Customer Stories

Fast Food Chain Secures Hybrid Workforce with FortiSASE

By Courtney Radke and Satish Madiraju | August 29, 2022

Just behind first responders and healthcare workers, retailers have emerged as heroes of the COVID pandemic. They have provided essential goods and services as well as income-producing employment, doing whatever it takes to keep their doors open. In many cases, that has meant enabling remote or hybrid work for back-office and corporate employees. But securing remote access to networked resources has not been easy.

Securing a Growing Hybrid Workforce

For one fast-food chain, new cybersecurity insurance requirements posed a particular challenge. When the chain allowed its office employees to work from home, taking their business laptops with them, the insurer required the deployment of monitored web protection for all the devices.

For a retail chain with razor-thin margins, this was no trivial matter. As it was, the IT budget was tight, and staff were already engaged in migrating to the Azure cloud, where they had to secure and manage access to Microsoft 365 and other applications. In addition, the fast-food chain was about to decommission and replace its legacy VPN solution, which provided secure remote access to public and private cloud resources, as well as those in a local data center.

What the IT team realized, both from the hybrid work situation and the cloud migration project, was that secure access could no longer be based on the location of the user or the application. In fact, they could assume very little about the security of the user, the laptop, the access location, or the paths through which data traveled. The fast-food chain now had to approach secure access from a stance of zero trust. This meant providing least-privilege access by default, and enabling employees to access only the applications they needed for their role, and only after verifying the current security status of their laptops.

It turned out that the fast-food chain could meet all its requirements—with a single unified agent for endpoint protection, zero-trust network access (ZTNA) and redirecting traffic to FortiSASE for cloud-delivered security. 

"With the FortiClient Fabric Agent running on their laptops, remote employees can connect securely to their networked resources through a FortiSASE point-of-presence, using encrypted tunnels."

Combined Network and Security Solution

FortiSASE is Fortinet’s Secure Access Service Edge (SASE) solution. It combines Firewall-as-a-Service (FWaaS), a secure web gateway (SWG), ZTNA, and a suite of threat protection services in the cloud.  With FortiSASE, the fast-food chain’s IT team can monitor all the remote endpoints from a single dashboard and enforce consistent security policies, regardless of the users’ locations.

With the FortiClient Fabric Agent running on their laptops, remote employees can connect securely to their networked resources through a FortiSASE point-of-presence, using encrypted tunnels. Every time a user connects to the network, FortiClient reports to FortiSASE on the security status of the laptop, its firmware version, and the applications it is running. That way, FortiSASE can make access permission decisions in the context of the user’s current security posture.

What made Fortinet the easy choice for the fast-food chain, compared to other solutions it considered, was the fact that FortiClient could serve simultaneously as an endpoint protection agent, a ZTNA agent, and as a means to redirect traffic to the SASE network. The Fortinet solution also automatically supported the two-factor authentication services the company was already using for Microsoft 365 and the Azure cloud.

The integrated functionality and centralized management greatly minimized operational complexity for the fast-food chain. Combined with its cost-effective tiered licensing model, the FortiSASE solution paved the way for the chain to scale its hybrid workforce to support its footprint expansion across the country.

Learn how FortiSASE brings together the best in visibility, security, and orchestrated policy control for secure internet access to users anywhere, regardless of their location.