blank
blank

Digital Workplace Summit 2020 – your digital transformation starts with the workplace. Save the date and join us on May 12th in Mechelen!

Category: ARTICLES
Home / ARTICLES /

NOW IS NOT THE TIME TO BE TEMPTED TO USE INSECURE HOMEWORKING SOLUTIONS

March 16th, 2020. The demand for homeworking is exploding because of Covid-19 measures being taken worldwide. As it turns out, a lot of organizations are not scaled to provide secure homeworking. Not all employees are equipped with laptops, VPN or VDI platforms are not scaled for mass usage, et cetera. In attempts to keep the business running, IT departments are taking urgent measures in scaling for mobile and homework. Unfortunately, this doesn’t always happen with security best practices in mind:

      • Open RDP: Users are just getting access to desktops and server-based computing environments via an Open RDP environment. In our study from Jan 2020, we saw over 360.000 Open RDP environments in 6 European countries. I’m sure this will be significantly higher today.
      • No MFA: Organizations are not using MFA (multi-factor authentication), and, are just using Login & Password. These are still too often easy to guess or hack. E.g. ‘123456’, ‘password’ and ‘qwerty’ are in the top 3 of most used passwords in 2019. Alternatively, malicious entities could also link logins and passwords via the many lists that are floating around on the dark web. If you don’t have extra security measures in place, using just a login & password means your business is a sitting duck.
      • VPN Access on BYOD: VPN is the most used tool for remote access. With the spike in demand, organizations are tempted to enable VPN on unmanaged devices (that could be compromised). Running a VPN on a compromised device is a definite no-go. It gives hackers the possibility to enter your network without too much hassle.

Corona hackers?

We see an increase in hacking activity since the Corona outbreak. TheNextWeb reports that hackers are publishing malware-infested outbreak maps and dashboards. While the official map from “John Hopkins University” informs the public, these maps are built to discover credentials such as usernames, passwords, credit card numbers, etc. This could be the personal webmail account of the user. It could also be access to your corporate network. 

Not necessarily related to the same root cause (which is still unknown), but March 13th Computer Weekly reports that a hospital in Brno, Czechia, was the victim of a cyber attack. The hospital IT systems were turned off and have been encrypted by ransomware. This, amidst the Covid19 crisis. The worst possible timing for the hospital. And probably the best for the hacker(s) to see any form of ransom payment. 2 days later, on March 15th, the municipality of Marseille, France, is also hit by ransomware attacks says Securityaffairs.co. This attack right before the local French elections. 

Secure homeworking with Awingu

Awingu enables secure access within the principles of “Zero Trust”. Users take whatever device, including unmanaged ‘BYOD’ devices, and login via their browser to RDP based desktops and remote apps, file shares, intranets, … Nothing is running locally on the device. The user only gets access to these assets (files, apps, ..) they have the right to access. MFA is built-in. User controls can very gradually be turned down (e.g. no remote printing, no copy-pasting, etc).

The beauty is: Awingu runs on top of your existing back-end environment. It is not disruptive, still adds all the mobility and security benefits. 

Fast, faster, fastest deployments

Time is of the essence. Deploying Awingu in your existing network can be done in the lapse of hours. Roll-out to users is also very quick as there are no agents and clients to install on the end-points. Users just need to authenticate to the Awingu workspace via a browser. That’s it.

Find out more about Awingu!

START YOUR FREE TRIAL
CONTACT US
About the author
arnaud square
Arnaud Marliere
Chief Marketing Officer
Linkedin Twitter Facebook Youtube Envelope

SECURELY ACCESS YOUR OFFICE DESKTOP WITH YOUR OWN COMPUTER FROM HOME WITH AWINGU

An increasing amount of organizations are stimulating working from home. Because their employees are asking about it, because it’s proven to increase productivity, or, because of the recent Corona (Covid19) outbreak. 

For companies that issue company laptops, VPN (Virtual Private Network) is still a very popular tool – even if proven not to be a very user-friendly or secure remote access enabler. But for diverse reasons, many companies equip their employees with desktops in the office. Enabling these employees to work from home, typically means enabling BYOD (Bring Your Own Device). Here, VPN is a definite no-go.

Furthermore, many organizations don’t have a Server-based Computing or VDI platform. Meaning, the only way to work remotely, is to access the physical desktop.

In this blog post, we’ll explain how organizations that don’t have a VDI setup (or a Server Based Computing platform), nor equip staff with managed laptops, can still enable secure homeworking with BYOD through Awingu. For clarity: Awingu is often used in Server Based Computing context in combination with RDS (Remote Desktop Service). This is a different scenario.

The basic principles

Awingu is a virtual appliance that can be installed in the network of the organization. It has many functions, but let’s summarize the most relevant ones for this use-case

      • HTML5 Gateway: Awingu has an RDP to HTML5 gateway. When put in your company network, it can connect per RDP (Remote Desktop Protocol) to the different desktops. It translates this signal in HTML5, and, makes the desktops available in a browser.
      • Browser-based access: users don’t need to install anything on their device. They take any device, surf to the access URL using their preferred browser, authenticate securely and get access to their desktop. For the remote access to work, the desktop needs to be powered on in the office. It also means IT support doesn’t need to worry about supporting clients and a multitude of new devices. 
      • Any Windows version: Awingu talks RDP. That means there is little dependency on the Windows version you are running. You can connect a Windows XP desktop all the way to a Windows 10 desktop.
      • AD credentials: Awingu will connect via LDAP to your Active Directory. Users will authenticate with their known Windows credentials.
      • Multi-Factor Authentication: Awingu comes built-in with an MFA solution (use Google Authenticator or Microsoft Authenticator on a smartphone. Awingu also supports numerous other MFA integrations. So basically, on top of the Windows Credentials, the user will add another token to assure a secure authentication.
      • Port 443 only: The only port which needs to be open to the outside is 443. Nothing more.
      • Usage Audit: Awingu has a full audit trace (IP address, timestamp, streamed apps opened and closed, …) to assure compliance, also for remote access. 

Simple architecture gets you up-and-running in hours!

blank
Awingu enables secure BYOD access to local desktops

In the above high-level picture, we illustrate how the Awingu virtual appliance is set up in an existing network. 

      • Awingu’s virtual Linux appliance is installed on one or more Virtual Machines (as guidance: up to 500 concurrent app/desktop sessions can run on 1 virtual machine with 8Gb Memory and 8vCPU)
      • Awingu is connected per RDP to each desktop (they must be powered on), and coupled to the AD. No installations are needed on the AD or desktops. 
        • Note: Awingu can also be connected to RDS-based environments, to file shares and SaaS apps such as Office 365 and GSuite. In this blog post, we make an abstraction of this and focus solely on the remote desktop access. 
      • Awingu is typically installed behind a firewall or proxy and only needs access via port 443.
      • End-users login via their browser on their private device: a Windows laptop, an Apple Macbook, a Chromebook, .. any device with a browser will work. The Awingu virtual appliance.
blank
Example of an Awingu login page in the browser, Google Chrome in this case
      • Single Sign-On is also possible with an external Identity Provider (IdP) such as Okta or Azure AD. When using an IdP, you can also opt to use the associated MFA services to access the Awingu workspace.
blank
Screenshot of remote access to a full Windows desktop in the browser

Given this simple setup, organizations can get up and running in a matter of hours! Start your free trial today!

What investments are needed?

To enable the above use case, you will need:

      • A virtual machine (at least one)
      • Awingu licenses (check out our pricing, or contact us for more info)

There is no need for RDS licensing, given that you are connecting to a client OS (and not a server). You will also not require any additional VDA licensing if you remotely connect from a Windows device to your primary desktop/laptop that is connected to the company network (learn more about how RDS & VDI licensing works here).

Find out more about Awingu!

START YOUR FREE TRIAL
CONTACT US
About the author
arnaud square
Arnaud Marliere
Chief Marketing Officer
Linkedin Twitter Facebook Youtube Envelope

ZERO TRUST: THE NEW NORMAL

Zero Trust (ZT) is probably one of the most talked-about topics, terms, or buzzwords on the cybersecurity market today. If you have attended any conference across the globe in the last 2 years in the cyber circuit, it is highly likely that you have run across this Zero Trust “thing”. But what is Zero Trust? Where did the concept and idea originate and why should we be inundated with this onslaught of Zero Trust shenanigans?

Trust but verify is no longer a valid approach

To understand what Zero Trust is, we must rewind the clock for about 16 years to the Jericho Forum. That was a group of academics that were sitting around pondering the more tangential issues in network security and how they might apply their brainpower to addressing that pivotal issue. At that time, nearly two decades ago remember, the most powerful asset in an enterprise to be introduced to the market was the NGFW, next-generation firewall. This “all-powerful” device was supposed to be the game-changer in eliminating threats and helping to segment the infrastructure of on-perimeter systems and infrastructure. While this was innovative at the time it was not much more than a high powered dynamic segmentation tool. That being the case the members of the Jericho Forum adopted the research concept of “De-Perimieterized Security”. Essentially the focused effort of using that NGFW tool capability to extend control and segmentation throughout the infrastructure more dynamically but with a focus on not just a big high “wall” at the edge of the network. Instead, it would be a series of more granular segments with more focused controls and improved monitoring. This would be a watershed moment in the secure infrastructure forethinking and in truth, no one paid much attention other than the members of the Jericho Forum, and one Forrester analyst John Kindervag.

Jon was visionary enough to see the application of this approach was valuable and could change the game for more secure, and more controllable infrastructure at scale. Jon saw the coming power of the cloud and the potential for the problems that diverse and ever-growing infrastructure might create. He also had the foresight to realize that the world was moving to a space of BYOD (Bring Your Own Device) as a primary method of futurizing the workspace. With that realization, his background in network security Jon looked for the most singular point of failure in that future state. After a year or so of research, he concluded that the “trust” that was installed and implied within this future state of architecture would be the harbinger of its failure. To much default sharing, over connectivity, and unfettered access would be problematic for any enterprise that was compromised, and Jon knew that compromise was a given, not a possibility. With that as his basis, Jon coined the term Zero Trust and began the mission to spread his gospel that “trust” was the most important item to control in any infrastructure and at the time using the Next Generation Firewall (NGFW) was the way to do that. And that was where Zero Trust focused for the next decade or so, until around 2017 when technology finally caught up and more practical approaches to modern secure infrastructure became part of the 2020 state of Zero Trust.

VPN was just poking holes in early Zero Trust systems

As infrastructure grew and the need for secure connectivity of that BYOD workforce became the standard for the workplace, the VPN became the standard “secure” application that would be adopted to help enable a “secure” remote workforce. While at first, that seemed like a great concept and approach to the problem, in reality, thanks to the massive breaches that contained usernames and passwords and the nation-state hacks that compromised VPN providers the VPN became not much more than a hindrance for users at best and a direct pipe for hackers into a network at worst. The VPN didn’t do much more than poke holes in those early Zero Trust systems and, was just allowing for direct connections into systems for the bad guys. NGFW and segmentation couldn’t fix the issue of a VPN when that connection for a BYOD user was authenticated with hacked password and administrator privileges. This technology plagued enterprises for nearly a decade.

Browser Isolation, Virtualization and SDN

Now we arrive at the current state of the art in the industry, Software-Defined Networking, Browser Isolation, and Virtualization of infrastructure are keys to any future Zero Trust system. A dynamic space wherein everything can be remote and secure and the need for failed password-based authentication can be eliminated. True Zero Trust infrastructure can finally be deployed because these tools or capabilities have aligned with the reality of what is needed to enable this vital strategic initiative. Using a combination of these vital techniques now allows enterprises to adopt the basic tenets of Zero Trust and eliminate the default configuration issues that plague secure infrastructure and can enable a more dynamic workforce simultaneously.

blank
Zero Trust is not an isolated initiative, it’s an all-encompassing strategy

Think about how you would want to work, or even better how you would want your employees to work. Especially as we now see that remote work and BYOD is the new standard, not the option, for enterprises. To have a more “Zero Trusty” related enterprise, and one that is easier to actually work within, you would want to eliminate the VPN, push the security control from the internals of the infrastructure outward, and enable continual access as well. And do all that while never impacting the user experience. Oh, and you would want to use protocols that are “harder” to be used for exploitation. This means HTTP instead of RDP. Lastly, you would want to eliminate the issues that are present around old or out of date machines that users might want to work on as they operate in your enterprise. That would be incredibly difficult if you were to try and build that out on your own, and that approach would require large investments in time and effort to get to that final state.

Awingu, Zero Trust secure BYOD

Thankfully, Awingu has exactly this type of capability ready to deploy for its customers. With Awingu the users are never actually “on” the network, and there is no need for a VPN. By using the dynamic power of virtualized infrastructure combined with browser isolation the entire workspace for the user is “pushed” to them within a virtual connection.

blank
Awingu's architecture. Learn more!

End-users login via the browser of their BYOD (or managed) device. They get access to published applications, desktops and files remotely, in HTML5. No data sits locally. Even if the device is compromised, there is no direct access to your company assets.

There is no pipe that can be used by malicious hackers, all sessions are encrypted, and MFA is a default built-in offer for all customers. The user is also continuously authenticated as they operate in that secure remote session and the system is integrated with a Single Sign-On (SSO) capability to make login and ease-of-use readily available.

Find out more about Awingu!

START YOUR FREE TRIAL
CONTACT US
About the author
arnaud square
Arnaud Marliere
Chief Marketing Officer
Linkedin Twitter Facebook Youtube Envelope

AWINGU STUDY REVEALS SECURITY THREATS IN OVER 360.000 COMPANIES ACROSS 6 EUROPEAN COUNTRIES

As a follow-up of our 2018 open Remote Desktop Protocol (RDP) endpoint studies, Awingu research found over 360.000 companies and government organizations in Germany, the UK, Italy, the Netherlands, Belgium and Sweden to have an open access into their network that is unprotected and available over the ‘regular’ internet via RDP. Furthermore, we also found a specific peak (up to 40.000 vulnerable RDP environments) on the public cloud of Microsoft Azure Amsterdam. Even inexperienced hackers can easily navigate their way into these unprotected environments by, for example, using databases of stolen logins or by using one of the many known RDP exploits. Therefore, we urge these companies to add an extra layer of security to their environment ASAP.

This study was featured on DataNews (BE), DutchITChannel (NL), ImpresaCity (IT) and Digit (UK).

The study, and why it’s important

In September 2018, November 2018 and February 2019, a research conducted by Awingu into the security of respectively Belgian, Italian and Swedish companies led to staggering results: over 50.000 open RDP (Remote Desktop Protocol) endpoints were discovered, which left the companies they belonged to with a very real security threat. In January of 2020, we looked at how the situation has changed, and how other European countries (United Kingdom, the Netherlands and Germany) performed on this test.

We performed the in-depth investigation based on publicly available data into what RDP endpoints were accessible publicly in said countries, and we did specific research on IP addresses that were connected to unprotected endpoints with an active RDP (Remote Desktop Protocol) access. These can be servers and PCs.

RDP is one of the most used tools for remote access to desktops and servers in the world. Via the RDP client, an application that needs to be installed on the user’s device (e.g. a laptop), you allow users to access a full desktop or application remotely. Typically, this enables employees to use their software both inside and outside of the company. RDP is a low threshold solution, and the addition of security is sometimes taken for granted: extra security measures (e.g. firewall rules or access control lists) mean added complexity for the IT administrator (and the user).

After analysis based on data made available by a public search engine, Awingu achieved the following spectacular result: over 360.000 RDP endpoints are currently publicly available in our 6 researched countries. This means that these are accessible to everyone via the internet – even if no secure connection, facilitated by the organization, is established. In other words, these are not or insufficiently protected and have an unmistakable potential to be hacked.

Easy targets for hackers

It’s a piece of cake for relatively low-skilled hackers to map the list of RDP endpoints and their IP address to real companies and to compare that list with the many publicly available databases of stolen passwords on the dark web – chances are they’ll get in without much effort. If that doesn’t work, but the RDP endpoint is publicly available, there’s no reason why hackers couldn’t also perform a brute-force attack to try and guess the login details, or, use the many known RDP vulnerabilities (if you’re not running the latest update). Such companies with an open RDP environment are therefore advised to do something about this as quickly as possible. Once a hacker has access, they can execute commands that install ransomware on the system and infect other devices in the same network.

In the last year alone there were more than a few devastating exploits that wreaked havoc across the world, including the not yet fully patched Bluekeep that has done significant damage at the very end of 2019 and the NotPetya virus that costed companies worldwide over $10b and essentially shut rendered Maersk unable to go about any of their activities for a while. In other words: exposing your RDP endpoint for the whole world to see is a major security issue.

The results: bad news

Before performing our test, we were optimistic: surely these worldwide incidents and Microsoft’s continuous effort to limit vulnerabilities will have led people to be more cautious with their infrastructure and will have lowered the amount of open RDP endpoints. However, that was not the case.

Previous study 2020 study
🇧🇪 Belgium
8.803
8.698
🇮🇹 Italy
33.629
32.664
🇸🇪 Sweden
9.655
12.614
🇬🇧 United Kingdom
76.626
🇩🇪 Germany
141.500
🇳🇱 The Netherlands
89.398

Note: these numbers include public cloud infrastructure such as Google Cloud Platform & Microsoft Azure. That means that countries such as the Netherlands, that host a lot of public clouds, have more ‘exposure’. Customers running in these clouds come from other countries as well, which skews the data a little bit – although we cannot measure by how much.

While Belgium and Italy have seen an ever so slight decrease in numbers (respectively 1,2% and 2,8%), Sweden sees an increase of roughly 25% in 11 months. Furthermore, the previously unstudied regions show high numbers, with especially The Netherlands leading the pack when comparing open RDP endpoints to population – with approximately 1,5 times the number of citizens as Belgium, they have ten times the amount of unsecured RDP servers.

As we do not know how many RDP endpoints (including those that follow the correct security procedures) there are in a country, we cannot state which is relatively worst off. However, a meaningful metric to compare the data to is GDP, which will give us at least some metric to compare countries. Doing this exercise brings us to the following result:

Open endpoints GDP (in billion USD)* Endpoints/b GDP
1. 🇳🇱 The Netherlands

    NL (non-Azure)
89.398

51.632
902,36
99,07

57,21
2. 🇩🇪 Germany
141.500
3.863,34
36,63
3. 🇬🇧 United Kingdom
76.626
2.743,59
27,93
4. 🇸🇪 Sweden
12.614
528,93
23,85
5. 🇧🇪 Belgium
8.698
517,61
16,8
6. 🇮🇹 Italy
32.664
1.988,64
16,43

*Source: https://www.imf.org/external/pubs/ft/weo/2019/02/weodata/index.aspx

Compared to the average, Germany is also in a bad spot. However, The Netherlands stick out like a sore thumb. Even when leaving Azure servers (that potentially host the data of non-Dutch companies, as Azure Amsterdam hosts the Western European part of the Azure Geography) out of the mix, we still found 51.632 open endpoints, eliminating the argument that the numbers skyrocket merely due to their public cloud presence. That high number is of course also linked to the high adoption of ‘server-based computing’ (and thus RDP) in the Netherlands – and therefore more data centers, more Windows servers and a culture that favors remote working. Even when leaving the Azure Amsterdam numbers out, we can state with confidence that more companies are impacted per capita in The Netherlands than in all of the other regions.

What do we learn from this?

1. Open RDP endpoints are everywhere

Of the six countries that we have researched, every single one has an abundant amount of open RDP endpoints. We shouldn’t expect it to say 0 (though it should be our goal) but it shows that no country or region escapes the problem.

Because the endpoints are public and mapped to an IP address, we were also able to pinpoint roughly where these companies (or at least their data centers) can be found on a map, as outlined below. Click on the images to get a detailed view!

blank
Belgium
blank
France
blank
United Kingdom
blank
Italy
blank
The Netherlands
blank
Sweden

Overall, we learn from these maps that – unsurprisingly – the concentration of open RDP endpoints is directly related to population density. However, that also implies that it is not region-specific, or bound to, for example, only a certain ISP.

2. The situation is severe, and not improving

As remote working though RDP is gaining in popularity, and (likewise) more companies are enabling it, one should keep a bare minimum of security in mind. However, the spike we see in Sweden shows us an extreme opposite. And while the numbers in Belgium and Italy stay relatively stable, that does not call for a celebration – au contraire. If anything, it shows that there is little to no general knowledge about the dangers these practices entail; if there were, we should record a drastic decrease in open RDP endpoints, not a constant.

Although we cannot compare historical data from our previously unresearched regions (UK, Netherlands, Germany), we are safe to state that the threat is very real in those countries as well. Together, they make up the lion’s share of the discovered public-facing servers.

3. Organizations that lift & shift to public cloud forget security basics

One would expect that the public cloud (such as Microsoft Azure) has a positive impact on the amount of open RDP endpoints – alas, the opposite is true. As is apparent in the Netherlands, where 42% of the open endpoints were found in Azure, it’s definitely not the case that moving towards a public cloud makes you forget your worries. This also leads us to conclude that often companies perform a ‘lift & shift’ towards the public cloud, without accounting for the correct security procedures on neither their on-prem nor public cloud infrastructure.

blank
"The minute people go to cloud, they forget all the security best-practises they use on-prem.” Microsoft Azure is known to host a lot of “lift & shift” workloads, and many IT admins choose the default setting when it comes to RDP: putting everything open. In an on-prem situation, you need to make an effort to make data accessible from the outside, in a public cloud setting you need to make an effort to keep data inaccessible from the outside. That means that a ‘move to the public cloud’ often entails environments that are a lot more open than they should be.”
blank
Steven Dewinter
COO, Awingu

Mitigating security risks with Awingu

Awingu facilitates a solution for this problem with our Unified Workspace. When using it, you connect to the application or desktop via a browser – and no longer via an RDP client. This means that people with bad intentions can no longer exploit the weak points of an unprotected RDP access. To maximize protection through the browser access, Awingu implements the following security measures:

  • Multi-factor authentication: Awingu comes with a built-in MFA solution, and can (if necessary) easily integrate your current method of authentication. By adding MFA you ensure that the ‘brute force attacks’ are no longer possible.
  • SSL without hassle: use your own certificates or switch SSL via the built-in Let’s Encrypt integration with just a single mouse click.
  • Extensive audit possibilities: keep your existing RDP logging tools running alongside the included Awingu audit capabilities
  • Anomaly detection: get informed about irregularities in your environment, such as someone who logs in too often with a wrong password or when someone tries to log in from abroad
  • Add an additional layer: Awingu adds an extra gate that is only accessible over http(s), making it a lot harder for hackers to access your RDP. In essence, it provides yet another door that needs to be ‘unlocked’.

Find out more about Awingu!

START YOUR FREE TRIAL
CONTACT US
About the author
karel
Karel Van Ooteghem
Marketing Manager
Linkedin Twitter Facebook Youtube Envelope

SMOOTH REMOTE ACCESS TO FILEMAKER PRO VIA AWINGU

FileMaker Pro is a cross-platform relational database application from Claris International, an subsidiary of Apple Inc. It integrates an database engine with a graphical user interface and security features, allowing users to modify the database by dragging new elements into layouts, screens or forms. FileMaker was initially introduced on the market as an MS-DOS based program (in the 80’s), but quickly made the shift to Macintosh. Today, FileMaker Pro is available on prem and as a cloud version (FileMaker Cloud).Read More

XTECHS.SUPPORT PROVIDES CUSTOMERS EASY & SECURE REMOTE ACCESS VIA AWINGU-AS-A-SERVICE OFFERING

XTECHS is a 5 FTE Managed Service Provider based in Roseville, California (USA). They provide End-to-End services to small and mid-sized businesses across the state. XTECHS was founded in 2000 as a PC shop under the name ‘XTECHS Computer Repair’ In 2014 they decided to extend the business into managed services for SMBs. Today, Managed Services for SMBs constitute the bulk of the business.

Read More

THE HOSPITAL OF EAST-LIMBURG GOES AWINGU FOR COST-EFFECTIVE OPERATIONAL EXCELLENCE

The Hospital of East-Limburg (Ziekenhuis Oost-Limburg or ZOL) is one of the largest peripheral hospitals in the province of Limburg and employs around 3000 people in staff and is home to over 300 medical doctors. Because the hospital is spread across 3 campuses (a number which will continue to grow as it has recently announced its merger with another hospital, Ziekenhuis Maas en Kempen), they noticed an increasing need to enable mobile work from anywhere, on any device.

Why look for a solution that enables remote work?

ZOL is continuously working on its digital transformation. In line with that is the expectation of its employees to access their data – patient files, hospital-specific applications, etc. – from anywhere and via any device (both managed and unmanaged). In the past, they had a Citrix environment up and running but they were displeased about its level of stability, its complexity and the fact that users were only able to access their data by installing an agent to establish the connection – a rather cumbersome predicament.

"It was absolutely crucial for us to have a new, modern and stable environment that we could deploy in a qualitative way and that allowed us to tackle as many use cases as possible."
blank
Peter Thys
CIO, Ziekenhuis Oost-Limburg
Why Awingu?

‘We chose Awingu because it allows us to, in an easy way, give our users access to our internal systems,’ says Kurt Gielen (ICT Operations Manager, ZOL). ‘And it does that without the need for agents or clients, without the hassle of complicated systems that require a lot of updates and maintenance.’ With Awingu, ZOL gives its users to option to simply log in to their workspace via a web browser to start using all of their applications – be it legacy, SaaS or web.

‘An important driver to choose for Awingu was the cost aspect,’ says Kurt. After comparing Citrix with Awingu, they noticed a cost decrease of 50% – both in terms of licensing and operational costs. The latter became very apparent when talking to the IT support team at ZOL:

"In the past, when we still used Citrix, we got a lot of calls about login and printing problems. Now that we've made the switch to Awingu, that has strongly declined, which significantly lowered the work load for the IT department."
blank
An Liebens
Servicedesk Engineer, Ziekenhuis Oost-Limburg

That cost decrease is also noticable when it comes to operational excellence: ‘One of the advantages that we’ve seen when switching to Awingu is that we were also able to shrink our server farm. In the past, we needed 20 servers to keep our Citrix environment running. When migrating to Awingu we were able to reduce that number to 8 – or even less!’, says Kurt.

How is Awingu being used?

Initially, the idea of implementing Awingu was to enable their staff and doctors to work from anywhere. To do that, they needed a solution that was as little intrusive as possible – and Awingu ticked that box:

"It's an easy to use product. You don't need to install or update agents or clients, you effortlessly log in to the workspace to access our internal systems via a web portal which is a big plus for our users in the day-to-day maintenance and use of our systems."
blank
Kurt Gielen
ICT Operations Manager, Ziekenhuis Oost-Limburg

Awingu also helped ZOL in light of their JCI accreditation, which is an industry-wide standard for care quality. In terms of IT, being JCI accredited implies that you can deliver excellent care to your patients at any possible time – also in times of, for example, a major power outage or a disaster. According to Kurt, many hospitals print out every single patient file on a daily basis and construct a gargantuous paper archive to be ‘IT-independent’. However, ZOL found a much more cost-efficient and (definitely) easier way to do this:

"We used the same technology in an Azure setup to give access to our emergency systems, comletely isolated from our on-prem environment and live replicated in the cloud, always accessible in a case of emergency."
blank
Kurt Gielen
ICT Operations Manager, Ziekenhuis Oost-Limburg
How was Awingu rolled out?

Initially, ZOL started with setting up Awingu on their on-premises systems. ‘The goal of that was to offer our employees and doctors an easy access to our medical records software, Chipsoft HIX, and to our most important line of business applications.’ After that, the Awingu-as-DRS-project rolled out, where the Awingu technology was used to give access to the emergency systems which and kept in sync on Azure and that sit completely isolated from the on-prem environment.

‘After those two initial phases, we started actively migrating Citrix users to the Awingu platform’, Kurt says. Right now, everyone at ZOL works in a consolidated way on the Awingu platform when performing external services.

"Now that everyone works with Awingu, Citrix has been completely replaced and taken offline."
blank
Kurt Gielen
ICT Operations Manager, Ziekenhuis Oost-Limburg

Do you want to know more about how other healthcare institutions use Awingu to achieve cost-efficient operational excellence? Check out our Awingu for Healthcare page!

Find out more about Awingu!

START YOUR FREE TRIAL
CONTACT US

SMOOTHLY BLEND YOUR LEGACY IT IN A FULL GOOGLE SETUP WITH AWINGU

Did your business make the full transition to Google Apps in the last couple of years? Have you embraced Chromebooks? Chances are you really like the GSuite experience for productivity, communication, and collaboration, but, you still have some legacy services that are just too hard to migrate to a SaaS alternative in time and budget… Or maybe there just is no suitable SaaS alternative.

Read More

blank
ABOUT
PRODUCT
RESOURCES
LEGAL
GET IN TOUCH!
Linkedin Facebook Youtube Twitter

© 2020 – Awingu NV