Secure management of corporate network and user rights from the cloud for LetsGetChecked

LetsGetChecked primarily tests personal health by conducting health screening based on tests performed in the client's home environment, giving the client greater control over their personal health through simple and powerful technology. The company operates from centres in the USA, Canada, Ireland and the Czech Republic, running all of the company's applications in the cloud.

The company's goal was to create a secure environment where access to sensitive customer data is centrally controlled. And at the same time, to maximize the security of this data through effective user management, endpoint maintenance and corporate network. The requirement was to meet security guidelines regulating the handling of sensitive personal data in both Europe and North America.

All of the company's information systems are provided to users from a private cloud environment in Amazon Web Services. The requirement was to use only cloud services, without the need to have any local servers and applications.

AUTOCONT had to find a very progressive solution. In cooperation with the customer, it carried out an analysis and Proof of Concept of the entire solution. Cisco Meraki technology was chosen as the basis for a modern network infrastructure and a target concept was proposed, enabling complete remote network management through a single administration interface and strong endpoint security using only cloud services. Interconnection of all sites via automatic VPN tunnels was designed to ensure that each user can access the entire network according to the given permissions.

By leveraging JumpCloud, which is a cloud-based directory, user profiles can be unified and managed in bulk across different services (profiles on Windows, GSuite, etc.). RADIUS servers as a service combined with Cisco Meraki access points created a controlled wireless network where users log in via PEAP and 802.1x using the same account they have on GSuite.

Endpoint security is given the utmost attention. This is all taken care of by the Sophos Central platform, which provides management and security, ensuring that new settings are activated, alerts are sent and contextual security information is shared.

You can create both user groups and end-device groups to which different security policies can be applied. With the installation of the agent on the endpoint devices, not only a classic antivirus is installed, but also the so-called Intercept X, which uses artificial intelligence and machine learning to detect known and unknown threats.

The maintenance of the stations, their patch management, is taken care of by Automox, which can centrally manage all updates to operating systems as well as third-party software. You can manage your own level of automation for managing updates, enforce configuration and see in the central console which devices require attention. Immediate visibility of vulnerabilities and threats by name, but also by CVE number, is provided.