Government Agency Secures Remote, Third-Party and Privileged User Access

May 10, 2016 |
Government Agency Secures Remote, Third-Party and Privileged User Access

A North American Government agency’s IT system has between 1,500-2,000 remote users at any given time, and 20,000 users overall. Prior to AppGate, the solution in use couldn’t provide the level of security and agility that was needed. . The central services team found that once users accessed a server, that user was able to authenticate themselves and go anywhere within the existing systems and servers, opening it up to potential data breaches. The agency needed an alternative solution.


With more than 20,000 users, this government agency needed to ensure secure access to its shared services. It required a solution to control and simplify remote, third- party and privileged user access. The agency wanted increased security, multi-factor authentication, and granular controls for advanced roles and rights management.

Finding the Right Solution

Prior to engaging Cryptzone, the agency was concerned that solutions in place, including traditional solutions like VPNs, firewalls, and jump hosts, fell short The agency needed to centrally control all user access privileges.

During the agency’s evaluation of technologies, it investigated Cryptzone AppGate, a comprehensive access control solution that provides unified access control at a granular level to applications, services and infrastructure regardless of location, whether on-premises or in the cloud. By making the network essentially ‘invisible,’ cloaking the nature of the full infrastructure and only granting visibility and access to the applications and services that users need to do their job, enterprises can provide ‘segment of one’ access to anyone, anywhere at any time with the confidence and trust that critical information stays in the right hands.

Traditional security and remote access tools like VPNs, next generation firewalls and Network Access Control (NAC) solutions provide an all-or-nothing view of access control, typically offering carte-blanche access to all authenticated users. These tools don’t address the potential for insider threats, stolen credentials, or employee negligence. AppGate enables this government agency’s agility and flexibility to adapt to the dynamic demands of the workforce, constituents and third party vendors. AppGate provides real-time access on a need-to-know basis increasing the productivity through the user community.

Hide All Network Resources a User is Not Authorized to See. Get the white paper.

Failure to gain access to systems without the correct authorization and authentication safeguards the agency from internal and external threats.

Furthermore, AppGate expands the traditional network security model beyond IP addresses and VLANs, allowing the agency to manage access at the most relevant and critical level – from user to app and service, on a one-to-one basis. This provides a secure, encrypted, point-and enables a unified way to control access while maintaining a tight security profile.

AppGate was easy to set up and apply security rules – all without needing to expose apps to the Internet or rewrite legacy apps that are agency critical. The Agency can leave apps where they are, define authorization policies, record access logs and pinpoint who accessed what and when. Furthermore, AppGate provides extensible monitoring and alert management so that access to network resources can be tracked and monitored. It reduces overhead in reporting for regulatory compliance and quicker identification of potential risk scenarios.

AppGate integrated with the Agency’s existing two-factor authentication system which had already been deployed at a significant cost. When tested, AppGate proved to be one of the only out of the box solutions able to integrate with this system easily.

Benefits of Cryptzone’s AppGate

With AppGate, the Agency gained access control for its entire population of remote users. Initially this was for a few thousand users, but because the benefits were so vast, use was increased to all 20,000 users. Users are now able to securely access government resources from external locations. Policies control whether multi-factor authentication is required based on a user’s role, location and other attributes. The Agency is able to grant role-based access enabling users to work interdepartmentally, to-point tunnel to protect network resources and dynamically provision access from any device in any location.

The AppGate administrator at the agency said that without AppGate, the administrators would need to implement a VPN tunnel system, create and modify thousands of firewall rules, and modify their DNS, taking months to accomplish across all their groups. It would have turned a short-term goal, into a long-term project.

Download the full case study now or learn more about how AppGate delivers secures remote, third-party and privileged user access.

Watch the AppGate explainer video.

Back to Blog Home

Philip Marshall

As Cryptzone’s Director of Product Marketing, Phil Marshall brings over 14 years of experience in both product and services marketing as well as 10 + years experience in the high-tech publishing space with publications including Dr. Dobb’s Journal and Byte magazine. Prior to joining Cryptzone, Phil worked at security firms Rapid7, Positive Technologies and RSA. He also was a Senior Product Marketing Manager at Black Duck, the leading open source governance and management firm.

A speaker at recent (ISC)2 conferences and ISACA, he’s participated in numerous webinars, in panel discussions and presented on topics including Identity Security, Application Security and Open Source Governance and Management.

Marshall earned a BA at Bates College and an MBA, cum laude, at the F.W. Olin Graduate School of Business at Babson College.

Leave a Reply

Your email address will not be published. Required fields are marked *