Case Study: A Global Automotive Firm

A multibillion-dollar global automotive firm approached ICSynergy for a solution that would allow their users and partners to access on-premises enterprise applications outside their network. ICSynergy quickly deployed an SPGateway-based solution that was both on-budget and easy-to-maintain.

As a result, the automotive firm increased its security posture and streamlined access for employees and partners.

Background

As an industry leader in its segment, the customer was running multiple enterprise applications to optimize critical business functions. While this worked for the customer’s on-premises needs, employees and partners also needed to access these applications securely when they were off-site.

To overcome this challenge, organizations have traditionally employed a Virtual Private Network (VPN) for secure remote access. Although this is a popular solution, VPNs are expensive to maintain and carry an unnecessary security risk. ICSynergy provides a simpler, more secure option with a dynamic application tunnel: the SPGateway.

The Problem with VPNs

Experienced security professionals know that passwords are the weak link in computer security. Among other risks, they are easily forgotten and result in helpdesk calls; people re-use them frequently; and they can be stolen. VPNs are not immune to these risks. Many of the data breaches in the news are a direct result of misused credentials exposed over a VPN.

It is possible to improve VPN security by patching systems and utilizing Multi-Factor Authentication (MFA), but these solutions can be expensive. If a VPN is compromised, a malicious user can gain access to an enterprise’s entire network. Clearly, a better solution is needed.

The SPGateway Solution

ICSynergy deployed the SPGateway to provide secure remote access for the customer. With the SPGateway, all users and partners could securely access the customer’s on-premises, web-based applications while off-site.

This provided convenience for the customer’s employees while also increasing the customer’s overall security posture. Additionally, it smoothed out the process for dealing directly with partners, who could now access the customer’s applications remotely and securely as well.

End-to-End Security

Unlike a VPN, the SPGateway provided an end-to-end security model for the customer’s network. A VPN-based solution would have allowed any user complete access to the entire network with a single password. With the SPGateway, users only have access to the app for which they are authorized.

This increased the customer’s security posture by reducing the potential for bad actors to gain network access via a stolen VPN password.

Added Benefit: SSO

Additionally, ICSynergy’s SPGateway-based solution increased the customer’s ease-of-use by enabling single sign-on (SSO) through a cloud-based identity provider. This provided a single, central login location for all users to access any application as needed.

The customer deployed an Identity-as-a-Service (IDaaS) solution to serve as the authentication source. The IDaaS handled authenticating the user and provided SSO to the Software-as-a-Service (SaaS) applications. However, the IDaaS could be used to enable SSO to the on-premises applications.

The SPGateway was used to translate the IDaaS tokens into a session for the on-premises applications, and eliminated the need for people to remember multiple passwords.

Previously, all of the customer’s internal applications required separate logins. This required users to memorize several passwords, many of which may have been duplicated, lost, or stolen. With the SPGateway, users only had to log in once. The reduced potential for lost passwords made the customer’s network more secure, and easier to manage.

SPGateway facts:

Single, hardened appliance that provides the world’s first dynamic application tunnel
Virtual appliance that can be deployed on-premises or in the cloud
Works with any authentication source
Enables SSO with any web application, including Oracle E-Business Suite, Microsoft SharePoint, and many others
Can replace a VPN while providing end-to-end security

Stats

22,000 – total licensed users protected by the SPGateway

0 – no downtime has been caused by the SPGateway

Jeffrey is PM

Hansen was the sales guy

Technical people? Shaun Feaker

Explain what we’re doing. What we want. Case study and logo for sure, maybe a testimonial quote

Got quote from Arun. Good. Need permission to use logo. Need approval from their marketing dept.

What does this global automotive firm do?

Get this from their website

What work did ICSynergy do for this global automotive firm? What problem did we solve?

They have internal applications (on-premises) that they want to be able to use outside their network. Their users, their employees. Without VPN. Make on-premise apps available offsite. Also did it quickly with tight budget. Also very easy to maintain.

Custom apps. They run on IIS. Internet Information Services is an extensible web server created by Microsoft for use with the Windows NT family. IIS supports HTTP, HTTP/2, HTTPS, FTP, FTPS, SMTP and NNTP

Apps: Power BI (Business Intelligence), Nett, Budget, CPI

Think these are all SAML (borrow some of the SAML stuff from LMI). Not totally sure. Could be header-based

These are all web apps. They run on a service called Microsoft IIS. Can have a server with lots of different IIS instances. They all have unique domain. Before you would have to integrate each of those apps individually (integrate with SPGW and Okta), internal or external access. but now they can spin them up quickly. Rapid deployment from SPGW UI

SSO part: these are all internal apps, each would have their own login. Now have one central place to log in, users only have to log in once. Instead of a dozen logins (or whatever), they have one. This makes it more secure, and easier to manage.

What benefits came from the work? How did we help business?

More secure.

Apps can be proxied

Got rid of VPN. When you VPN, you get access to the whole network. With this, you don’t gain access to whole network. With proxied apps, you only have access to that app. Stops bad actors from getting access to whole network.

Easier to manage

On-prem apps are available offsite

Only one login needed, instead of a dozen or however many. Convenience for users. This lets their partners have access to their apps. This helps drive business. Smooths out process for dealing with their partners. Not just for corporate employees.

Kept it under budget.

Stats – how many users? Percentage increase in efficiency or something?

Workforce of 13,500+. 50 customers around world

Licensed for up to 20,000 employee users + 2,000 users = Total of 22,000 users licensed

Only two instances set up in high-availability posture. Two SPGWs set up in HA for 20,000 users

Licensed for up to 50 applications

0 – never had downtime caused by Gateway

Want to talk with an expert?

Requesting a case study?

Let’s talk advisory & consulting (and more):

Let’s talk end-to-end solutions (and more):

Let’s get started on your IAM solution together:

Okta Advisory & Consulting

Advisory Services

Integration

Managed Services

Why ICSynergy?

ICSynergy is agile in moving through customer purchase processes and has deep ties within Senior Okta Sales, Product, Operations, and Customer Success teams