Giving West Midlands Trains a smarter, more secure connection

With a Zscaler solution, it’s easier to keep its teams secure and offer them the connectivity that they need.

Overview
West Midlands Trains (WMT) is responsible for 1,300 services a day, getting 200,000 passengers from A to B. The routes run across Shropshire, Staffordshire and Warwickshire, with services extending down to London and up to Liverpool. It’s a franchise of the Abellio UK, a major transport operating group that runs transport links across the country – which is part of the global Abellio Group.

Keeping everything at WMT running smoothly takes a big team – more than 2,800 people, in fact. It’s vital that workers can collaborate from any of their locations, without fear of compromising security. For example, drivers need to access route maps, rule books, rosters and other useful information supports their daily roles. Platform staff need information on delays, platforms and more to ensure they can help passengers get where they need to go. Across the business, from the train depots to the offices, WMT teams need secure access to business applications, social media, webmail, Office 365 and more.

When sister company, Greater Anglia Trains, made the switch to cloud-based security, WMT saw this as an opportunity to follow suit. They needed a system that would keep their services running efficiently, while also increasing security. Zscaler’s Internet Access Transformation bundle provided the solution.
We strive to be a railway that exceeds our customers’ expectations every time, providing reliable journeys. If our employees can do their jobs effectively, they can focus on giving our passengers the journey they expect.”

Steve RobertsHead of IT, West Midlands Trains

The challenge
A train company needs to get passengers where they want to go without delay. To do that, it needs to be free from cyber-threats. Shielded from malware, phishing scams and any other threats that could disrupt the connectivity of the business and stop the teams doing their jobs properly. Especially when they’re providing a critical transportation service to the UK.

The team at WMT had security in place, which filtered internet content according to white and blacklists. Any uncategorised websites, such as new domains, were blocked automatically. Although this went some way to protecting the company, it wasn’t perfect. For example, if the marketing department needed to use a new business service, it could take up to 48 hours to get a page unlocked. In an industry where time is everything, this was a real problem.

They also had challenges with business apps. The team are big Office 365 users, but because Microsoft regularly changes URLs and data centres, its cloud-based approach kept coming up against blocks from the content filters. Internet performance was suffering, and sites with low bandwidth were struggling to cope during busy times.

The existing security software only stretched so far. “The old system didn't factor in any of our fleet of smart devices,” explains Steve Roberts, head of IT at WMT. “And over two-thirds of the business use them, so a large proportion of our business was left exposed and vulnerable.”

WMT needed a system that could protect devices inside and outside its network, on desktops and smart devices. It had to give the team a better understanding of what users were connecting to, so they could give them the right protection.

But that’s not all. It also had to improve internet performance and give the team better bandwidth control. And, just as importantly, it had to be as simple as possible to use.
The solution
WMT’s sister company, Greater Anglia Trains, suggested Zscaler technology following its own successful switch to cloud-based security. They called us in; we sat down and established how they work and what they wanted to achieve. Armed with this knowledge, we felt that Zscaler’s Transformation Bundle would suit them down to the ground.

To prove it, we ran a month-long trial, so WMT could see the impact of a new system for themselves. We set up two groups: one went with Zscaler, the other stuck with the old platform. In the first week, the old platform went down for two days – while the Zscaler team kept working as normal. It was the perfect demo to showcase the business benefits of a really reliable system.

Once we’d got the green light to roll out Zscaler, we worked closely with WMT to make sure the transition was so seamless that people didn’t notice the change. According to Steve, “the first time people even knew about it was when they had instant access to things they couldn’t view before.”

The team has found the platform simple to use, and easy to control. They can make changes instantly, so 48-hour waits are a thing of the past. The system constantly monitors the websites employees visit, both inside and outside the network. It blocks anything that could be dangerous, and uses features like anti-virus protection and advanced threat detection to reduce the risk of cybercrime.

Managers also have greater visibility of what people are doing. The system alerts them when staff are trying to access something they shouldn’t. Rather than stifle the workers, this has helped the team roll out a wider internet policy that frees people up to work more efficiently.

And there’s more. The data gathered by the system helps them identify weaknesses in their network. So they can spot anything that needs fixing, before it becomes a problem.

And the Office 365 optimisation within Zscaler means the team are able to do some clever things to manage bandwidth across the business. So they can now give sites with low bandwidth more capacity during busy times, stopping a single location slowing everyone else down.

The result
The numbers speak for themselves. We catch up with WMT on a quarterly basis, to go over transactions processed, bandwidth use and bandwidth per user. As an example, this is what we did during one three-month period:

 390.8 Million transactions processed
 21.8 TB traffic (bandwidth) processed
 14.7 Million policy violations prevented
 86,021 security threats blocked
In the same three-month period, Zscaler also spotted and blocked 92,079 threats hidden in encrypted traffic.

The company is now embarking on a smart device rollout for the train drivers, and every new device has Zscaler by default. “I would absolutely recommend this solution to anybody who’s looking at replacing their internet cloud filtering solutions,” says Steve. The rollout has been so successful that another of WMT’s sister companies, ScotRail, has also signed up to use the same solution.

And that’s just the start. WMT are already looking at adding the cloud access service and the Zscaler API. And through our regular Zscaler Infrastructure Workshops, we’ll keep helping them get the most from their new system. So they can keep giving their customers the very best service.
BT’s approach was totally professional. They understood our business, the security landscape and exactly what we should be doing.”

Steve RobertsHead of IT, West Midlands Trains

107 Views 0 Likes Introduce me  Read More