Headquartered in Rome, Ministry of the Interior is responsible for safety, immigration, elections and public emergency services. The ministry’s web portals provide important online services and information for Italian citizens. The IT organization within the ministry supports approximately 23,000 government employees, as well as roughly 50,000 indirect users of its services.
As a public high-profile set of government services, the web portals and backend web applications of Ministry of the Interior are a target for hackers and other malicious groups. “Denial of service attacks impact the image of our ministry, especially if an attack happens during an election when everyone looks to our website for up-to-date information,” says Stefano Plantemoli, the ministry’s IT network and security manager. To protect its infrastructure from attack and maintain the trust of its citizens, the ministry’s IT organization opted to deploy an additional layer of defense before launching a new online payment system for citizens.
To add a new layer of defense, Citrix proposed that the ministry replace its aging load-balancing equipment with Citrix ADC SDX appliances. Citrix ADC SDX combines both a web application firewall and an application delivery controller to optimize, secure and control the delivery of applications. During a production proof of concept for the proposed solution, the ministry’s IT team turned off its intrusion prevention system to test the security capabilities of the new appliance. Citrix ADC SDX detected a serious threat to the ministry website, protecting the web application and enabling it to continue running without interruption.
Based on this successful demonstration, the ministry obtained the budget to replace its load-balancing equipment with Citrix ADC SDX and engaged Citrix Consulting to help deploy the new appliances. “Citrix ADC SDX offers a tremendous advantage for us because it provides networking, load balancing and web application security all in one appliance,” says Plantemoli. “We are particularly impressed by Citrix ADC’s ability to balance the database load depending on the content of SQL queries.” Today the ministry relies on Citrix ADC SDX to secure and provide access to more than 25 different applications and databases.
As part of the ministry’s defense-in-depth security strategy, Citrix ADC SDX adds a layer of protection that helps block attacks on the ministry’s web portals and backend web applications—threats that other security products might miss. “By protecting our portals at the application level, Citrix ADC provides much better defense against complex attacks,” says Plantemoli. “It gives us greater protection to keep our online services available to citizens and protected from attack.”
Now that Citrix ADC SDX is in place, the ministry’s IT team has the confidence in its security strategy to deploy a new online public entry-exam system for state-level employment, knowing that a sophisticated set of cyberdefenses will protect it. “With Citrix ADC, we can maintain the integrity of the system against attempted attack and fraud,” says Plantemoli. “This is critical because we serve more than 500,000 job candidates and they need to feel secure about using the system.”
Before the ministry replaced its load-balancing equipment, the IT team’s main focus was to boost network performance, which maxed out at 300 to 400 connections per second. Today, Citrix ADC SDX easily supports thousands of connections per second, making performance no longer a problem. “We used Citrix ADC on Election Day and the result was fantastic despite the very heavy traffic,” says Plantemoli. At the same time, the ministry’s IT staff gained improved manageability with the new Citrix appliances. “Citrix ADC administration is very easy and we can deploy new services extremely quickly,” says Plantemoli. The Citrix ADC SDX implementation has also allowed the ministry to consolidate hardware, saving the government approximately €30,000 ($33,000) in annual costs.
With the success of its Citrix ADC SDX deployment, the IT team is focused on several important new projects including datacenter consolidation, application virtualization and mobility—all of which feature Citrix as a technology partner. “We plan to consolidate at least two datacenters from other departments, and as many as five datacenters altogether into one datacenter,” says Plantemoli. “Citrix ADC will definitely be the standard for the new datacenter going forward, allowing us to grow and offer new services, including an online payment system and remote access to virtual applications.”