.png){kind=logo}
How can IT personnel within an enterprise manage multiple data centers, multiple hosts, and the need for remote connection and transmission of sensitive data with limited manpower in the face of the expanding COVID-19 pandemic? Legitimate identity authentication and secure remote operation are absolutely critical cybersecurity keys that should not be taken lightly in every industry. Clutch Bearing, a Taiwan automotive bearing brand established nearly 30 years ago, is one of the few manufacturing industries with an advanced digital system. They have implemented an ERP to maintain and manage information systems, optimized their processes, and quickly increased customer satisfaction. They have also deployed a large number of VMs to optimize their internal needs and improve customer satisfaction. Facing an increasingly complex system environment and maintaining the image of an internationally professional secure manufacturing enterprise, Clutch Bearing has decided to introduce a new generation of Hybrid MultiCloud PAM tool, "Mavis," based on the zero-trust framework and compliant with ISO 27001, to effectively address current issues.
Clutch Bearing Enterprise Co., Ltd. was established in 1992 and is engaged in the manufacture of automotive bearings. Its products have undergone rigorous quality control and are widely recognized internationally, with customers in various countries in Europe and the United States. The company upholds the concept of "sustainable management" and is committed to pursuing the sustainable development and growth of Clutch Bearing. In the wave of digital transformation, Clutch Bearing actively considers moving its existing system to the cloud. The advantages of the cloud are not only that it can optimize IT resources and access resources at any time, but it can also choose storage space and computing power that meets the current needs according to the company's business situation and reduce IT personnel costs. However, with the current manpower, the existing on-premises IT system is already in a tight situation for maintenance and management alone, and there is no room for further cloud migration action. This is also the situation that most small and medium-sized enterprises face at present. Due to the need for remote resource connection and consideration of the security of external vendor operations, Clutch Bearing needs an immediate tool to assist in managing on-premises resources and solve existing remote connection security issues, as well as to support the complex environment management of mixed cloud systems in the future. Mavis perfectly meets Clutch Bearing's needs and solves the biggest challenge at hand.
Remote connection to off-site data centers
Clutch Bearings have on-site data centers located in Taipei and Taoyuan, and their IT personnel use RDP to perform remote operations and VPN to switch between the off-site data centers. This is a common practice for many small and medium-sized enterprises in Taiwan that have yet to transition to the cloud. However, this familiar process hides many cybersecurity risks. RDP itself is not a secure configuration and lacks adequate security measures, leaving companies vulnerable to higher network attack risks, especially small and medium-sized businesses that are the most common targets. This is mainly due to the lack of sufficient resources to protect against and respond to network threats. In addition, servers that are publicly connected to the internet via RDP lack the functionality of multi-factor authentication (MFA), which means that if an attacker can crack a user's account, for example by using weak password combinations or reusing passwords, they can access the user's data via RDP.
Mavis is a powerful tool that can manage all hybrid cloud environment resources for enterprises. Once assets are centralized, operations can be performed through a single interface without the need to switch VPN and quickly switch between off-site data center resources to perform remote operations such as RDP or SSH, avoiding IT personnel from connecting through insecure tools and environments. Built on a zero-trust security framework, Mavis adopts multi-factor authentication (MFA) to protect accounts. This allows IT personnel to access critical resources through a convenient and secure method while preventing passwords from being guessed or stolen. With regard to MFA, Mavis supports OAuth2 Password flow for identity authentication of login names and user password combinations, further enhancing account security.
Privileged Account Access Management
Due to the current professional division of labor in various industries, enterprise organizations often need to share information with external parties, or allow external access to internal information. For example, high-tech companies provide product design information to customers or manufacturers for browsing, financial industries allow outsourced vendors to remotely connect to testing environments, and government agencies allow external contractors to connect to their units for system and network equipment management or debugging, etc. All of these require the connecting parties to have system administrator or specific service access privileges in order to meet operational requirements. However, during this process, there is a conflicting relationship between the openness of privileges and the protection of information.
For example, at Clutch bearing, external vendors occasionally need to connect to the enterprise data center for software and hardware maintenance or upgrades. Due to the lack of support for relevant connection tools, IT personnel need to agree on a time with the vendor's responsible unit to hand over important assets to outsiders and monitor the process manually to complete the operation properly. This is inefficient and lacks trust for both parties.
Mavis, built on a zero-trust and PAM framework, can help managers easily assign clear permissions and identities to project members through comprehensive RBAC role access control functions. Clutch bearing no longer needs to share management privileges with external parties. With the creation of vendor roles, Mavis can limit their access to assets, operating range, and required resources, etc., to strictly enforce access control based on the Principle of Least Privilege (PoLP) under the zero-trust framework and effectively reduce the possibility of risk. In addition, Mavis has a powerful governance audit core function. With the help of audit trails, auditors can efficiently monitor, manage, and analyze problems. "Operational log management" combined with "connection recording playback" thoroughly eliminates the difficulties of manual monitoring in the past, fully records all connections made through Mavis, and reduces the time required for audit organization.
About PNTL
Pentium Network is a Taiwan-based software and solutions provider, devoted to making modern enterprises' hybrid cloud IT operations smarter, simpler, and safer.
Since its inception in 2017, Pentium Network has been pushing the forefront of IT operations automation with development across the heterogeneous IT infrastructures on the clouds and on-premises alike, covering major aspects of the modern operational challenges across asset/resource management, fault remediation, sensible configurations, and balance between compliance and performance, with practical perspectives on technologies and best practices to bring IT operational agility, productivity, resilience, performance, and efficiency to a new level.
We have been helping organizations with various IT scales/typologies reduce up to 70% of the manual work & processing time in IT operations. For your digital transformation journey, let Pentium Network do the heavy lifting, so you and our teams can focus on real business, customer satisfaction, and sustainable profitability.