News Stay informed about the latest enterprise technology news and product updates.

SSL VPN secures distributed construction company

SSL VPN for remote access was necessary for Barton Malow, a massive construction company.

Remote access is necessary for Barton Malow, a massive construction firm with a presence in nearly all 50 U.S. states.

In many cases, a branch or remote location for Barton Malow is nothing more than a construction trailer -- not necessarily the most secure of network environments. Regardless, project managers, engineers, accountants, sales teams and executives still need to reach critical applications and resources, despite their distant locations. The company needs to ensure that access to tools like Outlook, project management applications, accounting applications and human resources files is secure, whether users are in the office or in the field using laptops or PDAs.

"We're very scattered; our workforce is very mobile" said Phil Go, Barton Malow's CIO, estimating that Barton Malow's network users can stretch to anywhere from 65 to 75 different locations across the country at any given time. The company's data center is centralized at its Southfield, Mich., headquarters.

Being scattered on construction sites throughout the country has been challenging for Barton Malow, Go said. In many cases, workers are in greenfield locations.

"Connectivity has always been a challenge," he said, adding that often workers were forced to rely on the networks of a customer for connectivity. "Customers say, 'Use our access to get to your network.' "

That option was fine for connectivity's sake, Go said, but from a security standpoint, accessing critical applications from a customer's potentially unsecured network just wasn't cutting it.

"At the beginning, we were not secure. That's when I said, 'That's enough of this,' " Go said.

He conferred with consultants who pointed him in the direction of several SSL VPN vendors -- Aventail, Cisco, F5 and Juniper. And while security was critical and top of mind, Go noted that he was realistic in his approach.

"We're a construction company," he said. "We're not a financial institution."

Cisco was considered but later dismissed, Go said, because at the time of the evaluation, Cisco's SSL VPN offering was too new and had yet to prove itself. "It was too fresh," he said. F5 and Juniper both had attractive offerings, he added, but Aventail's EX2500 was the best fit.

"You just want to make sure [the network is] a less attractive target," he said. "It's the right thing to do. If it's good enough for Chase Bank, it's good enough for Barton Malow."

Barton Malow uses Aventail's EX2500 for profile-based authentication, data protection, interrogation of devices for presence of malware, antivirus, update status and access to different encryption settings. Go said users now have secure access to information from anywhere.

Barton Malow set up a Web-based landing page that lets users authenticate, Go said, and then presents them with the applications that are available to them. The page can be accessed from any network, ensuring that users get a secure connection wherever they have Internet access.

For more information
Read another SSL VPN case study

Learn more about SSL VPNs
Go said the connection is stable. Before deploying Aventail's solution, Barton Malow had a dial-up VPN client. Connections would frequently get dropped and the user would have to reestablish, only for the connection to drop again. Now, he said, "Yes, it drops, but it reestablishes on its own. That alone was worth the investment."

On the management side, Go said, it took less than a week to get the system fully up and running. Administrators can push software updates out over the VPN.

"From an IT standpoint, we have more satisfied and productive users," he said.

Overall, adding Aventail's SSL VPN to the network gives Go peace of mind. Though Barton Malow may not need the tightest security, he said it is good practice to lock down sessions.

"It's made our network more secure and reliable," he said. "Now I don't care how [users] come onto the network."

Dig Deeper on Network Access Control

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.