Carlsberg, the third largest brewer in the world chose Cato Networks to deploy single-vendor SASE to transform its global network and security infrastructure. The Cato deployment will span 200+ locations and 25,000 remote users worldwide. Instead of security appliances, Carlsberg will rely on Cato’s cloud-native security capabilities, including SWG, CASB, DLP, ZTNA, FWaaS, IPS, and NGAM.
“We were looking to move from several regional service providers with fragmented technical solutions to one integrated network and security stack with an end-to-end managed service,” says Laurent Gaertner, Global Director of Networks at the Carlsberg Group. “The Cato SASE Cloud and service offering perfectly matched our requirements.”
“The same challenges faced by Carlsberg — optimal security posture, improved global performance, and enhanced business agility everywhere — confront enterprises worldwide every day,” says Shlomo Kramer, co-founder and CEO of Cato Networks. “Cato was explicitly built to help companies of all sizes meet those needs. We’re excited to work with Carlsberg and see their adoption of Cato as just the latest evidence that large enterprises can best meet today’s security and networking challenges with a single-vendor SASE cloud platform.”
Legacy Network Leads to Security Risks and Application Disruptions
Established in 1847, the Carlsberg Group is the world’s third largest brewer with $10.6B in revenue spanning over 140 brands. Carlsberg’s network connects 200+ sites across Western & Central Europe and the Asia regions.
The legacy network, built from different regional point solutions and technologies, proved to be challenging to manage for Carlsberg. Opening new locations took too long. VPN performance in to China was a problem. And across regions, the Internet-based SD-WAN connecting locations was unsuitable for the company’s VoIP and fully utilising all Microsoft Office 365 features. “We had to retain MPLS just to ensure proper voice quality,” says Gaertner. “And with Microsoft Teams, it doesn’t take a lot of latency for the application collaboration features to become unusable.”
The mix of appliances also created security problems. With multiple firewall appliances, visibility was fragmented. Multiple sets of security policies had to be maintained, which increased complexity and risk. Carlsberg’s Cyber Security Group wanted zero-trust to be implemented consistently, which also wasn’t possible with the legacy network.
Legacy Network Problems Led to Strategic IT Challenges
From a strategic perspective, building the legacy network from different providers and technologies prevented IT from delivering consistent service levels worldwide. “Some users would receive higher availability and others better capabilities, but we couldn’t bring it all together to create an à la carte set of services that could apply to any office anywhere and facilitate our global IT development,” says Gaertner.
Day-to-day management was also compromised. Change requests took too long in part because of the different management interfaces, which complicated problem identification and resolution. Coordinating the different layers of the solution with different service providers became a real challenge.
Carlsberg Assesses Single-vendor SASE, Entrusts Cato with its Global Infrastructure
To address those problems, the company began looking for a single, global SASE solution. After an extensive evaluation of six SASE approaches, Carlsberg selected Cato.
Cato’s rich security capabilities meant Carlberg would have one platform and one security policy worldwide protecting all edges — sites with SD-WAN devices, the cloud with native cloud connectivity, and mobile users running the Cato Client. “The Cato security features are a significant step ahead in our Zero Trust implementation strategy and the future innovation will bring us even further,” says Tal Arad, Vice President of Global Security & Technology at Carlsberg.
The Cato global private backbone underlying Cato SASE Cloud also met Carlsberg’s performance requirements globally. As such, Carlsberg expects to eliminate the remaining MPLS, relying on Cato for VoIP, ERP, and the rest of its applications.