Achieving watertight security of endpoints and applications

PWN is responsible for the continuous availability of drinking water for 1.5 million people in North Holland. As providers of the infrastructure and processes to purify surface water into safe drinking water, PWN insists on deploying the highest levels of security and vigilance across the organization to eliminate contamination risks. 

Industry: Infrastructure



User Workspace Manager
DesktopNow helps organizations simplify desktop deployment and administration, secure endpoints, and reduce IT costs. With the solution, IT can deliver a personalized, compliant desktop regardless of user location or device, manage herculean IT tasks like Windows 10 migration, and enable secure file sync, sharing, and data access.
[product summary]
[product summary]
[product summary]

Deploying multiple levels of protection

Cyber security of its 800 endpoints is of paramount importance to PWN. In 2011, the water utility detailed two steps to ring-fence cyber security above and beyond the existing solid firewalls and antivirus solutions. 

PWN determined that a structure of defined user-privilege control, together with a granular system of checking all applications before download, would form a final defensive line for users within their Windows environment. It adopted the Ivanti DesktopNow solution to design a watertight protection process that would block malware and stop uncontrolled applications from downloading.

Benefits to PWN

Desktop deployment proof of concept (POC)

Embarking on a two-month POC, PWN employed DesktopNow to ease migration from Windows XP to Windows 7. It moved user files, user personalization, and application settings smoothly across 25 endpoints without having to configure them manually. 

Bulk migration rollout

Upon the POC’s successful completion, PWN 
was able to hand over the bulk migration to its managed service provider, Fujitsu. The remaining 780 users were rolled out by Fujitsu in batches of 50, all personalized upon login, straight into their new desktop environment. 

Security deployed across every managed desktop

A four-tier controlled privilege policy included providing all endpoints access to Microsoft operating systems and basic office apps. If users in Tiers 0 and 1 tried to introduce apps or unknown code, the items would be prevented from launching automatically. 

Allowing further access to certain endpoints

Tier 2 deployment and access privileges were factored from job roles and requirements, allowing certain endpoints further access to applications managed and deployed by IT. 

Access for a select user group

Tier 3 deployment was reserved for a select group of qualified users providing elevated rights to install applications on demand. Requested applications were first cross-checked against blacklists. Once authorized, Tier 3 users themselves could then commence the often lengthy and complex download, further saving IT time. 

Preventing unsanctioned applications

With DesktopNow running in the background, PWN can now check software for whitelisting approval to prevent unsanctioned applications from being run and installed. Checking against the constantly updated listings remains the ultimate safeguard against new types of malware entering the PWN network. 

Reassurance that the network is protected

“Other companies have seen application breaches and, more recently, have been exposed to ransomware attacks through inadvertent downloads or simply employees sharing software on USBs,” says PWN’s Paul-Peter Polak. “We’re reassured that our network is protected through background checks provided by DesktopNow, meaning that unauthorized apps cannot run.” 

Prevent execution of unauthorized software

“We take our corporate responsibility extremely seriously. Cyber security of our 800 endpoints is therefore of paramount importance to PWN and that’s why we rely on Ivanti to solidly act as our final line of defense.”

Paul-Peter Polak

Business & Information Architecture, PWN