Secure Remote Connectivity to 100 Critical Infrastructure Sites, Nationwide

CASE STUDY

A major systems integrator that services critical infrastructure across the United States seamlessly transformed their service model through Zero Trust, to reduce costs while enabling secure remote connectivity to over 100 customer sites.

Fill out the form to read the case study.

vpn-replacement-solution

Case Study:
Enabling Secure Remote Connectivity to 100 Critical Infrastructure Sites, Nationwide

A major systems integrator that services critical infrastructure across the United States seamlessly transformed their service model through Zero Trust, to reduce costs while enabling secure remote connectivity to over 100 customer sites.

Summary

A major systems integrator that primarily supports water treatment facilities across the United States needed a way to remotely connect to over 100 on-site systems to perform support, maintenance, and troubleshooting. In order to do that, the systems integrator also had to comply with customer security requirements for remote access (no shared credentials, multi-factor authentication, privileged access). Agilicus AnyX, a Zero Trust Network Access platform, enabled remote connectivity for the systems integrator without requiring any new hardware, clients, or a VPN. As a result, access was simplified for the systems integrator while ensuring they could adhere to each customers expectations on security.

Network Modification Using Agilicus AnyX to Create an Outbound Only Connection at IEC 62443 Level 3.

OT-Agilicus-Connector

Challenges with enabling remote connectivity for support and maintenance.

cyber-attack-vpn-compromise

Remote access was particularly important for the systems integrator with over 100 sites located coast to coast. The systems integrator had so far been forced to send technicians to site in order to support customers. The ability for technicians to remotely connect for immediate support from anywhere, on any device represented significant cost savings and higher customer satisfaction. 

Due to growing cyber threats and attacks targeting critical infrastructure and operational technology, it was not an option to use traditional remote access tools such as TeamViewer or LogMeIn. Neither the systems integrator nor their customers were comfortable with using these remote access tools because of shared credentials, no multi-factor authentication, and lack of auditability.  

Likewise, the VPN was both impractical for the systems integrator and risky for their customers due to cyber risks such as lateral network traversal. For the systems integrator, VPNs limit efficiency at scale (e.g, 100 VPNs for 100 customers). When it comes to providing support, VPNs can be unreliable and limit the ability to connect to and provide support for multiple sites at once. For operators, VPNs break the air gap and can become a doorway for cyber attacks like ransomware.

Enabling secure remote connectivity without compromising on security.

cyber-insurance-requirements

Water treatment facilities and municipal critical infrastructure require strict security policies to protect the citizens and communities they serve. In order to comply with these security requirements and best serve their customers while achieving their own business objectives, the systems integrator implemented Agilicus AnyX. The platform empowered the systems integrator with precise control over permissions and detailed audit logs for a complete view of technician activity for each site and system. 

With Agilicus AnyX, the systems integrator was able to enable access for authorised technicians without requiring yet another set of credentials or shared access between users. The platform also made it possible to enforce multi-factor authentication for access to any system by any user. The result was remote connectivity through a Zero Trust Network Access framework that complied with customer policies as well as a greatly improved cyber posture for the systems integrator and the sites they manage.

Improved business efficiency with remote connectivity.

cyber-security-policies

Faster site commissioning, faster support and troubleshooting responses, fewer site visits and the potential for 24/7 live monitoring.

remote-connectivity

Micro-segmented down to the device level with a single click to ensure techs did not access something out of scope.

role-based-access-controls

Multi-factor authentication enforced in a way that meant secure access but did not add complexity for the support techs.

detailed-auditing

Detailed audit logs which provide perfect evidence of who accessed the systems, what change they made, and how long they were connected.

identity-aware-web-application-firewall

Ensured the entire site was off the public internet and air-gapped by leveraging the Agilicus outbound only connection. This meant that no VPN or no public IP address was needed (even on cellular sites).

Deployment Architecture

4a5b2477 technical cs networkdiagram v2 03

User Flow

integrator-remote-access-flow

Get In Touch

Ready To Learn More?

Agilicus AnyX Zero Trust enables any user, on any device, secure connectivity to any resource they need—without a client or VPN. Whether that resource is a web application, a programmable logic control, or a building management system, Agilicus can secure it with multi-factor authentication while keeping the user experience simple with single sign-on.

9f758437 agilicus logo horizonta

info@agilicus.com, +1 ‪519 953-4332‬

300-87 King St W, Kitchener, ON, Canada. N2G 1A7

partner

info@partner.com, +1 ‪555 555-5555

1 Main Street, Townsville, ON, Canada. POST-CODE