Success story
Centralization of all service provider accesses with session recordingAs an operator of critical infrastructures in the telecommunications sector, it is of central importance to make all accesses controllable and secure from the outside. For more than 15 years, a European telecommunications provider has relied on VISULOX Remote Support for this purpose.
"Full flexibility, less downtime and a thinking Support desk in Germany."
Challenge
Day after day, far more than 1,500 external employees from various partners and service providers work remotely, directly or indirectly, on the systems in the internal IT and OT infrastructure. And that's just in our customer's German data centers. Each partner wants to manage its own access solution, and all employees want as many rights as possible to work comfortably.
High compliance and internal IT security requirements of our customer do not allow heterogeneous individual user connections and prohibit sensitive information, such as personal data or price lists, from leaving the infrastructure uncontrolled. In addition, the infiltration of malware and spyware by third parties represents a high risk.
The top 5 requirements for the Remote Support solution:
- Replacement of a heterogeneous VPN infrastructure with a central service provider portal that guarantees global accessibility
- Traceability and auditability of activities for KRITIS audits and availability of record for incident response
- Control of the entire file transfer by implementing approval workflows for dedicated approval of uploads and downloads by departments
- Protocol-independent coverage of all operating systems and endpoints
- No installation of agents on clients and servers as well as connection of decentralized data centers and use of global user repositories
Solution
The introduction and continuous further development of VISULOX Remote Support has proven its worth. The customer offers its internal employees as well as all service providers and partners a common, centralized manageable and future-proof platform. centralized and yet distributed in such a way that a failure of general infrastructure components does not jeopardize access to the assets worth protecting at any time. An individually designed load balancing concept guarantees that every single user receives effective access - even under full load and the simultaneous recording of approximately 5,000 individual sessions per day. The VISULOX-Clsuter connects globally distributed data centers and always provides users with the right access with the correct rights.
The access to recorded activities required the approval of the national works councils without exception. For this purpose, the Dax group uses the integrated technical dual control principle of your VISULOX Remote Support installation.
The so-called "Extended License Usage" of amitego guarantees that the customer can make internal IT and OT infrastructures available even in emergency situations. The concurrent user licensing adapts to the individual load peaks of the customer.
The top 5 benefits for the customer:
- Through the connection to the group-wide central user repository, rights and roles for users as well as all other security provisions are easily controlled via group policies
- Flexible and modular licensing enables growth and the cushioning of peak loads.
- Customizable login areas for different partners and service providers strengthen collaboration
- Every user, whether internal employee or external third party, can work outside of the individual locations, independent of the desired device via the web browser or a client.
- Easy on-the-fly integration and deployment of the service on-premise, hybrid or in the native cloud, as well as training of all employees and customization of workflows and technical specifics.
Result
For more than 15 years VISULOX Remote Support has been the central and indispensable Remote Vendor Access Portal for our DAX customer. Across national bordersAny external employee or service provider of the telecommunication group is obliged to perform his activities via VISULOX without exception.
Based on the policy, all activities are recorded on film using session recording to provide proof of performance and made available for audit and compliance purposes. Random samples of the collected films are automatically checked for specific sensitivities using OCR.
If the service provider's employees are outside the internal IT network, they can only log in via adaptive multi-factor authentication. In accordance with the principle of "least privilege," only dedicated applications are available to individual users. If a user requires additional access, he or she submits a request for temporary activation of certain applications. The same applies to file transfer, which is prohibited per se for external users. Information and files require release by an internal supervisor as well as an integrated anti-virus scan. All transfers generate an audit-proof traceable event that is forwarded to an internal SIEM system.
Connected to the global user repository, the different service providers and third parties are managed centralized . VISULOX Remote Support guarantees client separation and efficient onboarding and offboarding workflows that simplify the daily work routine.