Case Study: Cryptzone Connects Electric Company With Powerful, Flexible Network Security

The Company

Twitter: @cryptzone

Cryptzone is a leader in network security and protection, offering data security, content governance and app security solutions for data protection to global corporations across a range of industries, as well as government agencies.

The Client

Polskie Sieci Elektroenergetyczne (PSE S.A.) is the transmission system operator for Poland, responsible for meeting the country’s domestic and cross-border demands for electricity. As well as managing and developing the extensive network of power transmission lines and substations across Poland, the company’s responsibilities also include the national security of the electric supply, managing cross-border connections and operating the power market “balancing mechanism”: buying and selling energy effectively in real-time to balance power flows in the transmission system.

The Challenge

The complex nature of the business means that many user groups need access to PSE S.A.’s systems and resources: employees, electricity companies/traders, contractors and third-party suppliers. To protect the company’s mission-critical systems and protect the sensitive information being handled on the electricity market, PSE S.A. needed powerful yet flexible network security.

To provision access for a large number of users with diverse requirements, administrators needed to be able to define many individual roles quickly and easily, and have precise control over individual access rights — for example, electricity market players submitting bids to buy/sell electricity, employees needing access to mail and office applications, and third-party suppliers providing online remote system support and maintenance.{ad}

Unauthorized access to some areas of the network could have potentially catastrophic results, from manipulation of the energy markets to control of substations leading to blackouts across the country. Therefore, all communications needed to be encrypted and strong user authentication would be required to protect critical systems.

“We needed secure access 24/7,” said Tomasz Szudejko, deputy director of PSE S.A.’s Department of Operator Services. “SCADA and EMS applications are working 24 hours a day. No downtime is allowed, so it is important for our employees at home or after hours to be able to log in and fix any problems — and to be able to do it in a secure way.”

The Solution

PSE S.A. determined that Cryptzone’s AppGate met their full set of requirements, combining strong authentication, authorization, encryption and access control in one comprehensive solution.

AppGate technology is flexible and scalable, making it easy and cost-effective for PSE S.A. to start with a smaller installation and then add more servers as requirements changed. Initially one AppGate security server was installed, but that has now been upgraded to support increasingly complex requirements. Two clustered Ax2 security servers provide internal access to key systems such as SAP and the energy market. A second cluster provides external access for electricity market traders, and for technical support personnel so they have remote access in case of emergency. A third cluster provides remote access for employees to access the mail server and office applications when working away from the office.

AppGate is designed to cluster several servers together for high availability. Alternative IP addresses for the other clustered servers are…


…automatically distributed to users’ machines so, in the event that the usual server is unavailable, connections are immediately routed to the good server. It is also possible to connect two different ISPs to the clustered servers so if one ISP fails, users can still access the network through the other ISP/server.

Powerful rules and role management provides administrators with precise control over which network resources each user can access and under what circumstances. Endpoints can be measured so, for example, only corporate-owned machines can connect to particular applications. Services that the user is not authorized to use are invisible, thus making it impossible for them to see or attack other corporate assets. In addition, AppGate can automatically configure machines that have never connected to the PSE S.A. network before. So if an external trader or supplier uses a different PC, the client is provisioned and configured without having to wait for an administrator’s input.

The Results

Following the successful initial implementation of AppGate at PSE S.A., the organization has adopted AppGate as the main system for controlling access to important systems. AppGate has been integrated into the new control systems and technologies at the company’s award-winning headquarters in Warsaw. Other areas of the business, including branch offices, that need access to data exchange, mail and other applications are also using AppGate for secure access.

“The AppGate system is relatively easy to use, but the key issue is that it is very powerful,” says Szudejko. “It is possible to define so many different people with very different needs. We couldn’t find any other system that allows us to define such a variety of different profiles for all our different users.”

Azudejko adds, “We work very closely with the AppGate team in Sweden and have found them to be very responsive, for instance when we have needed them to develop additional functionality. We think it’s a very flexible, powerful and stable system for the professional and demanding environment. So we would be happy to recommend it.”

Do you have a success story you’d like to share? The Channel Partners Case Study Challenge is accepting submissions on a rolling basis. They will be published in a special section on the Channel Partners site, and the best ones will be awarded a Case Study Challenge Winner logo for use on their own websites. The best of the best will be invited to share their stories during a live session at a Channel Partners event. Case studies should be 1,200 words or less. You can download the form, send responses directly to Lorna Garey, editor-in-chief, or use our Web submission process. Let us hear from you!

Leave a comment

Your email address will not be published. Required fields are marked *

The ID is: 50430