TroutTrout
TroutTrout
Language||
Request a Demo
All Case Studies
InfrastructureIndustrial control system securityAppliance

STBMA

Zero Trust across 55 ski lifts with no dedicated security team

SectorSki resort operationsLocationFranceCompany Size50-200 employees
55Lift sites protectedSpread across terrain from 850m to 2,353m altitude
1Management planeCentralized control over all distributed sites
0Dedicated security staff requiredOperated by existing IT team without security specialization

The challenge

STBMA operates a ski resort with 55 lifts spread across extreme Alpine terrain, from 850 meters to 2,353 meters altitude. Each lift station runs safety-critical controllers. Snowmaking systems, access gates, and monitoring equipment are distributed across the entire mountain.

There is no on-site IT team at each station. The workforce is seasonal. Conditions are harsh: cold, wind, limited connectivity, difficult physical access for much of the year.

Every one of those 55 sites has networked controllers that need protection. But STBMA had no dedicated security team, no budget for per-site deployments, and no way to send technicians to each lift station for installation and maintenance.

Traditional security approaches were not an option. Per-site firewalls would require 55 separate deployments and 55 sets of ongoing maintenance. Endpoint agents cannot run on lift controllers. A VPN mesh would be fragile across that terrain and altitude range.

The solution

STBMA deployed the Access Gate with overlay networking connecting all 55+ sites back to a single management plane. Zero Trust policies are defined once and enforced everywhere, from the base station at 850m to the summit at 2,353m.

The overlay network runs on top of existing connectivity. No rewiring. No per-site hardware installation beyond the initial Access Gate deployment. Each lift station's controllers are governed by the same identity-based access policies, regardless of location or altitude.

Centralized management means the IT team monitors and controls all 55 sites from one interface. Policy changes propagate instantly. New sites are added without physical visits.

Results

All 55 lift sites are now protected under a single Zero Trust architecture. Safety-critical controllers, snowmaking systems, and access gates are segmented and governed by identity-based policy.

STBMA operates this with their existing IT team. No security specialists were hired. No per-site maintenance burden was created.

The centralized control model turned an impossible problem (securing 55 remote sites with no security staff) into a manageable one.

Deploying Zero-Trust across our domain (a ski resort) was not in the cards with our resources. Now we operate a ZT architecture with a simple centralized control. Game changer.
Stephan · IT Manager, Infrastructure, STBMA