Terma provides mission-critical solutions for aerospace, defense, and security customers. Based in Denmark, Terma operates subsidiaries around the world and has 1,300 employees.
Securing Mobile Connections to Corporate Resources
Security is paramount when developing and customizing components for complex defense systems like military aircraft, radar, and surveillance. Not only do Terma employees routinely work with highly confidential information, the company must also meet customers’ specific security requirements before they can collaborate on projects. As a result, Terma’s IT team implemented multiple layers of security—such as firewalls, filters, encryption, and others—to protect devices and information in all of its product areas. When mobile devices became essential to employees, Terma needed to ensure that the devices and remote connections to corporate assets were just as secure as desktop systems and connections.
“Customers must be able to trust that we handle all information securely,” said Jørgen Eskildsen, Chief Information Officer at Terma. “We choose best-of-breed solutions to meet different security needs. This is why we considered Check Point Capsule Workspace.”
Terma has used Check Point solutions as part of its security toolbox for many years. When it came to identifying a solution for securing mobile access to data for its 600 mobile users, Terma chose Check Point Capsule Workspace (Workspace).
Simplifying Mobile Protection
“We chose Workspace to meet three requirements,” said Eskildsen. “We were looking for a product to provide security, good usability, and ease of maintenance.”
Workspace includes a secure container that isolates corporate data on iOS and Android mobile devices. It provides users with one-touch access to corporate email, calendars, contacts, documents, and applications, and it enables remote access to internal corporate resources. For IT, Workspace encrypts business data and applications seamlessly to ensure secure access for authorized users.
Terma liked the Workspace architecture because, unlike competing solutions, it communicates directly with Terma’s existing Check Point firewall. Shared trust certificates on devices and the Check Point firewall eliminated the need for a synchronization server in the DMZ to ensure secure connections from the DMZ to the internal system and back to mobile devices. The direct connection reduced potential points of failure while improving the user experience by making data access faster and more efficient.
“We tested Workspace for several weeks,” said Eskildsen. “Then one of the IT team members allowed a sales manager to use it, and we quickly realized the product’s outstanding usability. That made our decision to move forward easy.”
With an encrypted container and identity management built in, Check Point Workspace enables secure, direct access from mobile devices to internal systems. In addition to working with Terma’s existing VPNs, Workspace gives IT control over who connects on which devices and creates expirations on local data storage. It detects and prevents access from compromised devices and can remotely wipe the entire mobile corporate workspace if necessary.
“Now we know that a user requesting access to the internal systems is Jørgen Eskildsen coming in from Jørgen Eskildsen’s iPhone, for example,” said Eskildsen. “And we know that Check Point Capsule Workspace is a secure container for any Terma information that a user can see or use on the mobile device.”
Workspace also provides IT with information about how the solution is being used. Data is aggregated for analysis, which helps Terma ensure that it is meeting its compliance requirements. Since Workspace was deployed, the IT team has not seen any mobile device security breaches.
Workspace synchronizes with Terma’s Microsoft Exchange environment to deliver fast, accurate email and calendar information to users. When users open the app, everything is intuitive. They receive email quickly and get instant calendar updates. Fast execution translates into high user satisfaction.
“We haven’t received any help desk tickets about user interface,” said Eskildsen. “It’s very easy for users, but that simplicity still supports a wide range of features that improve user productivity.”
Workspace added direct and secure file sharing on mobile devices. While mobile, users can retrieve files, update notes, or work with information directly on internal systems.
Simple maintenance was essential to Terma. In the past, it was easy to upgrade desktop PCs from the help desk. With mobile devices, however, each device had to be provisioned manually to ensure all security features were enabled, apps were updated, and internal connections were synchronized. Help desk staff also had to implement a VPN client on mobile devices so users could use the calendar and other apps. The entire process included 30 steps to configure a new device correctly, and Terma deploys 200-300 new devices each year.
Because Terma standardized on iPhones, they now use the Apple Device Enrollment Program, AirWatch by VMware mobile device management, and Check Point Workspace to simplify provisioning and maintenance dramatically.
“The synergy between Workspace, Apple Device Enrollment Program, and AirWatch enabled us to automate device and application management,” said Eskildsen. “We’ve reduced installation times from 30 minutes to less than 10 minutes per device. Now users can activate new iPhones with minimal assistance—instead of us having to do it for them. This is a huge time savings for IT.”
Trusted Support for Future
Eskildsen expects mobile devices to continue evolving and to deliver even more functionality over time.
At the same time, the security requirements of Terma’s customers will also change. Having been a Check Point customer for many years, Eskildsen is confident that Terma can continue to take advantage of new features from Check Point that handle new threats.
“Check Point Capsule Workspace lets us manage apps on our mobile devices and remote connectivity into our environment in a smart way,” he said. “The solution has significantly improved our security, usability, and maintenance processes. I feel good knowing that our users are supported with great usability, and we remain secure.”