MHC Software reduced deployment time by 90% and powers automation with Twingate
Leveraging Twingate, MHC supports 200+ globally distributed employees to access the information they need, while minimizing their attack surface across multiple cloud and on-prem environments.
“Without Twingate, building our own VPN solution would have taken months and would have been a nightmare to support, given our networks and users are located everywhere. With Twingate, we got set up immediately, and it works across our cloud and on-prem networks. It was like "Wow!"”
Director of IT
In mid-2020, MHC Software acquired Ecrion Software to form the leader in content automation. With the acquisition also came the need to merge two distinct remote workforces, distributed across the globe. With teams in the United States, Romania, the United Kingdom, and other international locations, MHC needed a solution to enable their distributed teams to access critical company resources, no matter where they were located.
MHC and Ecrion each used a number of different remote access solutions, making the process of fully unifying their respective networks very challenging and time-consuming. Their primary solution at the time, Cisco AnyConnect, was unable to fully meet their needs due to the complex and time-consuming process of configuring different resource access policies for their various groups.
“It would have been a nightmare to support the multiple networks we inherited. It would have been very difficult for our support teams to troubleshoot the 3 or 4 different systems required for each set of users in our company,” explained Eddie Weyrick and James Straub, Director of IT and Director of Information Security, respectively.
The combined company had resources deployed across multiple cloud providers and on-premises, used multiple identity providers for authentication, and ran a combination of fully-managed SaaS products and on-premises legacy software. This led the team to seek out a unified remote access solution that was secure, cost-effective, and could be deployed quickly.
Acquisition of Ecrion led to having two complex networks and systems
Limited capacity to provide ongoing support for multiple disparate systems
Support for multi-cloud and hybrid cloud environments
Support for both SaaS and legacy on-premises resources
Needed to provide secure remote access to a 200+ employee workforce
After evaluating ways to build the required network integration and remote access systems themselves, the team quickly realized that they needed to explore alternatives to the traditional VPN approach of having a single VPN access point.
Although the MHC team was aware of the significant benefits of moving to a Zero Trust model in this situation, the common perception was that such a model would have been extremely complex and time-consuming to implement. However, the value and ease of deployment that Twingate offered made it a compelling choice. “We thought redesigning the network for Zero Trust was out of reach at the time, but once we heard about Twingate, it became the obvious choice, and we stopped considering other alternatives,” Straub noted.
This drove MHC to obtain the security benefits offered by a zero trust solution over a traditional VPN, while also spending significantly less time in deployment.
Simplicity and Agility
The MHC team estimated that it would have taken upwards of 1 year to fully implement a VPN-based solution to support the combined business. Standing up a firewall and VPN itself would have taken 10-12 weeks, and the long-term migration of resources to a consolidated network would have taken many months longer. In addition, there is the upfront cost of the hardware appliances as well as the ongoing cost of lost productivity during these cumbersome migrations.
With Twingate, the team was able to get fully up and running in a matter of days. After 2 weeks of testing, Twingate was rolled out to the MHC employee base to seamlessly access the resources they needed to be productive.
Cloud-native Deployment and Elasticity
One significant hurdle to building a self-managed VPN solution is the unpredictability of network traffic over time. As MHC’s products and deployments span multiple cloud environments and on-premises data centers, it would have been challenging to accurately estimate the network capacity needed for each resource, which could lead to either underperformance or overprovisioning of resources.
Twingate allowed MHC to deploy connectors instantly across all desired resources with no capacity planning required and no cost penalty for over- or underutilization.
“From a cost standpoint, it would have been very difficult to estimate the unpredictable network traffic across resources we need. Twingate allows users to seamless access secure resources while we take on the migration in the background,” Straub said.
Journey to Zero Trust
Exposing public VPN gateways is a risk for any organization. For MHC, supporting their globally distributed workforce and multi-cloud infrastructure introduced additional risks that would leave traditional VPNs vulnerable to attack and difficult to maintain.
Twingate enabled MHC to move to a Zero Trust security model with minimal effort. In a matter of weeks, the MHC team was able to protect their company-critical resources while providing employees with remote access to the information they need.
“Until Twingate, Zero Trust was always viewed as too hard to implement. The speed of implementation was a huge benefit and it’s great to have a unified access solution for the entire company,” Weyrick said.