Building a Cyber-Resilient Municipality

How the City of Kenosha Transitioned to Zero Trust

The City of Kenosha, Wisconsin, faced cybersecurity challenges with traditional VPNs for remote access and vendor management. They turned to Agilicus and its Zero Trust platform, Agilicus AnyX, to adhere to the EPA’s 2023 cybersecurity recommendations. This transition resulted in robust multi-factor authentication, secure vendor access, accountability through audit trails, and improved network visibility.

Kenosha’s experience highlights the transformative power of Zero Trust solutions for municipalities, enhancing cybersecurity, remote access, and aligning with EPA recommendations. This proactive approach secures the municipality’s future against evolving cyber threats and emphasizes the benefits of a Zero Trust environment as a VPN alternative.


Building a Cyber-Resilient Municipality

How the City of Kenosha Transitioned to Zero Trust

Executive Summary

The City of Kenosha, Wisconsin, is a forward-thinking municipality that faced significant cybersecurity challenges due to its reliance on traditional VPN environments for remote access and vendor management. With increasing vulnerabilities and limited network visibility, the city recognized the need for a stronger, more resilient approach that wouldn’t disrupt its crucial municipal operations.

Agilicus, a leader in Zero Trust cybersecurity, was brought in to present a solution. After implementing their platform, Agilicus AnyX, the City of Kenosha was able to seamlessly transition to a VPN-less environment, adhering to the best practices outlined in the EPA 2023 cybersecurity memorandum.

The city achieved several key outcomes in the process, including enforcing robust multi-factor authentication for legacy systems and unmanaged users, enabling secure and granular vendor access, gaining a full audit trail for accountability, and heightening network visibility. With Agilicus AnyX, the city significantly improved its cybersecurity posture, ensured secure remote access, and successfully protected its critical infrastructure.

The City of Kenosha’s journey with Agilicus illustrates the transformative potential of Zero Trust solutions. Their success demonstrates how municipalities can enhance their cybersecurity efforts, boost remote access capabilities, and align with EPA recommendations. 

Kenosha’s efforts underscore the importance of proactive action in securing a municipality’s future against evolving cyber threats and the remarkable benefits of transitioning to a VPN-less environment using Zero Trust principles.

How the City of Kenosha Transitioned to Zero Trust

Key Results


Ensured Simple, Secure Vendor Access


Deployed in Under One Hour


Improved Service Delivery


Seamlessly Shifted to a VPN-less Solution


Aligned with the EPA 2023 Cybersecurity Memorandum

Customer Profile

City of Kenosha

The City of Kenosha, Wisconsin, is a municipality nestled on the shores of Lake Michigan in the United States. As the fourth-largest city in Wisconsin, it serves approximately 100,000 residents through a variety of essential services. Kenosha employs hundreds of dedicated professionals across several departments, who work tirelessly to enhance the quality of life for its residents, businesses, and visitors. In recent years, the city and surrounding county have benefited from increased job and population growth. 

The Cybersecurity Hurdles

The City of Kenosha wanted to proactively enhance its cybersecurity efforts, particularly in the context of remote access and vendor management. They relied heavily on a traditional VPN environment, which introduced vulnerabilities and exposed their network to potential cyber threats. Knowing this, the City of Kenosha was looking for a solution to transition its water and wastewater networks (particularly the Water SCADA and Water Business networks) to a VPN-less environment to protect its critical infrastructure and the growing community it served. Doing so would also allow them to align with new best practices, notably the recent EPA cybersecurity memorandum.

This was a challenge, however, as the municipality depended on its existing VPN environment to maintain operations, and the network was accessed daily by a diverse workforce of internal and external users. But its existing VPN didn’t support multi-factor authentication, leaving the city vulnerable to the increased risk of unauthorized access to its water systems and other critical infrastructure.

02f6aab1 water treatment plant

At the same time, the city also needed its third-party vendors to continue to be able to access critical systems to maintain service delivery. In their efforts to do so, the City of Kenosha had allowed vendors to connect to their network through VPNs. While this provided remote access, it also created a security risk. Vendors with VPN access had broad network privileges, which could potentially lead to lateral traversal within the network. This meant that if a vendor’s credentials were compromised, an attacker could move laterally across the network, accessing sensitive resources and causing significant damage. Access controls were also needed as these vendors often needed access to legacy technology through Secure Socket Shell (SSH) or web applications hosted internally. How the City of Kenosha Transitioned to Zero Trust

Moreover, the City encountered challenges in managing and securing connections from unmanaged devices. Without proper controls in place, unmanaged devices connecting to the network lacked essential security measures such as up-to-date antivirus software. This posed a serious risk, as these devices could potentially introduce malware or other malicious elements to the network, compromising the security and integrity of the City’s systems.

Another key issue the City faced was a lack of visibility into its network. They had limited insights into network traffic, user activity, and potential security incidents. This lack of visibility made it difficult to identify and respond to potential threats promptly. The City needed a solution that could provide comprehensive visibility, enabling proactive threat detection and response.


Recognizing the need for a more secure and resilient approach, the City of Kenosha sought a solution that would address these vulnerabilities and provide robust remote access management. They were determined to implement a solution that would mitigate the risks associated with broad VPN access, secure connections from unmanaged devices, and enhance visibility into their network, all without any disruption to their municipal operations. How the City of Kenosha Transitioned to Zero Trust

Executing the Strategy

Agilicus, a trusted leader in Zero Trust cybersecurity, was chosen by the City of Kenosha to help meet these challenges. 

After a successful two-week proof of concept, which was deployed in less than an hour, the city proceeded with an organization-wide rollout. Agilicus AnyX was implemented across all City of Kenosha servers, offering a seamless transition with zero network changes required. Recognizing that business operations couldn’t be disrupted, Agilicus initially ran parallel to the existing VPN, allowing the city to migrate users over at their own pace without any downtime.

As a result, Kenosha was able to:

Enforce multi-factor authentication  
on both legacy technologies as well as unmanaged users
Provide seamless remote access 
for both internal and external users without disrupting operations
Benefit from a complete audit trail 
of who did what, when, and for how long to have evidence for any discrepancies with remote access and what was done on the network
Centralize vendor access
and automate how permissions are managed, approved, and removed

Zero Trust: A Winning Solution

Agilicus AnyX proved to be the ideal solution for the City of Kenosha. With its Zero Trust Architecture, Agilicus was able to provide a secure alternative to the traditional VPN approach. Access was granted based on stringent authentication and authorization principles, regardless of location or device. How the City of Kenosha Transitioned to Zero Trust.

The implementation of Agilicus’ solution allowed the City of Kenosha to significantly improve its remote access security. By successfully implementing a VPN-less environment, the city eliminated the risks associated with lateral traversal entirely. Vendors and remote users were able to connect to the network through secure and granular access controls, ensuring they only had access to the resources they required to perform their work.

Additionally, Agilicus AnyX enabled the City to enforce strong security measures on unmanaged devices. With contextual access control, the city could evaluate the security posture of each connecting device, ensuring that proper controls and other security measures were in place before granting access. This effectively reduced the risk of malware being introduced and enhanced the overall security of the network.

Finally, Agilicus provided the City of Kenosha with comprehensive visibility into its network. Detailed audit logs and real-time monitoring capabilities allowed the City to gain insights into network traffic, user activity, and potential security incidents. This heightened visibility empowered the city’s IT team to detect and respond to threats proactively, further minimizing the impact of potential cybersecurity incidents.

By transitioning to Agilicus AnyX, the City of Kenosha not only addressed its previous vulnerabilities but also established a robust and resilient cybersecurity framework. The solution enabled them to protect critical infrastructure, secure remote access, and enhance their overall cybersecurity posture. With a Zero Trust Architecture approach in place, the municipality can confidently manage vendor access, secure connections from unmanaged devices, and maintain visibility and control over their network.

Results and Reflections

The implementation of Agilicus AnyX was transformative for the City of Kenosha. With the transition to a VPN-less environment, the city has seen a significant reduction in security vulnerabilities. And the ability to manage vendor access more efficiently has resulted in streamlined workflows and improved service delivery.

Meanwhile, the introduction of multi-factor authentication for internal and external staff connecting to legacy systems enhanced the overall security profile of the city’s digital infrastructure.

Finally, the city is also now more confidently aligned with public sector requirements and best practices, such as the EPA cybersecurity memorandum. This further solidifies the municipality as a cybersecurity leader and innovator.

“We chose Agilicus for their ability to deliver on their promise of a secure, scalable, and user-friendly Zero Trust solution. Their product has revolutionized how we approach cybersecurity, offering us peace of mind and a firm foundation for future developments. We couldn’t be happier with our decision and the transformative results we’ve seen.”

Tig Kerkman

Director of Information Technology, City of Kenosha

The City of Kenosha’s experience with Agilicus demonstrates how municipalities can effectively leverage Zero-Trust solutions to strengthen their cybersecurity efforts, improve their remote access capabilities, and meet increasingly stringent compliance regulations and best practices.

Do you have questions or want to learn more about Agilicus AnyX? Get in touch with our team to learn more about how our Zero Trust platform can transform your municipal operations for the better and safeguard your critical infrastructure from cyber threats.

Don’t wait to act until it’s too late – secure your municipality’s future today with Agilicus AnyX.