Q&A: Wi-Fi Drives VPN Adoption at Swiss Insurer
Getting and staying connected was key to this Swiss insurance company, but Wi-Fi access meant it had to find a VPN solution.
As use of mobile devices in the enterprise soars, one Swiss insurance company realized it wanted to benefit from anywhere, anytime access to its network. We spoke to Stefan Geiser, the project manager of Swiss Mobiliar’s VPN implementation, about his company’s requirements, the solutions considered, and how the company achieved success.
Enterprise Systems: What was the problem Swiss Mobiliar was trying to solve?
Stefan Geiser: Swiss Mobiliar is a Swiss insurance company that prides itself on providing local, customized client service. For most of its history, the company accomplished this with a network of 80 agencies and about 60 remote offices throughout Switzerland.
As Wi-Fi networks became increasingly commonplace throughout Switzerland, our executives realized that they needed to equip our highly mobile team with technology to connect them to the company network from anywhere using mobile broadband services and Wi-Fi (including public hotspots). To do this, however, we needed to update our VPN solution because of several severe security weaknesses in our previous VPN solution.
How had your company previously tried to address this issue?
Before successfully incorporating NCP’s Secure Enterprise Client Suite, Swiss Mobiliar used Check Point’s SecureClient VPN solution. However, Check Point’s technology couldn’t meet all of our security requirements without barring access to public hotspots. Ultimately, Check Point’s limitations proved to be directly incompatible with Mobilar’s vision for employees to be able to connect from any Wi-Fi network available.
What products did Swiss Mobiliar consider to solve the problem? Were there specific requirements you had for this project?
At a high level, we were looking for a central remote access management system that allowed us to define all of the parameters for the clients and to enforce all changes on the clients’ end-devices at a moment’s notice. In particular, Swiss Mobiliar needed a VPN that offered central remote access management; a one-click VPN client with integrated dialer for mobile broadband access; automatic connection authentication and negotiation; and centrally managed client firewall features.
These requirements pushed Check Point's VPN solution to its limits. To find another option, the tech team evaluated several different VPN technologies from various vendors—but only NCP engineering provided a solution that could meet all of our complex security requirements.
What were your criteria for selecting your solution?
As its criteria, Swiss Mobiliar looked for a VPN with a location awareness feature on the firewall because public networks could be within the same IP address range as the Swiss Mobiliar Intranet. In addition, we sought VPN client software that could support a CSP (Cryptographic Service Provider) connection to comply with the Microsoft Certificate Store, and be compatible with Riverbed’s data optimization solution.
Swiss Mobiliar did not want to increase headcount to manage the system, nor did we want to burden end-users to carry out manual updates. The new system had to provide simple administration, automatic push updates, and streamlined VPN client management -- all with updates that did not interfere with end-user productivity by hogging bandwidth for large software updates.
What solution did Swiss Mobiliar choose? Why?
NCP engineering’s Secure Enterprise Client Suite emerged as the winner among the technologies we considered. NCP’s next-generation network access technology was the only contender that could meet Swiss Mobiliar’s complex requirements and provide the features we needed. NCP was also able to integrate its Secure Enterprise Client Suite, Secure Enterprise VPN Server, the Secure Enterprise Failsafe Server, and the Secure Enterprise Management (SEM) System seamlessly into our existing network infrastructure.
After a short test phase, during which NCP integrated the Microsoft CSP connection and the text messaging feature into its VPN client, NCP was awarded the contract in December 2009.
How was the installation process? How did the IT administrators and employees handle the transition to the new solution?
NCP's software developers and on-site support were able to implement the solution within five weeks -- a remarkable achievement considering this process typically takes five months.
About 2,500 Swiss Mobiliar users are integrated into NCP’s VPN solution. These users can now easily access the company network -- no matter their location. They can do this with a simple, graphical user interface, while the IT department is able to centrally manage all components of the solution. To provide high security and comfort, the IPsec client automatically selects the communication medium, carries out Internet dial-in, sets up the VPN tunnel, and selects the appropriate firewall policy. The user only has to click “connect.”
The SEM technology allows us to easily update each of the 2,500 VPN clients, resulting in a drastically reduced workload for our tech team. With NCP’s SEM, Swiss Mobiliar is now in a position to change IT policies within 15 minutes or less.
What business and technology benefits have Swiss Mobiliar realized after finding a solution to its problem?
With NCP’s central monitoring and management, the IT department significantly increased efficiency. Now that all employees can securely access the company network Wi-Fi from the road -- just as though they were in the office -- productivity throughout the entire insurance company has improved.
Because NCP’s technology allows Swiss Mobiliar employees to log onto the corporate network with one click, we did not have to provide extensive training around the new technology. Last but not least, we were able to satisfy the stringent security policies for allowing remote access to our network.
How does the solution fit into your long-term plans? Are you planning to add to the technology in the future?
Swiss Mobiliar plans to implement NCP’s remote access VPN solution onto a new device platform in 2012, but the details of that rollout are still being determined.