Campari Group improves security, access for its 1,000+ third-party contractors worldwide through Azure Virtual Desktop

Reaching for the cloud

Historically, Campari Group ran its business and operations services through datacenters located in Zurich and Amsterdam, using traditional hypervisor technology with perimeter-based security. Campari Group also ran a smaller web-farm datacenter in Italy to support its 100 or so official websites. Guided by a strategic, global IT vision that aimed for centralized management of all global services for all countries and brands, Campari Group pursued a single cloud provider. In 2019, Campari Group shuttered its Italy-based datacenter and, soon after that, modernized all its SAP workloads from on-premises datacenters to Azure.

These cloud migrations proved prescient. In November 2020, Campari Group found itself the victim of a significant ransomware attack that affected its remaining on-premises datacenters and caused outages in production and operations along with the loss of many server backups. None of the workloads that the company had already moved to Azure were affected by the security breach, which clearly demonstrated for Campari Group the value of its ongoing datacenter exit strategy. So, with partner Bluesource—a member of the Microsoft Partner Network—Campari Group closed its remaining on-premises datacenter to become a fully cloud-enabled company.

From VPN to Azure Virtual Desktop

Before its cloud modernization, Campari Group provided valuable operational access to third-party contractors through VPNs. However, from a security standpoint, VPNs introduced a certain amount of risk from the exposure of Campari Group’s network to contractor computers. The company needed to connect its roughly 1,200 third-party contractors and consultants in a highly secure and reliable way—it found its answer with Azure Virtual Desktop.

Matthew Zeidler, Campari Group’s Senior Director of Enterprise Architecture and Technology, recalls, “We rapidly designed and implemented at scale a completely new Azure Virtual Desktop experience covering various pools of different third-party personas, through our engagement with Bluesource. We used Azure Virtual Desktop to scale up and onboard more than a thousand users in a matter of days. And we got to an initial proof of concept in just hours. Without Azure Virtual Desktop, it would have taken us several weeks, if not months, to figure out how to connect third parties in such a secure manner.” 

Campari Group was able to bring its business back online in a matter of days. Zeidler continues, “With Azure Virtual Desktop, we ramped up to more than 1,000 third-party contractors and reconnected them to the Campari Group network in a highly secure manner to continue business operations, reducing the impact from the ransomware attack.”

Campari Group thus converted a crisis into an opportunity, by pivoting to Azure and undertaking a more secure and scalable infrastructure approach. “Looking at the challenges businesses face today, you need a Zero Trust approach when it comes to access,” Zeidler says. “We use Azure Virtual Desktop to continue business operations by deploying virtualized images to third parties, as they need them, for very quick access to business-critical applications in a highly secure manner. We can deploy relevant applications at scale to hundreds of users very quickly. This is a huge change from the legacy approach of having to provide and manage VPN access that acts as a gateway to potential attacks.”

The company’s Azure Virtual Desktop solution supports both contractor and internal user access. It runs various pools, broken into business users, outside consultants, outsourced IT resources, and outsourced finance resources. Zeidler states, “By using these pools, we can tailor the applications required for each of these personas, and we can scale out application updates in a multi-session environment to hundreds of users in a very short manner of time. We’re able to upgrade once and the value is realized across the board.” Indeed, through Azure Virtual Desktop multi-session, Campari Group gains greater, more secure management capabilities. It can install or upgrade applications once and uniformly rather than having to deploy and manage applications individually for hundreds of third parties.

In terms of security, Azure Virtual Desktop multi-session provides full visibility into which third party is accessing which business-critical application, thereby supporting Campari Group’s Zero Trust security approach. Additionally, the solution ties in seamlessly with Azure Active Directory, part of Microsoft Entra, and uses multifactor authentication to safeguard user access to Campari Group’s cloud environment. The company deploys Microsoft Defender for Endpoint to help detect, prevent, investigate, and automatically respond to potential breaches, threats, or attacks across its endpoints.

Campari Group has also adopted Microsoft Sentinel for monitoring and gained greater visibility plus the ability to prioritize security issues as they emerge across its virtual desktop environment. Campari Group views the enhanced security from its cloud modernization and its Azure Virtual Desktop implementation as not only reassuring but business critical. Zeidler says, “For us, Azure Virtual Desktop was a lifesaver, helping us bring back online business operations with our third parties with security we can trust.”

Reaching further, more securely

Although it initially deployed Azure Virtual Desktop for more tactical reasons, Campari Group has begun to realize more strategic outcomes and benefits. It identified and moved key legacy business applications—which it had been running through an on-premises hosted virtual machine (VM)—to Azure Virtual Desktop to enhance speed and access and reduce costs. Also, the company improved the experience for its employees, contractors, and suppliers alike in its shift from on-premises hosted VPNs to Azure Virtual Desktop. According to feedback from Campari Group employees and contractors, the new solution is easier to access and easier to use. For example, they report seamless use via Azure Virtual Desktop of an application hosted in Europe and accessed from regions as far away as Australia and the Caribbean.

Campari Group benefits from its newly centralized management as well. The company uses Azure Virtual Desktop to conduct security patching, feature updates, application upgrades, and even new application deployments quickly and easily, in part because it can target updates by pool and persona user groups. Zeidler states, “After switching to Azure Virtual Desktop, we now can deploy new software to just over a thousand external users in a very, very short amount of time.”

Conducting desktop and application management in such a fast, secure, large-scale manner positions the company to be more agile and responsive to its business needs. Zeidler continues, “Part of the value we are seeing with Azure Virtual Desktop is our ability to manage and assist such a large user base so quickly. This is particularly helpful when getting access to desktops for our offshore and outsourced finance and IT workers is in no way easy, especially as we move more and more to a hybrid workplace.”

Greater support for employees and contractors

Campari Group removed its previous on-premises VM, along with the associated risks of using VPNs for third parties, from its technology stack, and through its adoption of Azure Virtual Desktop, it gained the ability to deploy software at speed and scale while maintaining centralized management and security. As Zeidler says, “For Campari Group, when it comes to using Azure Virtual Desktop to manage access for third parties without compromising security, one word comes to mind—game-changer.”

The company is evaluating remote application streaming through Azure Virtual Desktop as well, and it identified other opportunities for efficiency and security gains. It deployed Microsoft Intune for devices to make it easier to provision and safeguard the mobile devices of both its employees and outsourced workers. And having embraced the Microsoft Cloud, Campari Group can now provide dedicated, highly secure workspaces to certain personas with more varied application requirements through Microsoft 365. The company is also assessing Windows 365 Cloud PC to support joined-venture partners that are dispersed across the globe and need access to core business applications but do not require a full multi-session. Says Zeidler, “To be able to give our partners, wherever they are, dedicated, cloud-based, and securely managed access to Campari Group applications and to be able to take advantage of Azure regions to deploy those instances locally to avoid latency impacts is incredibly valuable.”

Campari Group has equipped itself with a powerful tool in Microsoft Azure. Not only can Campari Group take advantage of the complete management and monitoring capabilities Azure brings to the table, but it can also better manage its costs and visibility over its infrastructure. The company has gained the capability of scaling out as necessary based on increased usage of its Azure Virtual Desktop infrastructure. Zeidler observes, “Our adoption of Azure Virtual Desktop allowed us to take advantage of capabilities that we’d never have from a physical datacenter. Not only can we manage our costs and visibility, but as our usage increases, multi-session functionality gives us the scalability we need.” Recently, Campari Group had to onboard a large number of third parties to deploy transformational programs. Through Azure Virtual Desktop, they very quickly scaled up to maintain the efficiency and speed required to run those projects.

Campari Group has only just begun to realize the value to be won by modernizing its environment and harnessing the power of the Microsoft Cloud. For Campari Group, it is all part of the journey toward a faster, agile, and more secure modern workplace, where, Zeidler concludes, “Being able to bring people online by deploying Azure Virtual Desktop through Azure in a matter of minutes is really, truly adding value to our business.”

Find out more about Campari Group on Twitter, Facebook, and LinkedIn.