Third Party and Vendor Access Management for Critical Infrastructure
Located in the heart of one of largest economic regions on the west coast in North America, our customer is a municipality with a very active industrial and commercial services sector. The team at the municipality needed to adopt Vendor Access Management (VAM) and enforce Multi-Factor Authentication on the SCADA system at their water treatment facility. With Agilicus AnyX, the team was able to achieve their goals and adopt a Zero Trust security framework to enable secure access for all internal users and third party vendors.
Vendor Access and Multi-Factor Authentication Enforcement Challenges
Due to their scale of operations, our customer works with third parties to ensure critical infrastructure resources are operating optimally. However, third parties and vendors introduce inherited cyber risks for municipalities, which is especially dangerous for critical infrastructure.
Our customer set out to introduce multi-factor authentication requirements and Vendor Access Management for all city resources, including their critical infrastructure. The SCADA system supporting the water facility had several limitations that interfered with the adoption of those secure access policies.
Budget constraints prevented the IT team from changing the licensing for the SCADA software to integrate identity into the application.
A single, shared login was not acceptable and it was not possible to provide individual active directory licenses to vendors.
Multi-Factor Authentication was required for access by user groups.
Remote access to the SCADA system was a requirement for all internal and external users.
It was critical that any solution would provide the Information Technology team with precise control over permissions and privileges for such a diverse user group (internal users, vendors, third parties). A large and costly upgrade of the SCADA system was simply not possible. The Municipality needed a SaaS solution that could deliver Vendor Access Management and introduce authentication and authorisation as a layer instead of as an add on to the SCADA software integration.
Vendor Access Management (VAM) with Agilicus AnyX
The Agilicus AnyX introduces authentication and authorisation policies across user groups to enable simple access without exposing resources to the public internet. Our customer seamlessly and affordably enabled secure access for vendor support of the SCADA system at the water treatment facility with Agilicus AnyX.
Vendor Access Management
Agilicus AnyX was used to quickly and easily onboard third party vendors without issuing new accounts or credentials. Fine-grained authorisation is paired with detailed audit logs, ensuring the team has complete control and visibility over when their users and vendors are accessing the SCADA system.
Multi-factor authentication can be enforced on any resource, requiring a second factor as part of the login flow to gain access to any designated resource.
Agilicus AnyX federates identity, allowing users from different organisations to use their individual user ID for access to their permissioned applications. Single Sign-On delivers a simple end user access experience while the platform works behind the scenes to unify authentication, putting administrators in full control of who can onboard into their system.
Centralised Authorisation Management
Through a single pane of glass, administrators can easily add or remove users and precisely adjust authorisation permissions, whether it’s for an internal employee or third party vendor.
Identity Aware Web Application Firewall
In addition to the above security The Agilicus AnyX Identity Aware Web Application firewall makes resources accessible to authorised users without making them visible on the public internet, where access is only permitted on the basis of authenticated identity.
Our customer was able to implement Vendor Access Management and enforce multi-factor authentication to ensure the SCADA system could only be remotely accessed by authorised users without exposing the water treatment facility to external risks.
With Agilicus AnyX our customer adopted vendor access management with precise control of authorisations and permissions across user groups without having to issue new accounts for their vendors. Precise authorisation controls enabled permissions and privileges per user, simplifying access without giving up ground on control or visibility of who was accessing the SCADA system.
Vendor Access Management was effectively achieved without interrupting water services for citizens or burdening internal users and third party vendors.
Centralised Authorisation Management for Internal Users and Third Party Vendors
Least Privilege Access Controls and Detailed Audit Logs
Remote Access with Enhanced Cyber Resilience
Authentication via Federated Identity and Single Sign-On
Enforcement of Multi-Factor Authentication
Get in Touch
Interested in learning more about how the Agilicus AnyX platform works to deliver Vendor Access Management (VAM) across IT and operational technology resources? Fill out the form below to get in touch with our team.