Cammish says Zscaler has helped the firm manage the growing malware threat witnessed by the company. Last month 250,000,000 interactions with the internet were recorded. Of these, around 600,000 activities or transactions involved malware.
The rollout of the tools has been a success, Cammish contends, and helped address the risk the business faces. "We have been able to identify the flow of traffic, blocked all of this malware coming in, but we have also been able to see who is accessing what, what has been blocked, and it just allows us to tune our internet access."
He adds that it has aided central management of security protocols across the various parts of its operations: "The key benefit of having a web filtering technology is that we can segment our user based so we can have quite aggressive controls for people that just need to check the internet for basic information, for senior manager and executives we can have a different control regime.
"It is not one size fits all, we do have a black listing/white listing process where we can now manage centrally, whereas before we had no idea who was accessing what.
"I can sleep more easily at night knowing that we have put in a control protocol that is consistent."
It has not all been plain-sailing however. Cammish says that there was initial reluctance within the organisation when faced with new security measures.
"Because it was quite a quick rollout of the cloud service there was a lot of resistance and a lot of complaints in the early days. People were getting the Zscaler pop-up window, they were getting blocked out of sites that they were previously able to access. And it is fair to say when you are going though the roll out process you do need to fine tune the black list and white list.
"When people were blaming the product I actually intervened in some of these conversations and said I am usually quite accommodating, but I will make no apologies for what we are doing with Zscaler. My neck is on the line when it comes to cyber security, and we have a major cyber security breach, I lose my job.
"That is why it is of absolute interest to me to apply standards consistently across the organisation."
Investment in software tools is not a panacea for improving security, however, and the company investing in a cyber security awareness programme for all its 7,000 users, he says.
"That is because you can put in as much technology and process as you like, but your weakest link can be people. A classic example would be an email that looks like a bona fide email, but if you look closely it has a few ambiguities - it is a phishing attack. People need to keep their wits about them."
Sign up for Computerworld eNewsletters.