Government Agency Secures Remote, Third-Party and Privileged User Access
A North American Government agency’s IT system has between 1,500-2,000 remote users at any given time, and 20,000 users overall. Prior to AppGate, the solution in use couldn’t provide the level of security and agility that was needed. . The central services team found that once users accessed a server, that user was able to authenticate themselves and go anywhere within the existing systems and servers, opening it up to potential data breaches. The agency needed an alternative solution.
With more than 20,000 users, this government agency needed to ensure secure access to its shared services. It required a solution to control and simplify remote, third- party and privileged user access. The agency wanted increased security, multi-factor authentication, and granular controls for advanced roles and rights management.
Finding the Right Solution
Prior to engaging Cryptzone, the agency was concerned that solutions in place, including traditional solutions like VPNs, firewalls, and jump hosts, fell short The agency needed to centrally control all user access privileges.
During the agency’s evaluation of technologies, it investigated Cryptzone AppGate, a comprehensive access control solution that provides unified access control at a granular level to applications, services and infrastructure regardless of location, whether on-premises or in the cloud. By making the network essentially ‘invisible,’ cloaking the nature of the full infrastructure and only granting visibility and access to the applications and services that users need to do their job, enterprises can provide ‘segment of one’ access to anyone, anywhere at any time with the confidence and trust that critical information stays in the right hands.
Traditional security and remote access tools like VPNs, next generation firewalls and Network Access Control (NAC) solutions provide an all-or-nothing view of access control, typically offering carte-blanche access to all authenticated users. These tools don’t address the potential for insider threats, stolen credentials, or employee negligence. AppGate enables this government agency’s agility and flexibility to adapt to the dynamic demands of the workforce, constituents and third party vendors. AppGate provides real-time access on a need-to-know basis increasing the productivity through the user community.
Failure to gain access to systems without the correct authorization and authentication safeguards the agency from internal and external threats.
Furthermore, AppGate expands the traditional network security model beyond IP addresses and VLANs, allowing the agency to manage access at the most relevant and critical level – from user to app and service, on a one-to-one basis. This provides a secure, encrypted, point-and enables a unified way to control access while maintaining a tight security profile.
AppGate was easy to set up and apply security rules – all without needing to expose apps to the Internet or rewrite legacy apps that are agency critical. The Agency can leave apps where they are, define authorization policies, record access logs and pinpoint who accessed what and when. Furthermore, AppGate provides extensible monitoring and alert management so that access to network resources can be tracked and monitored. It reduces overhead in reporting for regulatory compliance and quicker identification of potential risk scenarios.
AppGate integrated with the Agency’s existing two-factor authentication system which had already been deployed at a significant cost. When tested, AppGate proved to be one of the only out of the box solutions able to integrate with this system easily.
Benefits of Cryptzone’s AppGate
With AppGate, the Agency gained access control for its entire population of remote users. Initially this was for a few thousand users, but because the benefits were so vast, use was increased to all 20,000 users. Users are now able to securely access government resources from external locations. Policies control whether multi-factor authentication is required based on a user’s role, location and other attributes. The Agency is able to grant role-based access enabling users to work interdepartmentally, to-point tunnel to protect network resources and dynamically provision access from any device in any location.
The AppGate administrator at the agency said that without AppGate, the administrators would need to implement a VPN tunnel system, create and modify thousands of firewall rules, and modify their DNS, taking months to accomplish across all their groups. It would have turned a short-term goal, into a long-term project.
Download the full case study now or learn more about how AppGate delivers secures remote, third-party and privileged user access.
Watch the AppGate explainer video.