Cegal, with global headquarters in Stavanger, Norway, is a leading provider of hybrid cloud solutions, software, and consulting services to the oil and gas industry. Cegal uses Ivanti® Identity Director to deliver better VPN security management, track work permits effectively, and standardize the approach to setting up or “standing up” IT infrastructure at customers’ offshore locations.

With Identity Director, people get the right levels of access based on their identity, enabling them to stay productive while the business remains secure.

Security Challenges in Oil and Gas

Oil and gas companies are often at higher risk of targeted cyber-attacks on their networks that can cause major disruption to consumers and potentially to national security. Since people are often at the heart of security risks, a people-centric IT strategy is needed to ensure that only the right people can access sensitive company resources, whether they’re working on-premises or remotely, and regardless of the devices they’re using.

Cegal’s Challenges—VPN’s, Work Permits, and Setting Up Offshore Infrastructure

Cegal was introducing a new security-focused product line called CONNECT@PLANT that would allow customers’ on-shore workers to connect to offshore plants. This involved a VPN connection that would permit land-based personnel to gain secure access to the critical Industrial Control Systems (ICT) situated on those offshore plants. Not only were VPN connections expensive to manage, they exposed pockets of vulnerability that weren’t being managed centrally.

Manual Work-Permit Processing

Many of Cegal’s customers have workforces consisting of temporary employees who require work permits to gain access to offshore plants. Work-permit processing was done manually, and slow paperwork would often delay worker start dates and increase the chances for human error. Cegal needed a way to track work permits—the identities of the requestor and the worker, the assignment start date and duration, the worker’s location, and his or her technology system access—all with complete documentation.

The Need to Streamline the “Standing Up” of IT Infrastructure

Cegal lacked a standardized approach to setting up (or, in industry terminology, “standing up”) IT infrastructure at offshore locations using technologies from Microsoft, Citrix, and VMware, as well as other core security components. While processes were documented, stand-ups took weeks to accomplish and were never done exactly the same way each time as different people were involved in each one. Maintenance problems were then created by the lack of standardization across multiple plants—ultimately resulting in different versions, different software patches, and different configurations, adding up to high maintenance costs. To bring CONNECT@PLANT online, Cegal needed to streamline operations and reduce internal costs.

Cegal Turns to Ivanti

Cegal integrated Ivanti within CONNECT@PLANT to automate the work-permit process from beginning to end, driving greater productivity from employees and better standardization to meet compliance guidelines and lower costs. Through Ivanti Identity Director, CONNECT@PLANT now automates the entire onboarding process, from the point at which a user is defined either manually or via integration with a third-party database storing employee work data.

Lars Rune Nygard, Product Manager at Cegal, comments, “With Identity Director, the CONNECT@PLANT dashboard automates 100 percent of the work-permit process, from creating the user to qualifying the user to removing the user. What Cegal once did manually is now completely automated and turned over to the customer.”

Self-Service Front-End

Identity Director also serves as the self-service front-end for all contractors and employees. Employees no longer need to wait for the service desk to complete basic requests or distribute software—it’s all done through automated business processes and workflows via Identity Director.

What’s more, Cegal integrates Ivanti with ServiceNow to augment its service management with self-service. This not only reduces service costs for Cegal customers, it ensures that all employees and contractors have access to the right applications when needed, improving productivity and the quality of work. Now every action is tracked with automated audit trails, so the risk of exposing offshore plants to cyber-attack is greatly reduced.

Faster Offshore Data Center Provisioning

Before implementing Ivanti, standing up and provisioning a data center offshore required two to three weeks. The process was performed manually and each data center would be configured slightly differently based on who provisioned the servers and often leveraging different application versions. With Ivanti Automation, Cegal has also completely automated standing up and provisioning for each data center. What once took weeks is now completed in less than six hours.

By leveraging Ivanti, Cegal was able to quickly deploy its new CONNECT@PLANT product with minimal cost, providing high value for its customers, establishing virtually bullet-proof work permit audit trails, and reducing maintenance costs.

Cegal’s Lars Rune Nygard concludes, “After using Ivanti, if you told me it could build an airplane, I would believe you—it is that powerful.”

Take a few minutes to learn more about Ivanti® Identity Director.

ivanti webinar - register now graphic - how to stay on top of users' identities and access rights