Secure Municipal Cloud
Secure Municipal Cloud

Excited to share that Oct 22, 2019, Agilicus and the City of Waterloo will be talking at MISA Ontario INFOSEC 2019 about a joint project, one that helps digitally enable a diverse workforce with great security and great simplicity. If you are heading to Orillia I’d love to meet you there.

In this presentation we will explain how we took a set of simple web applications, each only accessible by City staff with Active Directory accounts, and made them:

  • Cloud Native (Google Cloud, Kubernetes, Container)
  • Secure (per-path role-based access control)
  • 2-Factor Authentication enabled (SMS, TOTP, FIDO U2F)
  • BYOD & Mobile, outside the firewall, without VPN or complex inbound rules
  • Securely access the database that remained inside the firewall
  • Enabled for a Contractor work-force without creation of Active Directory entries (and associated costs)
  • Hosted, Managed (including SOC & SIEM)
  • High availability with live, online Disaster recovery

With nearly zero effort on a per-application basis.

This removed the need for local services/licenses/capacity/monitoring, saving money, such as:

  • Citrix
  • vSphere
  • Microsoft IIS, Server

This enabled the outside-plant workforce to do simple data entry, view their hours of service, from anywhere, with any device. With simple login. With high security. Without incremental costs.

We will explain how we achieved Canadian Data Sovereignty while doing so.

This solution is exceptionally strong for reducing spear-phishing (the single-sign-on coupled with 2-factor authentication means no more written-down passwords and stronger security).

The cloud-hosting and in-built security features (e.g. read-only filesystem, e.g. signed-code-only, e.g. application-aware network routing, e.g. mutual TLS, e.g. SPIFFE) makes these applications exceptionally immune to Ransomware or other attacks (even if they themselves have susceptibility).

More detail is in the Whitepaper.

Share This

Share this post with your friends!