Postman Replaces Open-Source VPNs with SASE’s Zero Trust Access

The Challenge:

When COVID-19 transitioned everyone to work from home, Postman saw its global workforce move to working remotely. This new reality of working from anywhere forced Postman to rethink its secure remote access solution. 

“One of our greatest strengths is that our company is geographically distributed and fast-growing, which allows us to hire the best talent we can find regardless of their location. This, of course, leads to some technical challenges when implementing traditional technologies and solutions, and in light of our entire workforce moving remote with the onset of COVID-19, we needed to find a software-based service that could scale rapidly and accommodate hundreds of concurrent endpoints across many geographic regions and maintain equivalent user experience across all of those remote regions,” explained Ryan Nolette, Postman’s Technical Security Lead.

 Besides seamless cloud integration, Postman was looking for a security vendor that would help them realize their ambition of adopting the Zero Trust model and leaving behind the open-source VPN solutions of their formative years. High on its list were those vendors who could enable easy network segmentation while maintaining excellent service. 

“In short, we required a secure, scalable, and easy to use solution that integrated the Zero Trust model, and would allow us  to protect network traffic between clients (employees) and business-critical resources (services, source control, etc.).”

Why Perimeter 81

When shopping for a different network security service, Postman’s IT team realized they were looking for a specific solution. “We were looking for a solution that had SSO integration, could effectively validate compliance, and would allow us to pursue the Zero Trust methodology. Also, because our workforce is now entirely remote, we wanted to find a service that would offer a high level of end-to-end encryption for team members’ connections across the organization,” shared Nolette.

In the end, Postman decided to adopt the Perimeter 81 solution for multiple reasons, but the ease of increasing bandwidth played a definitive factor. “Perimeter 81 allowed us to create highly performant regions where we could put multiple dedicated endpoints to increase bandwidth in just a few minutes.”

The results:

Quick Deployment

Since deciding to adopt the Perimeter 81 solution, deployment was the main factor for Postman and so far they have experienced a smooth transition. 

“Our entire rollout, to fully deploy the service across our hundreds of endpoints as well as customize our network infrastructure and security settings, happened over the course of about 2 months. In actual work hours, we had the original client solution launched, configured, and tested, all in under 30 minutes.”

Smooth & Rapid Scaling  

Working with Perimeter 81 has allowed Postman to rapidly scale their security in a matter of hours. Since implementing Perimeter 81, Postman has increased the size of its remote workforce exponentially.

“We scaled our network infrastructure quickly and encrypted endpoint connections without hardware limitations,” said Nolette. “Users are now proactively requesting applications to be configured because they prefer the Perimeter 81 application login experience to enabling a VPN and having to choose which URL to go to.  We have also seen growth in user application requests because the Perimeter 81 applications allow them to maintain access control to their applications at the identity layer without having to implement authentication at the application.”

SASE Success

When looking at the different SASE offerings, Postman felt Perimeter 81 was one of the best SASE offerings and has been happy with their decision. 

Nolette shared: “We did not require any additional hardware to implement Perimeter 81.That is one of the strengths of a SASE; we can define everything via software. That means we could leverage our MDM to deploy the clients to users fully configured and ready to be used. We could ingest users and groups from our IDP source and leverage those existing identity attributes to control network access. We were able to configure multiple secure tunnels to our VPCs for specific workloads (intranet pages, build, stage, etc.), create dashboard applications to allow users to launch internal web resources from any device securely, and restrict access to internal resources to just our users.”