Executive Summary
A North American health tech company faced challenges with remote workforce security, VPN limitations, and adhering to HIPAA and GDPR data protection regulations. They adopted Invisily's Universal Zero Trust Network Access (ZTNA) solution, transitioning from vulnerable VPNs to a more robust and flexible security approach. This case study highlights how Invisily enhanced the company's security posture, ensuring compliance and protecting sensitive health data, while offering a broad range of capabilities from dynamic policy management to advanced threat protection.
About The Company
A North American health tech firm with a global reach, specializing in medical device and pharmaceutical manufacturing. The company provides engineering and recruitment consultations, auditing, training, and quality system certification, mainly serving the life sciences sector. The organization focuses on specialized staffing and consulting for technically complex projects across various international regions, adhering to high industry standards and regulations.
Challenges Faced by the Company
Remote Workforce Security: A shift to remote work, post covid, necessitated a reevaluation of network security measures, as employees accessing company resources from diverse, potentially unsecured locations extended the network's traditional boundaries, intensifying the need for robust and secure remote access systems.
Third-Party Collaboration Risks: Engaging with multiple third-party collaborators heightened the risk of data breaches. This was worsened by traditional VPNs providing broad network access, potentially compromising data security and integrity.
Insider Threats: The company needed to formulate strategies to mitigate risks from insider threats, which include both deliberate and inadvertent data leaks, posing a significant challenge in maintaining data confidentiality and integrity.
Compliance Requirements: Operating in a highly regulated environment meant stringent adherence to data protection regulations like HIPAA and GDPR was critical; this was especially challenging due to the involvement of third-party data processors.
Limitations of Other Approaches
VPN Weaknesses: The company acknowledged the inherent vulnerabilities of VPNs in a landscape of evolving cyber threats, particularly noting their inability to adequately restrict access and prevent lateral movement within the network.
Rigid 'Rip and Replace' Models: In exploring solutions to emerging security issues the company was exposed to vendors who demanded extensive and disruptive changes to the existing network infrastructure, an approach that was incompatible with the company's preference for more adaptable solutions.
Narrow Solution Focus: A significant challenge was encountering vendors whose ZTNA solutions had a limited scope, primarily focusing on replacing VPNs without offering comprehensive features like dynamic policy management or micro segmentation.
Need for a Holistic ZTNA Solution: The realization dawned that a more encompassing ZTNA solution was necessary, one that would address not just the weaknesses of VPNs but also provide a broader range of security functionalities to meet the company's complex needs.
Solution - Invisily Universal ZTNA Implementation
Invisily Universal ZTNA was implemented to address the company's cybersecurity needs. This solution offered a broad spectrum of functionalities, adapting seamlessly to both cloud and on-premises environments. Its flexible deployment models and inclusive approach to remote and on-premises access control marked a significant upgrade from traditional VPNs.
Results
Improved User Experience: Post-Invisily deployment, employees enjoyed a more seamless and non-intrusive experience while accessing services, enhancing productivity compared to the previous VPN system.
Data Protection Enhancement: The company effectively implemented micro segmentation to safeguard personal data, preventing lateral movements in case of network breaches and ensuring data access only to authorized personnel.
Expanded Access Management: Invisily facilitated comprehensive access control, not just for remote workers but also for on-premises employees and third-party collaborators, ensuring secure data access across various user groups.
Simplified Compliance with Regulations: The adoption of Invisily streamlined compliance with regulations like HIPAA and GDPR, by enforcing strict access controls and least privilege principles, ensuring encrypted data protection, and providing robust monitoring and audit trails.
Utilization of Broad Security Features:
- Hardware and Software Asset Management: Ensuring secure access through an approved device and software registry.
- Secure Web, Cloud, and SaaS Access: Safeguarding interactions with cloud-based systems.
- Scheduled Access Controls: Implementing time-based access policies for sensitive data.
- Next-Generation Network Access Control (NAC): Filling gaps in network access control without needing a separate NAC.
- Dynamic Policy Management: Tailoring access based on context and behavior.
- Network Micro-segmentation: Isolating critical network segments for enhanced security.
