An exemplary model of a nimble, modern retailer, Wireless Express sells communications devices and services throughout Ontario. Its store count has doubled over a period of just a few months and continues on a steep growth curve. The company relies exclusively on hosted services for point-of-sale, credit checks, service activation and other critical business operations. Hundreds of in-store PCs need direct-to-Internet connectivity, but also require protection from threats and viruses that could impact the continuity of retail operations. For that, Wireless Express relies on WatchGuard unified threat management (UTM) appliances and Accara IT Services, a local total service solutions integrator.
Wireless Express attracts employees who are tech-savvy, but not necessarily tech-sophisticated. That led to trouble as employees were routinely visiting suspect websites, falling for bogus virus alerts and other forms of social engineering, and introducing malware onto company PCs. As many as four or five times a month, IT would have to deal with an infected machine.
"At the time, we were running about 13 stores, and we didn't have a system for imaging the machines," recalls Justin Brake, Manager of IT Services. "So it was old-school manual manipulation - reformat, manually reinstall the OS and all the applications. Add up the time to do that, plus the shipping, the loss of a workstation, and the loss of business from a store operating on one computer instead of two and we were losing thousands and thousands of dollars a month."
Finally, there was a tipping point. "While I was at the CES convention, I got a phone call from one of the stores that their Internet was slow and the point-of-sale system was at a dead crawl. Then I got another phone call, and the bells started to go off. A mail worm had hit and was starting to spread. I was at a vendor's booth, using his computer to telnet into my routers and monitor packet traffic from each store, one-by-one. That was the make or break event for me."
Brake set to work replacing the existing Netopia routers. "For awhile we were reviewing some Cisco products, but we were looking at multiple boxes and multiple investments," he says. "From an administrative, financing, and licensing standpoint, we made the decision to go with WatchGuard because one appliance would give us all the security, control, reporting, and visibility we needed."
Wireless Express installed a WatchGuard Firebox® X Core™ 1250e at corporate headquarters, and WatchGuard Firebox X Edge devices at the retail stores. Currently Brake has deployed approximately 60 Edge devices in all, a mixture of X10e-W and X20e-W units. All are running full UTM bundles with WebBlocker, spamBlocker, and Gateway AV/IPS which includes antivirus, antispyware, and intrusion prevention.
"Right off the bat WatchGuard solved 90% of my problems," recalls Brake. "It kept our sales reps off of problematic websites, which definitely cut down on the number of computer rebuilds and cleanups. And we were able to do it right at the switch, rather than on a PC-by-PC basis."
For the most part, Brake is running a standard configuration and the WatchGuard appliances require little management. That's important because he and his partner are the entire IT team. "We set the WatchGuard devices up and they run themselves," he declares. "Because the product is as good as it is, we can focus on all the other issues, and let the appliances do what they're designed to do."
However, he takes a more hands-on approach with WebBlocker policies because, as he said, "We're trying to limit the possibilities that a workstation can become corrupt and the amount of PC rebuilds that we have to do. With the policy-based headers, we're able to automatically block everything that's considered adult content, crime sites, personals, dating, job search. We also block things like Facebook and Kijiji, which was always a big one in our retail stores. The staff for some reason was spending hours and hours searching through Kijiji.
"We locked things down really tight at first, but we've had to be flexible. If you have reps doing corporate sales, you can't lock things down so tight they can't access a company's site to get a directory of people." And Brake has definitely received some pushback. One of the stores set up a scrolling marquee screensaver and when Brake accessed it via remote desktop, he was greeted by the words "Bring Back Facebook!" When some of the locations started pushing the idea of using FaceBook as a viable marketing channel for the stores, Brake unblocked it on a test basis. As he explains, "We're trying to find the best of both worlds, to understand where the sales reps need to go, and still keep us protected. I'll always consider exceptions. We will generally never turn down an idea."
The wireless capability built into the WatchGuard units, while not originally a key consideration, turned out to be an ideal fit for Wireless Express. "With the launch of the iPhone in Canada, one of our dealer requirements is that if there isn't a full 3G network in the area, that we have a hot spot in-store to demo the iPhone and download applications. Of course, the risk is, how do I offer a public hotspot without giving access to my LAN? The WatchGuard product gives us that option, with the ability to separate our local Wi-Fi from our public Wi-Fi."
Plus, at some of the mall locations, occasionally local businesses and community organizations conduct events on a temporary basis and need Internet access. Brake is able to offer them separate, secured Wi-Fi which not only builds public relations, but also business relationships. "It helps us to help the community." he says. "We've had a number of people come in and buy phones from us afterward, just because we were able to help them out."
Over a highly active span of just three months, Wireless Express jumped from 21 stores to more than 50. A business model that relies on hosted services, secured and enabled through WatchGuard, has been key to the expansion. As Brake explains, "We've done a good job of outsourcing. We're not in the business of trying to run a data firm, dealing with redundancy and high availability. We much prefer to spend our time focusing on sales and support for our stores, to make sure that the money coming in at the storefront continues to come in.
"The WatchGuard product is basically the protective layer that I drop in. It does the things I need done, and it does them well. Without having to constantly monitor and visually maintain them, the WatchGuard devices make sure that everything and everyone is doing what they're supposed to do."