Video: NFP Case Study: High Capacity Service Platforms (Afford)

In this video, Paul Berryman, IT Director at Afford, explains how Afford - one of Australia’s longest serving disability service providers - have transformed their IT infrastructure to support future capacity growth, new digital transformation initiatives, and provide end-users with a better online experiences with faster, more reliable Internet connections for multiple devices for calls, videos, streaming and content downloads.

Setup a call with Enablis

Please submit the form on the right if you would like to setup a call with Enablis.


Okay. So, I'll start off with who Afford is. We're one of the, the largest and and and biggest, biggest and most established disability services in Australia. We started off as a PolioMellitus Society back, a little over seventy years ago.

We primarily deliver NDIS services across accommodation day programs. We also deliver factory work in, what used to be called a a sheltered workshop, and and we're working towards making that more of a mainstream employment type. And we also run a disability employment service which is around finding jobs for people with disabilities.

We pride ourselves on being innovative and flexible and providing high quality support and, help people with disability, their families, their carers, achieve their goals.

And that's the key thing for us is to to have people achieving their goals.

Who am I?

I started off in the Navy when I left school and, I've since worked in IT for about twenty five years now and, probably a little bit more than that. And, I've worked in airlines, universities. I've worked on, on the dark side in, a managed service provider for a little while. Apologies to those on the call who work for enablers.

And insurance. And then I had an opportunity to move into aged care when I was at Bupa.

And from there, I moved into the nonprofit sector. Firstly, at Salvation Army Aged Care, then, interview services at YMCA, and now it's, a Ford in disability.

Where I, work best is I go into an organization that has really poor IT, hasn't had a lot of investment, and, uplift the IT there, and my last three roles have been created for me. So these roles, there hasn't been a a previous IT director or anyone of this, sort of level, and I go in and and do the uplift, spend a few years there, and then move on. So with enablers, I feel like I've grown up a little bit with enablers because back in my Bupa aged care days, we did a a private LAN, an MPLS LAN.

When I moved to YMCA, we did a software defined LAN.

And now at Afford, we've gone to the next generation with the SASE or Secure Access Service Edge. So, it's been a bit of a journey.

The challenges at Afford, when I got here, we had very poor IT systems. We didn't have a network. All of our sites connected via raw Internet links into a remote desktop server. So the user experience was pretty poor. There was no network, so we didn't have any capacity structure or anything like that. There was no real security.

We had data in a hundred different sites, and we had to consolidate that.

Access for people to applications was really random. They could install whatever they liked on their computer, and, there was no, centralized budgeting or efficiency. People would just go and get an Internet connection when they started a site, and there was no control over where they got that from.

Very small IT team, two young guys, quite inexperienced running IT and responsible for everything and quite a bit of outsourcing.

When I say outsource, it was not outsourcing in the traditional sense. I think it was some guy running IT out of his garage.

And there are lots of complaints about the the systems. We were overly reliant on the remote desktop.

Lots of support calls with no documentation on what those support calls were. We found it really difficult to work out what was going on and find root causes.

And where we did have security appliances, which was fairly rare, even if they were the same appliances, none of them were really linked, and that was all, single point solutions in the various different sites. So there was no centralized control of anything.

So what we wanted to do is, uplift our environment.

And in doing so, we had to comply with the right fit for risk.

We are of a size where we are in the the category where we can self assess, but we're right on the cusp of being big enough to be required to do an ISO twenty seven thousand and one. So if we grow just a little bit, we need to do that. So we're going through that process, and we will be compliant with ISO twenty seven thousand and one in the near future. Our governance and, zero trust framework were important to us. We wanted a scalable network that was performing well and would support our growth and our transformation initiatives.

We are doing a full digital transformation. It's more of a revolution where we're we're actually getting systems put in place, where they never existed before and uplifting, upgrading all of the other ones. So nothing's off the table in terms of what needs to be fixed, updated, or upgraded.

We wanted a consistent level of security across the entire organization, and we wanted to upgrade or uplift that level of security and simplify the, the control across the network.

We wanted our employees to have a great experience, which, has reduced the complaints and free up their time to spend on what they do best, which is caring for our clients.

The network capacity needed to be uplifted, but also scalable so that we can, support our future digital rollouts, and we wanted to contain this within our existing budget. We needed, visibility of our security appliances and application performance and the ability to manage all of our workstations and printers, roll out patches, make sure that we could run a managed print service, all of that across the, you know, one hundred sites.

So the solution to this, we went out to tender and, you might think from my history, I've worked with enablers three times, that it was just me going, oh, let's get enablers in. But trust me, we went through a proper tender process, and I only had one vote in that process. So, it was quite robust and enable us was a successful tender bid from that.

So we put them through their paces there. The, the team at EnableWorks work really closely with us to determine our return requirements and, make sure our future objectives were taken into account.

And we went through an iterative process looking at the different things. At first, we thought we needed an SD WAN, and we we worked back and forth, and we decided that it would be best to go into the next generation and deploy the, the Sassy framework.

The services are all managed. Someone said to me the other day, what's the connection in this particular site? And I said, I don't know. I don't know if it's Telstra.

I don't know if it's Optus. I don't know if it's AAPT, and I don't really care. That's not my, concern. That's for enable us to manage, and they they look after all that for me.

The Prisma access extends our capability and our security out to anyone no matter where they are. If they're on their work laptop, they're automatically connected in, and we don't have to do anything. If I'm at home, I'm in the office, or I'm at-site working remotely, I recently had to go to New Zealand.

And, no matter where I am, I connect my laptop and it's automatically connected in as if I'm in the office.

All the services are are cloud based, and we can deliver all of those network security, services across the entire organization.

All of our web filtering, sandboxing, all of that is managed centrally and, and through the one firewall.

And we're continually tweaking this. It's not a fire and forget solution where we just set it all up and walk away and go, okay. That's done. So we're continually monitoring and adjusting the the solution as we go along and make sure that we're, reacting to the external threats that are out there, as well as changing requirements within our organization.

Moving on to the benefits, we've, we've now got a a consistent managed network across the entire organization.

Security is pretty easy for us now. We, we can see everything in one place. We don't have to be logging into a firewall at at one site, concerned about another site because they don't have a firewall, managing remote desktops across the Internet.

All of that has now moved into a consolidated single platform.

And that's enabling us to now concentrate on our business, and we've been able to, go out to organizations and government organizations and say we are now secure. We've achieved our right fit for risk requirements, and, you should come and work with us. And while that's not their primary concern, it is one of their mandatory requirements for us to have that security in place.

The end user experience, the CFO asked me yesterday, how's the network going? And I said, well, I'm not hearing any complaints, and I used to hear them all the time. So we must be doing something right there.

We've pretty much future proofed our infrastructure. There's more we can do with Palo Alto, and we can, expand that in future if the requirement comes up. But we don't have to change the baseline security or network. That's all in place, and we can build upon that when, when we need to.

We've never had the flexibility to to do our digital initiatives.

We we still look at security, and we still make sure that security is baked in from the start, but we're less concerned about the network side of that. We can now concentrate more on the application side of the security, and we we, we're a lot more comfortable with the network side of things.

My team is now much more proactive with support tickets. We can go into the systems. We can find out what's going on. We're able to see where the issues are.

Previously, we'd be hunting around going, is it the network? Is it the computer? Is it that they're not close enough to their Wi Fi? We can see a lot more of that now.

The team's able to be much more proactive. They can find root causes, and we can go and, root out that, that cause and fix it rather than floundering around trying to work out what's going on.

And really important, we achieved, and we're just about to recertify for our right fit for risk security certification from the Department of Social Services.

That's really key for us.

If we don't have that certification, we would lose our existing contracts and we wouldn't be able to apply for anymore.

So why do I work with enablers?

Oh, there's a number of reasons. Firstly, they're a friendly bunch, and, whenever we, need to get something done, I I can just give them a call and, and have a chat. So the technical risk is reduced significantly.

The, strategic guidance that we get from, from enables is great. Recently, our account rep came to us and said, hey. Palo Alto has re released something new. Do you wanna have a look at it? And we were able to then get on the front foot and and see what that that new stuff is and, get out there and, and try it out.

We know that things are gonna get done.

The project outcomes are all almost a given. It's not to say there aren't hiccups along the way. There always is with projects, but, enable us to able to deal with those very quickly, and, it's a very collaborative approach.

Technicians and security skills are are really, really good there, and, we've got that ongoing twenty four by seven support and monitoring of our network.