Customer profile
Due to our rapid growth and the need to manage our customers' sensitive personal data from multiple sites, we needed a fast solution that leveraged established systems like G-Suite. The proposed solution meets all of our requirements and guidelines, both GDPR in the EU and HIPAA in North America.
Baseline and project objectives
The company's goal was to create a secure environment where access to sensitive customer data is centrally controlled. And at the same time, to maximize the security of this data through effective user management, endpoint maintenance and corporate network. The requirement was to meet security guidelines regulating the handling of sensitive personal data in both Europe and North America.
All of the company's information systems are provided to users from a private cloud environment in Amazon Web Services. The requirement was to use only cloud services, without the need to have any local servers and applications.
Benefits
- Efficient management of the corporate network with a single web-based administration interface
- Clear monitoring of data traffic across the entire corporate network
- Very easy VPN connection of all branch offices to the corporate network, making it easy to connect to each location
- Equally easy VPN connection of branch offices directly to the private cloud (vPC) environment in AWS
- Remote management of user profiles and permissions on all endpoints
- Ensuring all installed software is up-to-date and selectively choosing installed updates
- Remote management of Windows, Linux and macOS operating systems
- Easy way to control access to peripheral devices
- Ensuring data security in accordance with EU and North American directives
Solution
AUTOCONT had to find a very progressive solution. In cooperation with the customer, it carried out an analysis and Proof of Concept of the entire solution. Cisco Meraki technology was chosen as the basis for a modern network infrastructure and a target concept was proposed, enabling complete remote network management through a single administration interface and strong endpoint security using only cloud services. Interconnection of all sites via automatic VPN tunnels was designed to ensure that each user can access the entire network according to the given permissions.
By leveraging JumpCloud, which is a cloud-based directory, user profiles can be unified and managed in bulk across different services (profiles on Windows, GSuite, etc.). RADIUS servers as a service combined with Cisco Meraki access points created a controlled wireless network where users log in via PEAP and 802.1x using the same account they have on GSuite.
Endpoint security is given the utmost attention. This is all taken care of by the Sophos Central platform, which provides management and security, ensuring that new settings are activated, alerts are sent and contextual security information is shared.
You can create both user groups and end-device groups to which different security policies can be applied. With the installation of the agent on the endpoint devices, not only a classic antivirus is installed, but also the so-called Intercept X, which uses artificial intelligence and machine learning to detect known and unknown threats.
The maintenance of the stations, their patch management, is taken care of by Automox, which can centrally manage all updates to operating systems as well as third-party software. You can manage your own level of automation for managing updates, enforce configuration and see in the central console which devices require attention. Immediate visibility of vulnerabilities and threats by name, but also by CVE number, is provided.
Used technologies
- Cisco Meraki
- JumpCloud
- Sophos Central
- Automox
DO NOT HESITATE TO
CONTACT US
Are you interested in more information or an offer for your specific situation?