C-TEC is an independent manufacturer of safety electronic equipment including fire alarms, alert systems, and automatic extinguisher panels.
The company’s IT team manages a hybrid environment that consists of an on-premises data center as well as private cloud and public cloud services. They need to provide remote access for their employees to SaaS applications including Zoom, Microsoft 365, DropBox, and an Adobe design suite. They also need to provide remote access to enterprise applications, some of which are hosted in a private cloud and some hosted on-prem, including file sharing and storage services managed by the organization and protected by a firewall.
C-TEC has an Apple-centric device fleet including iPhones and Macs. Employees use their devices to access a variety of applications (SaaS and enterprise apps) when outside the corporate network. With Covid-19, remote access became a growing business requirement as many employees started working from home.
C-TEC’s IT team was connecting remote users via a VPN but they weren’t happy with it because the user experience was poor, the connections were slow, and the result was a disruptive work environment.
They wanted to modernize the remote access experience for users. They decided to look for a VPN alternative that puts user experience first.
They needed to ensure this VPN alternative would reduce the volume of logins users had to go through while working remotely. Users were being interrupted by multiple 2FA prompts for Microsoft 365 services when they were outside the corporate perimeter and connecting via the VPN.
"We needed a secure remote access solution that puts the user experience at the forefront to ensure Microsoft 365 logins were fast with no noticeable difference in speed to the user."
Jamf was deployed on their employees’ iPhones to control data usage via content filtering, and to protect users against mobile cyber attacks such as phishing and malware.
Jamf also offers Jamf Private Access: a secure remote-access solution that would replace the VPN and provide a more modern solution for connecting remote workers with business applications, regardless of where they are hosted. It would also eliminate the excessive 2FA prompts by the use of native cloud-to-cloud integrations with Microsoft Azure Active Directory. In addition, Jamf Private Access enables enhanced access control that incorporates user identity, device risk posture and application routing into the access policies.
C-TEC’s IT team configured a conditional access policy within Microsoft’s cloud environment that enabled access from trusted locations that included Jamf's cloud egress for C-TEC, which would mean a user accessing Microsoft 365 via Jamf Private Access would have seamless access to the service, but without Jamf, they would have to go through extra steps – including the use of 2FA – before they could gain access to the SaaS-hosted application.
Jamf secures the connections to SaaS apps, as well as on-prem apps, by establishing a connection from the Jamf Cloud and routing the request using application-specific “micro-tunnels” to C-TEC’s on-premise hosting locations.
“Jamf offers native cloud integrations with our identity provider, Microsoft Azure Active Directory, so we can authenticate the user, protect the connection, and facilitate a fast login to both SaaS and enterprise apps. With Jamf we were able to remove unnecessary authentication hurdles for our users when connecting to Microsoft 365 services from outside the protected network. We looked at the speed of logins to Microsoft 365 as the main performance indicator and we were amazed at how fast it was, there was no noticeable difference when compared to the login speed from on our corporate campus.”
Within 48 hours, C-TEC enrolled all their devices into Jamf Private Access, securing traffic to 20 of their most critical business applications and routing 200,000+ connections via Jamf's cloud infrastructure.
“Now that we have Jamf Private Access on all our iPhones and Macs, we no longer need a slow and clunky VPN to facilitate remote access to our corporate applications. Jamf integrates with our Identity Provider to remove friction, allowing our users to connect with a single login to all the apps they need, whether it’s Microsoft 365 or our on-prem data center. The connection is fast, encrypted, and secure, and you don’t even know it’s there.”
Jamf's access solution is unique in the world of largely legacy-based access products because (1) it works consistently across all modern operating systems; (2) it has integrated and comprehensive threat detection capabilities; (3) it works hand-in-hand with SWG functionality that protects the business applications, while also protecting the user from threats that can be delivered through Internet-hosted applications. This means conditional access policies can be easily set up for all apps to prevent a compromised device from accessing corporate applications, even when the user identity is verified.
“We previously didn’t have any protection for our SaaS applications, only a VPN securing access to our on-prem applications. Jamf searches for threats on the device and blocks access to all our corporate resources, including SaaS apps, if there is a threat such as malware present on the device. Securing the connections to all our business applications from the one platform significantly improves our security posture and reduces overhead.”
C-TEC: company profile
C-TEC is the UK's largest independent manufacturer of quality life safety electronic equipment with a portfolio of products that includes conventional and addressable alarm systems, automatic extinguisher panels, power supplies, disabled refuge systems, call systems and audio-frequency induction loop equipment.
What’s next for C-TEC?
C-TEC has now fully deployed Jamf Private Access across all of its Apple devices, and is considering deploying it on Windows devices as well. In 2021 C-TEC will migrate some of its key enterprise applications to the cloud and with WPA this will be an easy transition to secure and control access to those applications.