Cerca
Close this search box.
Cerca
Close this search box.

Success story

The virtuous behaviour of the PA.

The Province of Frosinone makes its employees' workstations compliant and secure.

Even outside the company perimeter.

Would you like to know how Provincia di Frosinone, a local autonomous authority, solved the problem of device management and control outside the protected perimeter of its premises in an agile working context?

And how was this possible by eliminating physical travel?

We will explore how the IT staff identified the critical element and how we helped the company overcome this challenge and achieve amazing results.

The Province of Frosinone is an autonomous local authority that has the task of looking after the interests and promoting the development of the provincial community, including through the management and protection of the sensitive data of the citizens living in the province.

4 BRANCH OFFICES
in Frosinone and Cassino
0
Citizens served
0
Municipalities
+ 0
Employees

The challenge:

Ensuring operation and control outside the perimeter

In 2020, coinciding with the spread of the pandemic, the public authority in Piazza Gramsci adopted new arrangements - which have since become commonplace - to work flexibly and guarantee services for users. For the frusinate authority's IT team, which manages 500 workstations, agile working brought with it new management and control challenges: in addition to the Province's head office and branch offices, new pieces were added to the jigsaw puzzle outside the managed IT perimeter.

These were the mobile devices of people working in Smart Working, which had to be included in the organisation's security perimeter to prevent leakage of sensitive data. Given the public relevance of the Province of Frosinone, the danger of exposing citizens' data to vulnerabilities and disrupting services prompted the IT team to devote .the utmost attention to the issue.

Due to the heterogeneity of the situations to be managed, the solutions adopted up to that point risked not guaranteeing consistency and timeliness in security updates. And in that case, a single flaw could have penalised the work of the entire province.

«We needed to manage all the company's devices in a timely manner,» explains Alessandro Sau, System Administrator who has been working in the IT team of Provincia di Frosinone for 15 years, «especially from a security point of view: the management to and from the outside was complicated by the fact that these endpoints were more easily circumvented at the vulnerability level. We needed multi-layered protection to reduce the attack surface. Initially, we had turned to free software to protect the network, but we needed a more structured solution».

The solution:

UNIFIED MANAGEMENT OF WORKSTATIONS.

Since agile working methods are not only related to the contingencies of the pandemic, Provincia di Frosinone wanted to equip itself with a structured solution to reduce the attack surface of the managed perimeter and ensure secure access to its database. To do this, it called on a trusted partner with experience in Workplace Management and Security. An issue that WEGG has been following in its developments for over twenty years, some of them spent alongside Provincia di Frosinone in a long-standing partnership.

After learning the details of the situation, the WEGG team proposed centralising workstation management in a single tool to intelligently automate actions related to the distribution, configuration and standardisation of software and operating systems. The choice fell on Ivanti technology.

The proposed solution improved the IT team's operations in providing protection for the devices. With the elimination of travel downtime thanks to centralised management, update times have been significantly reduced. «The tool» explains Sau, «has simplified our work by far. Previously, I had to leave my location to go to the user's location to install the software.
Now I can manage the configuration of the devices directly from my workstation and I have full control over the application situation of external devices as well.».

The fact that the devices follow a standard procedure in the configuration and management of IT policies and processes results in a significant reduction in risk, eliminating any discretionary human error. Remote control functions also allow users to be supported at all times.

 

The executed mode:

SECURITY AUTOMATION FROM UP-TO-DATE INVENTORIES
martin-katler-rjASNUw3SDE-unsplash

The application of the best-practices defined in the AGID document (Minimum ICT Security Measures for Public Administrations) has been
decisive in guiding the Province of Frosinone to take full advantage of a centralised management tool.

The guidelines emphasise the need for an up-to-date inventory: according to statistics, around 30 per cent of components slip through the cracks and this lack multiplies the points of attack. For this reason, the management of all corporate devices, laptops and desktops (including virtual ones) in use by users, has been unified in the single interface of Ivanti Endpoint Manager (EPM) to have an accurate and normalised view of assets.

From a single point of control, it becomes possible to configure and manage IT policies and processes related to users, groups and associated devices, and intelligently automate actions related to software and OS deployment, configuration and standardisation.

Best-practices also require the vulnerability management of all corporate devices: in this regard,Provincia di Frosinone has extended its EPM capabilities via the Internet with Ivanti Endpoint Security and Ivanti VCSA (Virtual Cloud Service Appliances) to provide active diagnostics of the application situation of each device and the ability to prevent critical issues with automated vulnerability remediation from over 130 vendors.

«The timely service feedback and cooperation of WEGG's technical staff,» explains Sau, «ensures that any configuration problems that arise are always resolved quickly.»

RESULTS & BENEFITS. 

TIME SAVINGS
Improved operability

  • reduction of downtime
    in travel
  • maintenance of inventories
    up-to-date
  • advanced automation

RISK REDUCTION
Increased safety

  • control even of devices
    outside the perimeter
  • application situational awareness
    of each device
  • automated management
    of privileges and patches

ASSISTANCE
Support in the use of products

  • timeliness in solving
    of problems
  • collaboration with
    technical staff

«This type of project is useful for all those realities that face the management of employee workstations, even those outside the company perimeter, without having complete visibility of vulnerability risks. Thanks to the centralisation brought about by the technology, we can now manage our 500 workstations in a timely manner and with little effort. We have significantly reduced the attack surface by preventing critical issues through automated remediation of detected vulnerabilities».

Would you like to make your workstations compliant and secure remotely?

CONTACT US FOR A
CONSULTATION!