X

The Central Florida Educators Federal Credit Union (CFE) was having problems with its endpoint security. Their existing endpoint security from Symantec was causing problems. First, CFE end users noticed that their machines were increasingly slow. A quick check of the Task Manager showed high CPU usage tied to Symantec. Next, when the software was updated, old installations often failed to uninstall and created software conflicts, with many unrelated applications failing to work. Finally, Symantec burdened end users with alerts and false alarms. For a small IT staff, these constant problems took too much time away from other IT projects. For instance, CFE is in the process of rolling out a desktop virtualization effort. At one of CFE’s smaller branches, they have already installed dumb terminals connected back to hosted desktops, but constant security troubleshooting has kept them from being as far along on this project as they would like.

Comprehensive Computer Solutions, Inc. (CCS) provides computing solutions for industrial applications, with a significant customer segment in the energy sector. After the 9/11 attacks, CCS was asked by its customers to evaluate security. Prior to this, most of their customers relied solely on perimeter security and proprietary communications channels, which were deemed insufficient post 9/11. CCS's main offering for the energy sector is software that controls the various systems and equipment that generate and deliver electricity. They needed to find a security solution that they could package with their own offerings. The solution needed to be flexible enough to work with Human-Machine Interfaces (HMIs), cost-effective, easy to use, and have a customizable front-end to match the specific needs of power plant IT personnel.

Eat’n Park Hospitality Group, a franchise with 75 locations and operating in 150 locations with approximately 10,000 employees, was seeking a solution to improve IT support for users and address growing concerns about data security in the payment card industry (PCI). The company wanted to centralize support for the company’s users, provide high level security with multiple authentication mechanisms and enable the IT support team to establish connections with and monitor devices 24 hours a day. The company also wanted a solution that would integrate within the company’s data center and network infrastructure.

Mobile Knowledge was in search of a new security solution that could provide comprehensive protection without breaking the bank. They were dissatisfied with large security suites, such as those from McAfee and Symantec, as they found them to be more focused on profit than privacy. These suites often segmented different types of protection and sold them separately, forcing users to purchase multiple products to ensure complete protection. This was not only costly but also forced companies to prioritize their risks and protect against only the most immediate threats. The company was also looking for a solution that offered superior protection against zero-day attacks.

Emporos Systems’ support team faced a dual challenge. Firstly, they required a remote support system that could provide the highest level of security. As a technology vendor to pharmacies and other healthcare sites, Emporos’ support infrastructure had to be fully compliant with patient privacy regulations like HIPAA and credit card data regulations (e.g. PCI DSS). Their previous remote support solution and many of the solutions they evaluated only offered static password capabilities. This wasn’t acceptable as a majority of Emporos’ support is delivered while client business transactions are happening. To meet security standards, Emporos needed a solution that could support its RSA security technology, which updated passwords every minute. Secondly, the Emporos Systems support team required a solution that would provide access to support systems from home or work, as well as the ability to manage multiple support sessions. With a team supporting multiple time zones and receiving dozens of support calls a day, this level of flexibility was required to keep support costs low and service levels high.

The Sallie B. Howard School for the Arts and Education (SBH) was struggling to keep up with the integration of technology in education. As students relied more heavily on computers and the Internet, teachers and administrators noticed much of the activity wasn’t school-related. The existing security was not keeping in lock step with the way students were using the Internet. Viruses had slipped through, and non-education related sites were seeing heavy traffic. Even with URL blocking in place, a supposedly trusted site could be compromised and contain malicious code. A new and inappropriate site could fall through the cracks, not yet blacklisted. Technically-savvy students had already found ways to bypass the school’s defenses.

Fidessa, a provider of trading and investment technology and services, was facing challenges in supporting its global customers. The company's support technicians had to rely on the user's description of the issue and screen shots of the user's computer screen to diagnose and solve issues. This process was often cumbersome and could lead to extended support calls due to the complex nature of Fidessa’s trading platforms. The company was in need of a solution that could introduce efficiency and improve customer experience while ensuring total platform security.

The Washington Savings Bank (TWSB) was facing challenges with its endpoint security. The bank, with five branches and approximately 130 employees, was using Symantec Enterprise Antivirus. However, the renewal price for the license was steadily increasing, leading the bank to consider other options. Additionally, the bank was required to meet stringent compliance standards, including the use of an intrusion prevention system to guard against malicious internal network activity. The hardware-based IPS systems offered by other companies were beyond the bank's budget. The bank also had multiple layers of security, none of which were integrated. The end-user PCs had separate antivirus and antispyware, while they lacked other features such as endpoint firewalls, intrusion prevention, and policy control. The bank had a perimeter firewall, but more and more employees wanted to work from home or as they travelled.

Fiserv, a Fortune 500 company providing technology solutions for the banking industry, had a team of 50-100 employees dedicated to providing remote support. However, staff often spent up to two weeks a month traveling to client sites for training and software installation. The company started offering 'vTrips' (virtual trips) to clients for software upgrades, which were well-received and identified as a potential new service channel. However, for this service to be effective, Fiserv needed a solution that could 'virtualize' its staff and ensure greater productivity. The solution also needed to meet the stringent security and audit needs of both Fiserv and its clients. The company's previous solution had a 'pay by the drink' licensing structure, which became costly as the use of clientless remote support expanded.

The Iowa Department for the Blind had its main website defaced several years ago, disrupting its services to the blind and visually impaired citizens. The department realized the need for a security solution that could protect against both known and unknown threats. Additionally, the solution had to ensure high performance of the department's range of web applications without causing intrusive security that could undermine the department's goal of accessibility. The department serves approximately 7,000 blind or visually impaired Iowans, offering a variety of services, including library, vocational rehabilitation, independent living services and public education, as well as adjustment and orientation services for the newly blind. Therefore, any disruption to these services was unacceptable.

Flinders University, a well-established institution in Adelaide, South Australia, was facing challenges with its IT support system. The university's multiple IT departments were using a variety of remote support solutions, depending on the type of device or operating system the user had. This required the support technicians to be familiar with all these tools and to ask users several questions to determine which remote support tool to use to solve the problem. The technical support teams also operated in a siloed fashion, resulting in inefficiencies and slower response times to users. Additionally, there was no tracking or reporting for remote support activities. The university needed a solution that would consolidate their remote support system, improve efficiency, and enhance collaboration.

RWE Supply & Trading, a leading energy trading house and a key player in the European energy sector, was facing a challenge of reducing the attack surface while meeting budgetary and regulatory constraints. The European energy sector is undergoing fundamental changes, with subsidised expansion of renewables causing margins and utilisation of conventional power stations to decline, thereby requiring energy providers to reduce costs. But against this cost reduction, energy providers such as RWE Supply & Trading cannot sacrifice security. As the IT Security Architect for RWE Supply & Trading, Loucas Parikos needed to protect the infrastructure while meeting these cost and regulatory constraints. “We wanted to reduce the attack surface and minimise our chances of being exploited.” In taking a phased approach, RWE addressed individual problems separately and then brought the solutions together under a common reporting and management platform.

Hoosier Energy, a generation and transmission cooperative providing wholesale electric power and services, was using an antiquated remote support solution to connect to and fix employees’ computers. The existing solution had very limited capabilities and was difficult to use. It could only connect to computers if they were turned on and there were a number of steps that needed to be completed before the connection could be made to provide remote support. The success rate of connecting to a computer was only fifty percent as it depended on many factors. The help desk lead, Monty Dine, found it easier to drive thirty minutes to fix issues on-site than trying to use the existing tool. The company needed a better way to provide remote support.

ICE Systems, a systems integrator based in Sydney, Australia, was facing several challenges. They needed an additional customer support channel other than phone and a robust audit trail to meet customer requirements. They also required a remote support solution that allowed access to unattended remote systems due to data center monitoring services for many customers. With a limited five-person support staff, ICE Systems needed to provide support to their customers without traveling on-site, while still being able to support multiple platforms. Many of their customers are in highly regulated industries with strict audit requirements, so ICE Systems needed to be able to trace the path of individual reps and their actions during remote support sessions.

In 2010, DCI expanded the scope of their internal auditing requirements to include access related areas such as user privileges, password rotation policies, review of access sessions, and access history. To address compliance requirements, the team also decided to lock down the development, test and internal business servers to protect vast amounts of sensitive data. This meant that they had to fully restrict root access, reset all passwords after each use, and periodically rotate them — whether they were used or not. Even SSH access had to be limited. To fulfill these needs, DCI required a procedure to delegate and authorize specific limited functions on each server, when access was required. They also wanted different login IDs for different functions on each server, plus a workflow whereby two managers could grant access to specific functions at particular times. Activity on the servers also had to be tracked by ID, including the functions allowed by each ID.

JMC IT, a company that provides IT support and expertise to companies and organizations across the UK, was looking to expand its remote support solution. The company's clients are primarily located within the North of England, but often have remote or satellite offices around the UK, Europe, US and Asia. Changes in IT, like greater calls for staff flexibility, the evolution of remote working and Bring Your Own Device (BYOD) initiatives, have all had an impact on IT support requirements. Keeping pace with these dynamic IT changes means that JMC is continually looking at its own support services and how they meet customer requirements. Prior to implementing Bomgar, remote access to customer devices was undertaken on an ad-hoc basis and via a wide variety of different technologies. While access was always secure and conducted via VPN or Citrix Access Gateway, the ability to conduct all sessions in the same way was not possible.

The Johns Hopkins University Applied Physics Laboratory (APL) was facing challenges with its IT remote support solutions. The existing solutions were not meeting the organization's rigorous security standards and were unreliable, leading to session-connect failures 25% of the time. This was causing frustration among users and resulting in unnecessary onsite visits. The annual downstream costs due to these failures were estimated to be $100,000, equivalent to the cost of two full-time employees. The ITSD team at the lab decided to improve their IT services in terms of security, reliability, and cost.

The IT support team at Johns Hopkins Bloomberg School of Public Health was struggling to provide high-quality support to the growing number of students and faculty conducting research in remote locations around the world. Traditional support delivery methods were proving inadequate, particularly for researchers in areas with slow and inconsistent network connections and limited phone access. The team was also grappling with the challenge of supporting researchers' access to data stored on secure portals on the university's network via Microsoft SharePoint. The existing remote control capabilities included with Windows and their systems management solution were insufficient to meet the increasing demand for support.

La Salle University, a private Roman Catholic institution of higher learning, was facing challenges in providing IT support to its growing number of faculty, students, and staff across multiple campuses and online programs. The main campus was spread out and the university had recently acquired additional real estate, making it difficult for the IT support technicians to service classrooms that were a considerable distance away. The growing online and international programs presented another challenge as the university needed a way to support those remote users. The university's IT department was in need of a remote support solution that would allow them to expand their IT support capabilities affordably.

The IT support function for Birmingham Women’s and Children’s NHS Foundation Trust, a small team, needed to provide assistance in a quick, efficient, and secure way. They faced issues with providing support to remote staff that were connecting to the network from home via VPN, particularly on smart devices such as tablets. There was no mechanism in place to support these users, without having them return on-site to the Trust with their device to have their issue addressed. For many remote workers, some of whom were working long distances from the Trust, this just wasn’t a practical solution. A further problem was having the ability to accommodate third parties or contractors who required access to the Trust’s network. It was essential that Birmingham Women’s and Children’s NHS Foundation Trust maintained absolute control and oversight of third party access, only granting entry to the necessary systems and data.

AMOCO Federal Credit Union, a regulated financial services organization, had the ongoing responsibility to ensure the security and integrity of the organization’s network, systems, and data. The Information Systems and Technology (IS&T) department had been using Bomgar Remote Support with an on-premises appliance deployment for several years. However, they saw the need to heighten the organization’s security even more. They needed a solution that could provide robust control over individual privileged user actions and fully control the rights given to internal users.

NHS Greater Manchester Shared Services (GMSS) is a large healthcare support service provider in the United Kingdom. They work with 12 regional clinical commissioning groups (CCGs) serving a population of 2.8 million. Their clients include CCGs, local authorities, over 600 healthcare providers, and other public and private sector bodies, primarily across the Greater Manchester region in the UK. The organization was in need of a solution that was both flexible and secure, as they handle large volumes of sensitive patient data every day. The solution needed to be highly configurable to meet their specific support needs, without compromising on strong security.

ANATEL, Brazil’s National Telecommunications Agency, was using Microsoft’s Lync collaboration and instant messaging application for remote desktop support. However, when ANATEL refreshed its workstation fleet in 2014, they needed a more robust remote support solution as the Lync tool did not support the operating system of the new workstations. Additionally, the organization adopted a new set of security policies that required a remote support solution with more advanced security features. The Service Desk wanted to expand its capabilities so that it could provide remote support for the organization’s increasing number of mobile devices and its full range of network assets.

Northwell Health was initiating plans to replace its existing IT service management solution and wanted to ensure that its new approach to providing IT services included more robust remote support capabilities than the health system had at that time. It was also critical that the new solution comply with stringent data security regulations that Northwell must meet, such as HIPAA. Turpin researched a number of potential remote support solutions, but only Bomgar met all of Northwell’s requirements.

A leading retail clothing company was operating multiple brick-and-mortar enterprises using a complex patchwork of systems for identity management across its Unix, Linux, and Windows systems. When the company created a new division to handle consolidated online sales for all its enterprises, the complexity of their systems came to a head. The online division was having difficulty complying with the Payment Card Industry (PCI) Data Security Standard. The problem was that the organizations has too many different operating systems, domains, and directory services made it impossible to manage user ID and passwords systematically. The company also needed to address issues of inefficiency. For the end users, engineers and developers, it’s very difficult to maintain continuity for their day-to-day work with multiple account IDs and passwords across the enterprise.

The technical college was experiencing increased demand on their network and seeing the opportunity for malware infiltration growing. Over the past several years, the Director of IT Services had been cleaning up the technical college’s PC environment: first locking down PCs in the labs, and then removing elevated privileges for faculty and staff. By allowing only the fewest or least rights actually needed by faculty and staff, the Director of IT Services hoped to prevent the installation and spread of malware. The Director also hoped that reining in unauthorized software installs would result in fewer resource-hogging components on college PCs. With less extraneous software, the PCs could provide acceptable performance for a longer period of time, therefore allowing the college to maximize the useful life of its PCs. Simply eliminating admin rights, however, would mean that any software install would require an IT Help Desk staff person to gain access to the PC and perform the installation. Deploying IT staff around the campuses for each install would introduce a frustrating delay for faculty and staff. And, the time involved simply to coordinate these sessions would continue to increase as the number of college-maintained PCs was also expanding.

In late 2003, Gap Inc. Direct needed to revamp its entire end-to-end business technology platform — from the customer-facing front-end system, to the back-end order management application, to the business tools that supported the company’s long-term growth strategy. Previously, Gap Direct’s e-commerce platform was largely built on Microsoft Windows. The need for new features — as well as concerns about the platform’s ability to scale given the retailer’s ambitious growth plans drove Gap Inc. Direct to evaluate alternative solutions to the Microsoft platform. Gap Inc. Direct uses Microsoft’s Active Directory (AD) for administrative tools to grant and control end-user permission, but AD by itself doesn’t support Linux or Unix, this resulted in the need for several systems administrators and analysts to analyze all of the logs of hundreds of servers every time an audit needed to be performed — a task that took IT employees away from their day-to-day responsibilities.

The company was faced with upgrading its aging risk and compliance infrastructure, which previously relied on a disparate group of point products to scan for vulnerabilities and assess different operating systems for Sarbanes-Oxley and other types of compliance. Status data from the disparate solutions was imported into a SQL database onto which the IT department had built some limited dashboarding and reporting capabilities. However, IT personnel were still required to spend time writing custom code in order to extend the point solutions and enable them to interact with the database. In fact, the lack of integration among the various systems was creating inefficiencies that hampered the company’s ability to prepare for and pass compliance audits. The company sought a comprehensive and cost effective model for risk and compliance that would not only be easier to use and maintain, but provide a truly unified view into the status of all systems. As a UNIX shop, the company also needed a solution that could perform the deep, credentialed scans required for real protection from vulnerabilities, while also protecting the system’s root password.

The customer service division’s offshore call center had grown to over 5,000 Linux desktops that needed to be better managed and secured. Because authentication was being handled locally on the Linux machines, there was no easy way for the IT department to verify that any security policies were being followed. The company lacked the kind of central user account management for its Linux fleet that Active Directory typically provides for a Windows shop. In addition, the management of new hires, departures, and changing job roles had become a challenge. High turnover rates at the call center just made the problem worse.

The telecom company had just completed an internal security audit and found that their NIS directories were not compliant with Sarbanes-Oxley (SOX), and they needed to find a modern solution. Microsoft® Active Directory was their ideal choice, but they needed to migrate their existing NIS user accounts and groups into Active Directory, as well as manage a vast array of non-windows infrastructure. In its main datacenters, the telecom carrier had in excess of 4,000 Unix servers and 1,000 Unix and Linux workstations that were currently being administered with NIS. They also had over 137,000 user accounts, of which less than 40,000 accounts were active users in the company. In addition to the complexity of the Unix infrastructure and the large number of user accounts, the telecom company also managed the Unix attributes of each user in NIS. Each Unix attribute (e.g., password policy) corresponded to an individual NIS domain. In total the company had 155 unique NIS domains, meaning that for each of the 137,000 user accounts, there were up to 155 additional attributes to manage.