Simplifying Security and Supporting Innovation with Cisco Security


The Netherlands is more than just tulips and bicycles. For the last decade, the Netherlands has ranked amongst the world's most innovative countries according to the Global Innovation Index. In 2020, our nation ranked second in the EU, and fifth overall.

The Netherlands has recognized for our ICT infrastructure, online creativity, knowledge absorption, business sophistication, and business environment. The report went on to praise our world-class research institutes, R&D tax credits, and strategic partnerships between science, industry, and government bodies. Provincie Limburg contributes quite a lot to those accolades.

Promoting Innovation

Provincie Limburg is located in the southernmost part of the Netherlands. I work for the province as a network administrator, and my job is to ensure that our people can connect to our intranet and the wider internet to do everything they need online. Part of these duties include providing support to the Brightlands Campuses. These four institutions—Heerlen, Maastricht, Sittard-Geleen, and Venlo—are home to students, entrepreneurs, researchers, and government workers who are inventing, building, and selling the products of tomorrow. 

Each campus has its own specialization. The Chemelot Campus in Sittard-Geleen works with smart materials and sustainable production. Our Heerlen campus focuses on data science and smart services. The Greenport Venlo campus deals with food and nutrition, while the Maastricht Health Campus is working on regenerative medicine and diagnostics. 

Innovation needs investment and strategic partnerships between #science, industry, and #government bodies.

Like the rest of the Netherlands, Provincie Limburg has embraced innovation and supports it through various initiatives, including education. We contribute tens of millions of Euros to help the Brightlands Campuses establish collaborative connections with SMEs, multinational corporations, and nearby universities in Eindhoven, Leuven, Aachen, and Liège. We also seek to attract new investment and young talent to the region. 

We’re a proud investor, lobbyist, connector, and partner doing whatever we can to help push the conversation forward. 

Reinforcing Our Security

In December 2019, Maastricht University became a victim of a ransomware attack. It got a lot of attention, and that got the Provincie Limburg IT team thinking about our internal security measures. One of our pain points was our two-factor authentication (2FA). 

Two-factor identification is an absolute must if you want to protect your organization's IT assets. Passwords are not enough and are easily cracked, so companies have largely moved to 2FA or multi-factor authentication—especially now, as so many people are working remotely due to global pandemic. 

Passwords are easily hacked. Multi-factor authentication protects your users and your IT assets.

The province had a 2FA solution in place, but it was a nightmare to manage. Every time we needed to change its configuration or install an upgrade, we had to hire an outside company because it was too complicated to do it ourselves. Our old 2FA tool also made it difficult for our employees to work remotely because they couldn't always access the resources they needed through our main site. 

For a while, our 2FA solution was a mere annoyance. By the beginning of 2020, however, we thought it was a good idea to explore the market.

Adopting Multi-Factor Identification

We met with our partners at NTT Netherlands, and they called our attention to Cisco Duo. They told us it was much easier to configure than our existing solution, and it was also easier to manage.

NTT has a worldwide presence, and Cisco is the most trusted name in networking. Although I didn't know anything about Duo, I knew Cisco technology. When I did my bachelor's degree in network infrastructure design at Hogeschool Zuyd, the curriculum focused heavily on Cisco products. On top of that, our network infrastructure for Provincie Limburg already uses a lot of Cisco technology, so we were familiar with a lot of it internally. We came to know and trust Cisco over the years, so we didn't look any further. We agreed to sign up for a trial.  

Our primary desire was to keep things simple. We didn't want to invest in any new hardware, and we were looking for a painless rollout. Cisco Duo delivered on both counts. After getting set up with the trial, I went through all the documentation and watched some configuration videos online. It was very straightforward; I would pause the tutorials, follow the instructions, then go return to learn the next step. I was up to speed in no time. Cisco Duo was so easy to use that NTT essentially handed us the keys and let us run with it. We did everything else on our own. 

They say that timing is everything. A few weeks after we started the trial, the pandemic lockdown came into effect, and we had to enable everyone to work from home. Fortunately, we'd already taken steps to move to a better alternative. We had already learned everything we needed to know about Duo and were able to accelerate its deployment. In a few days, we went from 200 to 1,000 remote workers, all of whom use Duo to secure their login credentials. We got everything rolling and were able to secure our remote workforce without adding to our team of 12 networking specialists and four help desk staff.

In hindsight, it would have been impossible to implement a viable plan to keep everyone working through the pandemic lockdown with our old solution. 

Seamless Integrations and Migrations

Unlike our previous solution, Cisco Duo integrates seamlessly with Cisco's other remote access solutions, including Cisco AnyConnect and Cisco Identity Services Engine (ISE). Eventually, we're going to deploy ISE to authenticate users connecting to our local network. But for the time being, we use ISE to authenticate our IT administrators, who are the only employees logging in to our main site via Cisco AnyConnect

Our other employees continue to use their web browsers to log into our Citrix VDI farm from home, but we'll be phasing it out over the next two years to reduce costs and improve network performance. Eventually, everyone who works for Provincie Limburg will use Cisco ISE and Cisco AnyConnect to log into cloud-based versions of their current apps. 

We're taking things slowly and have adopted an organic approach to this process. We only replace apps with their cloud-based versions once they have reached end-of-life status. Similarly, we only move people to the cloud when they can no longer access the functions they need with on-prem solutions. We have already installed Cisco AnyConnect on all employee laptops, so when it’s time, it will be easy to transition them from Citrix to the cloud with a few simple keystrokes.

Business Resilience 

At the end of November, we'll be beefing up security and rolling out Cisco FirePower. By doing so, we will consolidate our firewall management, application control, intrusion prevention, URL filtering, and advanced malware protection in a centralized management console. It's a major step up from our current security setup and entirely transparent to end users.  

Thanks to NTT and Cisco , Provincie Limburg has solidified and secured our IT infrastructure. We have empowered our remote workers during the global pandemic and are prepared to inspire the innovators who will meet the challenges of tomorrow.