From in the Dark to Seeing the Light: Complete Network Visibility at RAI Amsterdam

Imagine the power goes out. You’re bumbling around in the dark to find the light switch, only to find it doesn’t work. After minutes of crashing about the utility room, your hand finally grasps the flashlight. But how much can you see with a flashlight, really? It gives you only a small slice of the big picture. When the lights go out, it’s an annoyance. But constantly working in the dark in IT, like we were doing at RAI Amsterdam, is a big problem.

RAI Amsterdam is a convention and conference complex situated in the city’s Zuidas business district. We run more than 500 events a year, and that makes for a dynamic place to work. Every day is different, with a diversity of client types and attendee populations. Today, we might have a dog show, tomorrow a tech conference, and the day after that, a concert.

Every client has different needs, whether their event is for 300 people or 50,000, and it’s my job to ensure their IT needs are met. Every show can have its own special configuration in a network. We get many special requests and I then have to think about what is possible on our network, what we will have to buy for the event, and how expensive that will be for the customer.

Even for an event that might not have obvious IT needs—like a food fair—I have to consider the number of outlets for each booth and how the network will handle the large number of transactions. For an event like an IT convention, the team I work with will regularly run 15 kilometers of cable for that one event.

I work with an IT team of five to prepare for every event. Sometimes, if it’s a big setup, we will bring in outside help. But when it comes to ownership and responsibility for the network, it’s a very small team indeed: me, myself, and I. I’ve worked on the RAI network since 2003, first for a partner of RAI. Then, a few years ago, RAI hired me away from my old employer to not just operate the network, but take responsibility for it. 

In Desperate Need of Insights

In the past, I could never influence RAI’s network, since it was built to someone else’s specs. But now that I had ownership of the network, I knew the first problem we needed to address: We were flying blind. We needed to see what was happening on our network—and fast.

Imagine yourself my situation, if you can: Each day, your workplace might be flooded with 15,000 people, each of them connecting at least one device to your network, and you have no idea what they are doing. 

Even with our own 400-person office, I had questions with no answers available to me. Are employees spending their work hours watching movies on Netflix? Are they opening phishing emails? Are they possibly downloading malware? Until two years ago, we didn’t even know what we were missing.

The problem, of course, is that it made us reactive instead of proactive. When you can’t see the applications of every user, you can’t take steps to protect yourself. You can only fix the problem after the fact. Employees can download malware innocently enough. Guilty as charged, in my case.

A while back, I needed to burn an image onto a USB stick, so I installed a little program. And of course there was malware hidden in that application. If it can happen to me, it can happen to anyone on our network. That’s why we desperately needed a security solution.  

Finding a Flexible and Scalable Solution

RAI has a long-tenured partnership with Cisco. All of our main components are Cisco. Over the years, we’ve come to count on Cisco’s stability and reliability. For any network I run, I need it to be built on proven technology. Cisco has that high standard we can then deliver to our end users. Delivering the experience is the lifeblood of our business.

When searching for a solution that would give us insight into our network, the question then became about integration and interoperability with our Cisco systems, especially since we wanted to bring security to a higher level. Also, the purpose of this solution was to make things easier for me, so why make them harder? The obvious first choice to look to was Cisco solutions.

Two other big considerations were flexibility and scalability. In terms of flexibility, we need connectivity in every nook and cranny of the building—no black-out spots. Who knows what we’ll need to build in that isolated corner for one of our events? Connectivity is essential throughout. And for scalability: can we go from 300 users to 50,000 users on the WiFi in a matter of minutes? With Cisco Umbrella, paired with Firepower and the Cisco Catalyst 9000, we were promised just that. We started a pilot using Umbrella to monitor a small team of about 20 people. As soon as we turned the equipment on, I began seeing the light.

What a Difference Visibility Makes

We aren’t all the way yet, but even just a small pilot has given me insight into what’s happening on my network and where the possible leakages are. I can see who’s watching Netflix, or who's using websites that have no business relevance.  Honestly, if their managers don’t mind, I don’t have a problem with it even if it does use a lot of data. But I did post a little joke on RAI’s internal website: “I know what you are doing” That awareness that someone is looking over their shoulder has resulted in far less use of certain apps from what we first saw a year ago.

The big difference from before is that we can now be proactive. I can see the applications of every user, and can say to a colleague, “These two are not secure applications. Please don’t use them again. Here are some secure alternatives, so you can do the same work.” 

To go back to the example of me accidentally downloading a program with hidden malware, that actually happened during our Cisco AMP pilot. Luckily, AMP isolated every threat there was, and then alerted another department about what was happening on my laptop. In other words, it worked.

Another big challenge is getting basic security for our visitors and exhibitors. 

Since I can now pinpoint exactly what assets are doing on the network, I can go to a client and report what we’re protecting them against. As soon as I see a lot of suspicious traffic for a specific booth, I can report to them: “We’ve got a problem. I’ve noticed that there are three computers here trying to download torrents. Your devices are infected, and that’s why you’re experiencing slow internet speed.” 

We’ve had this reporting capability for the past year. It’s working. It matters, because these people are our customers. I’ll do everything I can to get that 10 out of 10 on customer satisfaction with RAI’s IT facilities. It’s easy now that we’re no longer bumbling around in the dark. 

Levelling Up Security with Automation

The next step my team wants to build is automation. We plan to turn our facility into a smart building: connecting the lights, being able to switch the heat on and off from a mobile device—integrating those parts of the office environment to make a building for everyone to enjoy. We can also automate the security, so as soon as a laptop is infected, it gets kicked out of the network.

Almost everything is in place to do that. We’re currently replacing some old hardware in the core of our network with the newest hardware, which will make the implementation that much easier. We of course have Cisco there to assist us. 

As soon as the new hardware is in place, we’ll kick off the automation to get our security to an even higher level. Now that the lights have come on and we can see what we’re doing, the future looks brighter and brighter. 

Who knows the wonderful events we’ll hold in the coming years. We’ll see smaller events and some bigger than anything we’ve run in the past. But one this is for sure: Our network will handle them all—and I’ll know what’s happening every step of the way.