Bastion Host for Remote Maintenance
cyberelements helps a supply chain player to secure remote maintenance and comply with the 27001 standard.
An international supply chain player with 1,000 employees and solutions deployed in more than 50 countries was looking for a secure bastion solution for remote maintenance, compatible with its existing tools and that could offer the best user experience.
> Improve and secure remote maintenance of software and systems deployed at customer sites.
> Comply with the ISO27001 standard.
> Offer the most seamless and fluid user experience possible, by enabling the use of existing tools (RDM) and federated SSO on an existing password vault.
> Secure access to software and PLCs deployed at customers’ sites
Designed for remote access, cyberelements secures access to customers’ IT & OT resources for the organization and its service providers. The platform now enables sessions to be recorded for access to RDP, SSH or web-based resources, without the need for a bounce server, thus preventing attacks by lateral movement and reducing infrastructure and licensing costs. Recorded sessions are stored on the customer’s premises and can be accessed by both the customer and the supply chain company, offering a new service to its customers.
In addition, cyberelements enables authentication secrets to be managed without being divulged, thus reinforcing the level of access security.
The platform’s double-barrier architecture also prevents exposure of the information systems of the company’s various customers, which can only be accessed via cyberelements.
> Seamless, and fluid user experience allowing the use of existing tools
The supply chain company wanted to minimize users’ disruption, who were already accustomed to using Remote Desktop Manager (RDM). It also wanted to integrate an existing password vault, on which the bastion host can be built and used for remote maintenance.
The integration of cyberelements and RDM is therefore “native”, without disrupting the user experience: from the RDM, users can access (direct access) all their resources, without re-authentication, while relying on the existing password vault.
The solution uses a clientless web interface, meaning there is no need to install it or to download it on the workstation. The protocol break technology limits both the interaction with the workstation and the risk of spreading any malicious load present on the workstation.
> Sealing the supply chain company’s customer environments
Our client handles the maintenance remotely, by operating on its customers’ infrastructures, and as a Managed Service Provider (MSP), by enabling its customers to access the solution as well. So, we had to guarantee a perfect seal among customers. With cyberelements, this is made possible by the multi-tenant ownership of the platform and the use of gateways deployed in separate LANs. Each gateway is connected to the Controller corresponding to the appropriate client, and a user only accesses and “sees” the resources of the organization that has given him or her the rights.