the rewards of new efficiencies.

CHALLENGES

Turkey’s leading customer experience operator

Founded in 1999 as a Turkcell Group company, Turkcell Global Bilgi is Turkey’s leading customer experience (CX) centre. With a rich heritage in the telecommunications industry, Turkcell Global Bilgi now provides call centre and digital services to finance, e-commerce, retail, aviation, and other sectors. The organisation has 15,000 employees and 19 locations – 15 in Turkey and four in Ukraine.

Turkcell Global Bilgi has been a Palo Alto Networks customer for more than five years, initially deployed Palo Alto Networks ML-Powered Next-Generation Firewalls (NGFW) PA-Series hardware to safely enable network security and their CX applications. The hardware’s intelligent and proactive features such as zero-day signatures – and machine learning (ML) algorithms embedded in its firewall code, allowed Turkcell Global Bilgi to detect threats across multiple fronts.

Palo Alto Networks also helped the company react immediately to COVID-19. Turkcell Global Bilgi were already using the GlobalProtect network security client for endpoints to provide flexible, secure remote access for users. It was thanks to GlobalProtect and NGFWs that, when the pandemic struck, the company were able to switch almost 14,000 call centre agents to work-from-home (WFH) operations in just 10 days.

Now, Turkcell Global Bilgi are moving to the next phase of cybersecurity agility to be secure in any environment. A state-of-the-art, dual-site data centre infrastructure has been created to enable failover and business continuity in the event of a potential disaster. Instead of the data centre network being tied solely to physical hardware, it now uses VMware NSX-T to deliver a new software-defined networking operational model, forming the foundation of the SDDC.

The challenge for Turkcell Global Bilgi was to bring visibility, control, and protection to the CX applications running on the VMware NSX-T data centre environment. Each data centre has approximately 60 hosts, so Turkcell Global Bilgi were looking to secure internal traffic across a total of 120 hosts.

"Securing virtualised networks is more difficult than ever. Segmentation is a powerful security tactic, but we needed something additional to control traffic between segments and detect and respond to threats within that traffic."

– Hakan Kendirci

CIO, Turkcell Global Bilgi

REQUIREMENTS

Top priorities for safeguarding the state-of-the-art, software-defined data centre

Turkcell Global Bilgi identified that, in order to secure their CX applications deployed in the VMware NSX-T data centre, the solution would be required to:

  • Construct a secure, flexible SDDC infrastructure.
  • Protect and secure east-west and north-south internet perimeter traffic.
  • Eliminate manual, process-intensive networking configurations to deploy security in a virtual environment.
  • Ensure security keeps pace with speed of server provisioning.
SOLUTION

VM-Series comprehensively secures applications in the VMware NSX-T data centre

To build on their success with GlobalProtect and the PA-Series ML-Powered NGFWs, Turkcell Global Bilgi decided to deploy VM-Series virtual firewalls to secure their dual-site SDDC rollout. The virtualised NGFWs leverage underlying VMware vSphere and NSX-T data centre resources and functionality to integrate into the application traffic flow and protect segmented workloads that often need to communicate with each other.

Berkan Sert, Network Infrastructure Manager at Turkcell Global Bilgi explains the reasoning behind deploying the virtualised NGFWs: “Although VMware NSX-T provides a solid foundation for securing virtualised environments, it only solves some of our network security puzzles. In addition, some regulations – such as the PCI credit card payment – call for stricter security measures than NSX-T can deliver natively.”

"The Palo Alto Networks virtual firewalls let us inspect traffic between virtual local area networks for example. It also strengthens our security across the data centre and creates trust boundaries between our physical, virtual, and public cloud workloads."

– Berkan Sert

Network Infrastructure Manager, Turkcell Global Bilgi

The VM-Series virtual firewalls also provide Turkcell Global Bilgi with integrated Cloud-Delivered Security Services – such as Threat Prevention and exfiltration prevention. These services identify and block exploits, stop malware, and prevent previously unknown threats from infecting sensitive information and critical systems.

Palo Alto Networks Panorama network security management brings it all together, providing Murat Karaaslan, Network Security Planning Principal at Turkcell Global Bilgi, and his team with a centralised and comprehensive view of Global Bilgi’s entire network security posture, spanning the on-premises infrastructure and virtualised environments. For example, Panorama simplifies the creation of traffic steering rules within NSX-T Manager and ensures security configurations are synchronised with NSX-T Manager for consistent security.

"Panorama is vital in providing centralised management of our entire network security posture, covering our on premises infrastructure, virtualised environments, and public clouds. For instance, the NSX plugin for Panorama ensures simple deployment of new VM-Series firewalls in the NSX-T environments."

– Muharrem Bozkuş

Infrastructure and Operation Associate Director, Turkcell Global Bilgi

BENEFITS

Network security resources reduced by 50%

Berkan Sert lists several benefits of deploying the virtualised NGFWs and accompanying cloud-delivered security services, which:

  • Reduce attack surface: By enforcing trust boundaries around sensitive data and applications, segmentation prevents threats from freely moving east-west within the Turkcell Global Bilgi infrastructure. Microsegmentation extends this concept to the individual workload level so that only communications between workloads within a trust zone are permitted.
  • Detect threats more easily and enable faster response: Advanced Threat Prevention secures traffic moving between trust zones, especially zones with different levels of trust. The IPS helps the team monitor for malicious traffic to ensure only known, acceptable services are running. When malicious signatures are detected, the IPS takes corrective action.
  • Increase productivity: By automating security processes, the team works faster and smarter. For example, the Turkcell Global Bilgi security team estimates that the VM-Series firewalls and Panorama cut 70% of the time needed for security deployment and management and reduce the need for hands-on network security management by 50%. The VM-Series firewalls integrate seamlessly into VMware NSX-T for simple, automated firewall deployment, which further saves time and effort.
  • Drive agility and efficiency: Muharrem Bozkuş comments: “We have gained significant efficiency and autonomy. We have taken our incident response times to a very efficient and proactive level thanks to these gains. Solving the problem before it happens is always our priority.”

"With VM-Series virtual firewalls and Panorama in the VMware NSX-T environment, we are eliminating many manual operations. Using tagging instead of manual rules, for instance, we can implement policies autonomously on all hosts within a few minutes."

– Hakan Kendirci

CIO, Turkcell Global Bilgi

Find out how your organisation can find more security efficacy across clouds and virtual environments here. Or simply sign up for a personalised demo to see how you can get best-in-class virtualised network security up and running fast.

Follow the links to learn more about Palo Alto Networks Next-Generation Firewalls, VM-Series Virtual Next-Generation Firewalls, Panorama, and Cloud-Delivered Security Services.