Adding Multi-Factor Authentication to Legacy Systems and SCADA with Agilicus AnyX

Case Study

A municipality in Eastern Canada was seeking a method for securing access to the SCADA systems in their water treatment facility through the implementation of Multi-Factor Authentication. This was driven by pressures from city council to improve security, qualify for cyber insurance, and support the different levels of access needed by stakeholders supporting the facility.

The IT team specifically needed to balance security with accessibility – they needed to ensure that the teams supporting the SCADA system had remote access to the Human Machine Interface’s (HMI) thin client without sacrificing the security of the network.

dc581c9e partner hero 01

Security Challenges

The IT department had various hurdles to overcome on their path to support the water team and provide them with secure access to the SCADA application. The municipality was facing four key problems:

end-to-end-encryption

Their SCADA systems was exposed and reachable via the public internet

identity-aware-web-application-firewall

Pressures to meet cyber insurance requirements from council

authorisation-management

A workforce that did not like to change the way they do things

cyber-security-policies

The system in question was a critical system that always had to be connected to the internet and could never be logged out, updated, or shut down

After doing some research the municipality identified it is possible to keep these systems off the public internet and allow access without using a VPN.  What was most interesting to them is that this could be done with zero changes to their network or the way employees access the systems.


Using Multi-Factor Authentication and Zero Trust Network Access to Increase Security with Agilicus AnyX

Working with Agilicus, the municipality implemented the AnyX platform and was able to achieve secure access to their water management and SCADA systems as well as adding an extra layer of protection through enforcing multi-factor authentication.

The municipality was able to achieve the following:

pam-multi-factor-authentication

Enhanced security by providing a platform that removed the exposed URL to behind a firewall while leaving their systems fully accessible, but not visible to the public internet

security-ease-of-implementation

Achieved a quick and frictionless implementation without network changes in under an hour

d7732dd2 solutions cards insurance

Fulfilled cyber insurance requirements by ensuring each user is challenged with the second factor before access is granted and seamlessly allowed the continued use of existing USB security keys

weak-vpn-server-security

Added enhanced protection against common security threats including blocking lateral traversal, restricting user privileges, and producing a full audit log

As a result, the municipality was able to avoid a project that would have normally taken months and met their incoming multi-factor requirements for all users in under an hour. This was all achieved while allowing employees to use their existing credentials, be seamlessly authorised, and require no additional training through Agilicus’ robust solution.

Business Impact

By securing remote access with multi-factor authentication and implementing Zero Trust Network Access the municipality was able to protect their critical systems while simplifying administration. All of this was achieved without the necessity of making changes to the network or installing new hardware. The region was able to achieve the multi-factor authentication they sought after without the use of drastically different technologies and personal device changes. In addition, the municipality established a secure encrypted connection to the Agilicus cloud giving them total control over who had access to the SCADA system and what each user was able to access, all while reducing the time to connect.

In the end, the municipality was able to become more secure, lower their administrative overhead, and have a single pane of glass strategy to control access.

fast-deployment

Reduced time to connect

seamless

Met Cyber Insurance Requirements

user-onboarding

Reduced Administrative Overhead

no-network-configuration

No Network Changes or Additional Systems

no-gateways

Increased Cyber Resilience

Would You Like To Learn More?

Agilicus Has The Expertise

The Agilicus team has the expertise, and loves to discuss Zero Trust implementations.

about-agilicus