An American financial services company has built a thriving business helping people navigate their way around lending institutions and credit bureaus. The company’s employees routinely have access to their clients’ personally identifiable information (PII), such as social security numbers, credit card numbers, IDs, credit history and more. From a security standpoint, access to the custom-built CRM platform where this data is housed is strictly controlled and restricted to authorized, managed devices within the physical location of the company’s offices. And, as a company that grew during covid, they needed to expand their call center team with outsourced resources located internationally.

As COVID persisted, the VDIs that had been implemented to support both groups of users cut into productivity. The issue led the company’s trusted digital transformation partner and vCISO, VictoryCTO’s John Cunningham, to identify a long-term secure access solution for the third-party contractors, while the full-time employees came back to the office. With Zero-Trust Application Access from the Silo Web Isolation Platform, the company could manage contractor devices and protect sensitive data while allowing contractors to access the data they need for productivity.

“We got a call from the CEO in March of 2020,” recalls John Cunningham, virtual Chief Information Security Officer at Victory. “He knew that with imminent lockdowns, their employees won’t be able to come to the office; and with the way security has been set up, the system won’t allow them to access critical applications from their home IPs either.” As a temporary workaround, Victory set up 150 Amazon WorkSpaces (AWS) — remote desktops that allow for secure and controlled access. The VDI helped the company avoid shutdown and allowed them to continue to provide services to their clients. But the expense and effort required to provision, maintain and monitor additional hardware and infrastructure proved too costly and cumbersome for the company.

“It’s a whole new computer that you have to set up,” explains Cunningham. “It’s rather difficult to put all the needed security controls on it, and monitor that everything is being used correctly. Updates to the base image systems had to be done in sync with the monthly billing cycle, which added even more complexity to the process,” he adds. 
 

A VDI solution helped keep the lights on during the time when employees were forced to work from home, but as the company grew and began to outsource their call center operations internationally, the company tasked Victory with finding a more cost-effective alternative that would provide for safe access without latency, which has become an issue for remote customer service employees. “The CRM application that all customer service contractors had to access was located on the East Coast of the U.S.,” says Cunningham. “When our client’s outsource partners in South Africa and the Dominican Republic tried to connect to it using VDI, response times lagged and performance suffered. With their global workforce distributed around the world, our client had to solve the latency issue while maintaining the highest level of security, even from unmanaged devices.”

The company also needed to address a data storage issue — all files downloaded by a user had to go into temporary cloud storage and be deleted when the user logged out. Plus, due to the sensitive nature of the information stored in the CRM application, the company required all user traffic to come from a single static IP address, allowing their security team to apply web application firewall (WAF) filters to restrict and monitor access.

Cunningham was first introduced to the Silo Web Isolation Platform by a friend in the cyber intelligence community. And while Victory’s client’s requirements were quite demanding — from data loss prevention features to single sign on (SSO) and granular access controls — he was certain that Silo was the right solution for their needs. “The client asked us to lock down their CRM system, and we made sure that it was only accessible through Silo,” explains Cunningham. “They needed all users to come from a static IP address, and with Silo, we were able to accomplish this.”

Today, Silo’s context-based dynamic isolation helps protect the company’s mission-critical CRM application and sensitive data, even when it’s being accessed by contractors using unmanaged devices. Silo makes it easy to maintain strict loss prevention policies by controlling what each user can do with the data they touch — whether they are allowed to copy, paste or print it; or download or upload data to the system. For most users, these actions are restricted to ensure the highest level of data security, with a few exceptions for people whose roles require access to these actions. Victory has helped set up an integration between Silo and JumpCloud — an open directory platform for single sign-on (SSO). 
 
“Training the company’s contractors on using Silo to access their CRM application was incredibly easy,” adds Cunningham. “We preloaded some key shortcuts, and they only need to be authenticated once using JumpCloud, so rollout went smoothly. For a company that maintains some extremely sensitive customer records, our client has taken their application security very seriously, with zero-trust access, isolation, strictly enforced access rules, data loss prevention policies, authentication rules and tight controls. Silo helped them accomplish their goals without increasing costs or sacrificing performance!”