WAN challenges steer auto-rental firm to SASE

SASE helps global car-rental company Sixt strengthen its network security architecture and ride out COVID-19 challenges.

Tech Spotlight   >   Cybersecurity [NW]   >   Cloud network security
Natali Mis / Getty Images

Latency and reliability concerns set car rental company Sixt on a path to rearchitect its WAN. That led the global company, which has locations in more than 100 countries, to become an early adopter of the network-security architecture dubbed secure access service edge (SASE) by research firm Gartner.

SASE, pronounced "sassy," blends SD-WAN's network optimization features with security capabilities such as zero-trust authentication, data loss prevention, threat detection, and encryption. Driven by demand for a more efficient, scalable network-security architecture, SASE can enable greater network reliability, more flexible deployment options, and pervasive security. The technology is in its infancy but projected to grow quickly. Gartner estimates at least 40% of enterprises will have explicit strategies to adopt SASE by 2024, up from less than 1% at the end of 2018.

For Sixt, SASE fit well with the company's broader digital-transformation efforts. "We needed something that would scale quickly, maintain our security posture no matter how many users and branches are added, and be able to optimize our global traffic network," says Chris Chowquan, who heads the information technology teams for Sixt Rent-a-Car in North America.

In the U.S., where Sixt is the fourth-largest car rental company, it has 1000 employees, 80 offices and more than 3000 connected devices. Its network traffic is a mix of in-house apps, cloud-based platforms like Office365, and voice and video traffic. WAN traffic at the edge is routed to a data center in Germany through a mix of MPLS and internet connections.

High latency for traffic crossing the Atlantic was a particular challenge, Chowquan says. "All traffic was passing through Europe from our U.S. branches, so our Internet and cloud applications were very slow and connection drops were common."

There were also management challenges. "Different point solutions were being used for access and security, and each solution was being handled by a different team," he says. "It was costing us a lot, and the reliability just wasn’t there."

With several different solutions in place, problems were harder to diagnose, and uptime suffered. "If we could handle things using a single pane of glass, from a single vendor, that would be ideal," Chowquan says.

The company was also dealing with aging hardware. "Our infrastructure was a few years past its prime," he says, and, in 2019, was approaching end-of-life.

All of this was hurting business. "Our rental-car software and POS transactions also require connectivity, so it impacts the service we provide to our customers directly," he says. The company took the opportunity to review its network strategy: "The timing was right to look at options," Chowquan adds.

Evaluating WAN options

For Sixt, a cloud-based solution was always top of mind. "We were already looking at migrating from MPLS to SD-WAN to reduce our circuit costs, so something that would integrate nicely with that migration would be preferred," he says.

One option Sixt considered was to look at colocation facilities to support Sixt's WAN links, he says, and that would have been the easiest route: "Update our current setup and simply add redundancy and speed."

Colocation provider INAP had an option that was appealing, Chowquan says. "They had route-optimization features and global colos." But in the end, Sixt went with Cato Networks and its SASE platform. Pricing and support were the primary factors for choosing Cato, he says. In addition, the choice of SASE versus a more traditional networking approach gave the company flexibility and agility it needed.

"Sixt is such a dynamic company. The business requirements push you to be fluid and adopt measures that support fast growth and change," he says.

SASE tested well, but at first Sixt had concerns about whether the technology was mature enough. "You want to be cutting edge, but it was a risk," Chowquan says.

Before making a final decision, Sixt ran test networks side by side to compare stats and get feedback from users and technical staff. Key criteria included ease of use, performance and reliability. Sixt tested final vendor contenders against each other and against its existing infrastructure. Cato performed better on all the metrics, he says, including a 15% improvement in latency across the Atlantic.

Sixt also looked at factors beyond network performance. "Once the cost fit into our budget, we looked at support and how robust it was," Chowquan says. "What kind of response could be expected when things go wrong?" The answer, he says, was that response was immediate.

All the vendor research, testing, approvals and implementation took about six months, Chowquan says. In the fourth quarter of 2019, the transition to SASE was complete.

The changeover was a joint effort with Cato, he says. "As we switched over, we also took the opportunity to have the teams trained."

The process itself was straightforward. "Pointing our routers to the Cato points of presence and securing the connection took about 15 minutes per branch. Cato also allowed us the opportunity to configure our equipment to use two POPs per branch for redundancy." he says.

The old networking gear that Sixt had in its colos was no longer needed, since the direct connections to Cato eliminated the need for them and simplified the network. "We were able to repurpose our routers, switches, and VPN concentrators."

Today, Sixt has 1000 locations globally running on the Cato platform.

SASE benefits, ROI

After moving to SASE, Sixt saw a 15% to 20% reduction in costs for network maintenance, security, and capacity planning, Chowquan says. "We were also able to reduce our branch downtime from 10 hours per month to less than one hour."

One unexpected benefit was a reduction in staff turnover of about 25%. "I believe this can be attributed to improved engagement between teams, allowing people to contribute and get rewarded in different areas," he says.

Once COVID-19 hit, the decision to move to SASE paid off in a big way. In the second quarter of 2020, travel warnings, border closures, stay-at-home orders and mobility restrictions hit the company hard. Demand for rental cars and other mobility services "collapsed almost completely," the company said in its quarterly statement in September.

Revenues for the first nine months of 2020 were nearly 40% lower than the previous year, forcing the company to make massive cost cuts. At the same time, Sixt also took the opportunity to expand in some strategic areas, including taking over 10 sites at major hub airports in the U.S. from the bankrupt Advantage Rent a Car.

The flexibility of a cloud-based SASE service helped Sixt weather the changes. "We were fortunate to have the implementation completed before the pandemic," Chowquan says. "SASE really shined here, especially when asked to do more with less."

At the same time, the technology supported Sixt's shift to home-based employees. "With our network edge now located in the cloud, our users were able to transition to working remotely and tapping into the Cato backbone seamlessly via VPN," Chowquan says.

Employees could work at home, he says, using their home Internet connections or via LTE hotspots. "Connections were stable, and we were able to maintain security and monitor connections using a single platform."

Chowquan says he would recommend SASE to other companies. "It's something I think CIOs should put on their radar. It performs well now and is only going to get better from here."

One feature he'd like to see is the ability for users to self-diagnose connectivity issues. "That would reduce our support costs and improve our customer-service metrics."

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2021 IDG Communications, Inc.

IT Salary Survey 2021: The results are in