PWN is responsible for the continuous availability of drinking water for 1.5 million people in North Holland. As providers of the infrastructure and processes to purify surface water into safe drinking water, PWN insists on deploying the highest levels of security and vigilance across the organisation to eliminate contamination risks.
User Workspace Manager
Deploying multiple levels of protection
Cyber security of its 800 endpoints is of paramount importance to PWN. In 2011, the water utility detailed two steps to ring-fence cyber security above and beyond the existing solid firewalls and antivirus solutions.
PWN determined that a structure of defined user-privilege control, together with a granular system of checking all applications before download, would form a final defensive line for users within their Windows environment. It adopted the Ivanti DesktopNow solution to design a watertight protection process that would block malware and stop uncontrolled applications from downloading.
Benefits to PWN
Desktop deployment proof of concept (POC)
Embarking on a two-month POC, PWN employed DesktopNow to ease migration from Windows XP to Windows 7. It moved user files, user personalization, and application settings smoothly across 25 endpoints without having to configure them manually.
Bulk migration rollout
Upon the POC’s successful completion, PWN
was able to hand over the bulk migration to its managed service provider, Fujitsu. The remaining 780 users were rolled out by Fujitsu in batches of 50, all personalised upon login, straight into their new desktop environment.
Security deployed across every managed desktop
A four-tier controlled privilege policy included providing all endpoints access to Microsoft operating systems and basic office apps. If users in Tiers 0 and 1 tried to introduce apps or unknown code, the items would be prevented from launching automatically.
Allowing further access to certain endpoints
Tier 2 deployment and access privileges were factored from job roles and requirements, allowing certain endpoints further access to applications managed and deployed by IT.
Access for a select user group
Tier 3 deployment was reserved for a select group of qualified users providing elevated rights to instal applications on demand. Requested applications were first cross-checked against blacklists. Once authorised, Tier 3 users themselves could then commence the often lengthy and complex download, further saving IT time.
Preventing unsanctioned applications
With DesktopNow running in the background, PWN can now cheque software for whitelisting approval to prevent unsanctioned applications from being run and installed. Checking against the constantly updated listings remains the ultimate safeguard against new types of malware entering the PWN network.
Reassurance that the network is protected
“Other companies have seen application breaches and, more recently, have been exposed to ransomware attacks through inadvertent downloads or simply employees sharing software on USBs,” says PWN’s Paul-Peter Polak. “We’re reassured that our network is protected through background cheques provided by DesktopNow, meaning that unauthorised apps cannot run.”
Prevent execution of unauthorised software
“We take our corporate responsibility extremely seriously. Cyber security of our 800 endpoints is therefore of paramount importance to PWN and that’s why we rely on Ivanti to solidly act as our final line of defence.”
Business & Information Architecture, PWN