Firewall Security Case Study

About Hayward

In business since 1919, Hayward Lumber Company serves home builders and developers along the central California coast, providing the full range of building supplies as well as specialized systems such as trusses and fast flooring packages. As a fourth-generation family-owned operation, Hayward Lumber emphasizes personalized service and dependability in support of its customers, along with a commitment to an environmental policy that encompasses sustainable forestry practices, green manufacturing and environmentally-preferred building products. The company operates six stores and lumber yards, along with builder design centers and a truss assembly plant.

Situation

Like most companies in the construction industry, Hayward Lumber has been sharply affected by the economic downturn, especially the fall-off in new building activity. Hayward made the strategic decision to trim operations and expenses to the point where the company could weather a slowdown, yet remain ready to scale back up as the economy improves. In examining its IT operations, Hayward recognized it could no longer justify maintaining neither its older private-line based data network, nor the IT staff required to run it.

Solution

Hayward opted to migrate to a far more flexible MPLS-based IP network from AT&T to interconnect its sites with the Internet and enterprise applications. In addition, Hayward had AT&T install and manage all the necessary remote routers at the sites, and provide a network-based firewall to address security for the company’s network. This allowed Hayward to cut IT staff costs substantially, while actually improving service to its sites, with the ability to quickly increase bandwidth or connections as needed in the future.

Building a Business on Building

Starting from a single lumber yard in Salinas, California, founder Homer T. Hayward launched a company that would thrive right along with California’s building boom. It now includes six lumber yards, five design centers and a solar-powered manufacturing facility. In addition to raw lumber, Hayward also supplies everything from roofing materials to windows, doors, flooring, foundation steel and composite materials.

While its builder and contractor customers can be highly price-sensitive, Hayward Lumber has been steadily successful over the years by delivering exceptional service, along with expert help with estimating, engineering services, consultation, and jobsite packaging and delivery. “At the end of the day,” said IT Director Ed Davis, “the builder wants to know that the truck will show up, on time, with the right materials, at the agreed price. That’s what they depend on. Everything we do is geared toward that level of service.”

Green and Sustainable 

In addition to its family-run dedication to service, Hayward Lumber is a favorite among builders and architects who strive to build with an environmental consciousness -- mainly because ‘green’ is part of the company’s DNA.

Hayward was among the first suppliers in its market to actively seek out and supply builders with products that are more resource-efficient, less toxic and environmentally sustainable. The company is in fact one of the leading suppliers or lumber certified by the Forest Stewardship Council, an international organization devoted to sustainable and managed lumber production worldwide.

Hayward Lumber incorporates green practices into its operations. The company’s truss manufacturing plant in Santa Maria, California is a fully LEED™ certified facility. All framing lumber in the plant is FSC-certified, and all electricity used is generated by 20,000 square feet of solar panels. The plant collects rainwater for its operations, uses post-consumer materials for the building and reclaims ash from coal-burning power plants for the paved areas.

Dealing with a Downturn 

Even with its progressive management and loyal customer base, Hayward Lumber was not immune from the dramatic drop in construction caused by the slumping economy starting in 2008. With so many builders and developers facing slow times, Hayward Lumber had to retrench and reorganize to cut costs and overhead.

“We made the decision to stay in business,” said Davis, “and to do what was needed to keep the doors open. That meant getting somewhat smaller, and tightening belts to make sure we would be here when the economy turns around.”

In addition to trimming staff, inventories and facilities, the company had Davis find ways to streamline Hayward’s IT operations. Overall, he decided to rely more heavily on outside vendors to supplant his internal staff.

Off-loading Network Management 

To support its lumber yards, design centers and manufacturing plant, Hayward Lumber had been relying on an older hub-and-spoke data network. Each location linked to the central data center via private-line T1 to access the Internet as well as the enterprise ERP applications such as point of sale, inventory and ordering.

“At the time,” said Davis, “we had an IT staff of six to manage the network, the network equipment, the servers and the applications, as well as everyday helpdesk support. We had to find a solution that would let us operate and lower costs, with far fewer staff. That’s where we asked AT&T for ideas.”

The team recommended Hayward replace its hard-wired T1 network with AT&T MPLS Private Network Transport service. Instead of tying each location back to the data center via a dedicated T1, they can simply access the AT&T network at the most convenient point, with full connectivity to the applications at the Hayward data center.

Davis also opted to have AT&T directly manage the MPLS routers at each of its locations, which simplified the company’s internal staff needs. “Right now, I don’t have to devote any time to watching, troubleshooting, upgrading, testing or fixing those routers,” said Davis. “AT&T handles all that for us and they do it far better than we could.”

In addition, Davis no longer has to monitor the T1 connections coming into the data center, nor manage outgoing Internet traffic from the individual locations. “When a design center needs to access the Internet, they do so directly through the AT&T network, rather than come back through the data center. It’s far simpler this way. Our network is also faster and more responsive than ever.”

Enhancing Security 

The new network also called for Davis to find a more efficient way to provide security against outside intrusion, which had been a priority at Hayward ever since Davis ran a revealing experiment a few years ago.

“We put an unprotected PC out on the external network just to see how vulnerable it was,” said Davis. “It took all of ten minutes to detect the first attacks on the device. Needless to say, that taught us to take security seriously.”

In Hayward’s previous network, where each location linked back to the data center, Davis relied on physical, hardware firewalls to ward off outside access to its network, servers or remote equipment. But that, too, entailed significant staff time in managing, monitoring and continually updating the firewall software, a luxury Davis no longer had.

In the new MPLS environment, Davis took advantage of the AT&T Network-Based Firewall Service, which not only eliminates the need for special dedicated hardware in the data center, but also relieves Hayward of hands-on management and operation of the security measures. The service has three main components: fully managed firewall, Internet access for the entire VPN that it is protecting and backend connectivity. Additional security features can also be turned on if required. 

“Now, AT&T systems are watching for attacks, not me,” said Davis. “I don’t have to worry about updates, monitoring my ports or managing the details. Whenever I need to make configuration changes to accommodate a new partner or location, the service allows me do so, without compromising security.

“The bottom line is I was able to get a ten-node MPLS network with managed routers and network based firewall for less money than I was paying before.”

Ready for the Upturn, on a Moment’s Notice

With the network and security changes he has made Davis is now able to support all his locations with a staff of just one, plus a part-time contractor. “We spend virtually no time on network management,” said Davis, “except for occasionally checking the network and firewall status via AT&T BusinessDirect®. Usually, all I see is that everything is working fine, and AT&T is on top of it all.” The award-winning AT&T BusinessDirect web portal also provides an easy way to view, analyze and pay bills and report troubles.

Even though Hayward is operating a much leaner organization, Davis knows his new architecture can be seamlessly and quickly geared up whenever needed. “I know that if the CEO calls me into his office and says, ‘We’re expanding into Los Angeles. I need a circuit turned up in 30 days.’ I could do that with AT&T. We can be up to speed in high gear whenever the market turns.”