Adding Multi-Factor Authentication to Legacy Systems and SCADA with Agilicus AnyX
A municipality in Eastern Canada was seeking a method for securing access to the SCADA systems in their water treatment facility through the implementation of Multi-Factor Authentication. This was driven by pressures from city council to improve security, qualify for cyber insurance, and support the different levels of access needed by stakeholders supporting the facility.
The IT team specifically needed to balance security with accessibility – they needed to ensure that the teams supporting the SCADA system had remote access to the Human Machine Interface’s (HMI) thin client without sacrificing the security of the network.
The IT department had various hurdles to overcome on their path to support the water team and provide them with secure access to the SCADA application. The municipality was facing four key problems:
Their SCADA systems was exposed and reachable via the public internet
Pressures to meet cyber insurance requirements from council
A workforce that did not like to change the way they do things
The system in question was a critical system that always had to be connected to the internet and could never be logged out, updated, or shut down
After doing some research the municipality identified it is possible to keep these systems off the public internet and allow access without using a VPN. What was most interesting to them is that this could be done with zero changes to their network or the way employees access the systems.
Using Multi-Factor Authentication and Zero Trust Network Access to Increase Security with Agilicus AnyX
Working with Agilicus, the municipality implemented the AnyX platform and was able to achieve secure access to their water management and SCADA systems as well as adding an extra layer of protection through enforcing multi-factor authentication.
The municipality was able to achieve the following:
Enhanced security by providing a platform that removed the exposed URL to behind a firewall while leaving their systems fully accessible, but not visible to the public internet
Achieved a quick and frictionless implementation without network changes in under an hour
Fulfilled cyber insurance requirements by ensuring each user is challenged with the second factor before access is granted and seamlessly allowed the continued use of existing USB security keys
Added enhanced protection against common security threats including blocking lateral traversal, restricting user privileges, and producing a full audit log
As a result, the municipality was able to avoid a project that would have normally taken months and met their incoming multi-factor requirements for all users in under an hour. This was all achieved while allowing employees to use their existing credentials, be seamlessly authorised, and require no additional training through Agilicus’ robust solution.
By securing remote access with multi-factor authentication and implementing Zero Trust Network Access the municipality was able to protect their critical systems while simplifying administration. All of this was achieved without the necessity of making changes to the network or installing new hardware. The region was able to achieve the multi-factor authentication they sought after without the use of drastically different technologies and personal device changes. In addition, the municipality established a secure encrypted connection to the Agilicus cloud giving them total control over who had access to the SCADA system and what each user was able to access, all while reducing the time to connect.
In the end, the municipality was able to become more secure, lower their administrative overhead, and have a single pane of glass strategy to control access.
Reduced time to connect
Met Cyber Insurance Requirements
Reduced Administrative Overhead
No Network Changes or Additional Systems
Increased Cyber Resilience
Would You Like To Learn More?
Agilicus Has The Expertise
The Agilicus team has the expertise, and loves to discuss Zero Trust implementations.