A leading US technology company with 900 employees recently partnered with us to secure their cloud environments and remote access to their on-site applications. Like many large organizations, they have Sales and Engineering business units, each requiring different network access. While their engineering team required AWS and on-premise app access, their sales team needed reliable, secure domain services and cloud based CRM access.
Prior to pursuing Perimeter 81’s innovative Software Defined Perimeter (SDP), our partners were using a 20-year-old legacy VPN with a distributed management system and complicated client applications. This did not provide a clear way to easily monitor their employees’ server, network and application access, nor did it allow for easy installment of VPN applications and clients. Tired of relying on help desk support for VPN deployment, they came to us, ready to simplify the secure remote access to their cloud environments and on-premise networks.
Before choosing Perimeter 81, our client faced limited options for their cloud security. They could either:
This is was the least secure option for our client - and certainly not a risk they could afford to take. They knew this approach would leave them at high risk for a number of cybersecurity threats including DDOS attacks, brute force attacks, zero day exploits, leaked credentials and more.
Our client found that blocking certain IPs was a cumbersome process and firewalling only protected their data at the packet level. This approach still left network security threats open and the process was very hard to manage.
As most companies quickly learn, this avenue required time consuming hardware installation and was impractical and expensive. High bandwidth costs from backhauling traffic via MPLS are unnecessary. Creating direct remote connections from user endpoints to the resources they need is the better solution.
Our client found that using an ad-hoc solution, like an AWS “Direct Connect” or Azure “Virtual Network” was not a scalable alternative to protect their IaaS workloads. Moreover, this alternative would not include the user-friendly client applications, multiple user management, monitoring/auditing, and cross-platform compatibility that is greatly beneficial to IT administrators and end users.
Traditional VPNs incur high hardware costs and require extensive management and personnel. As our client learned from the past, with a traditional VPN service, helpdesk needs to support every deployment of new VPN endpoint and client apps. Furthermore, the apps themselves were difficult for employees to use. Even the most sophisticated traditional VPNs do not function well in hybrid cloud and IaaS environments. A SDP is the only way to offer segmented access for authenticated users, rather than access to the entire network for every user.
Along with the all the concerns noted above, our clients also struggled to find a solution that would offer the advanced network, user/group-based and policy-based segmentation they required. None of these alternatives provided them with secure, easy, manageable & segmented remote network access they were looking for.
Perimeter 81’s Software Defined Perimeter for Enterprise has allowed our client to seamlessly deploy fully managed custom SDP gateways into their organization’s cloud or on-premise networks. Using our cloud management platform, our client’s IT Department has been able to connect to their Identity Provider (such as Active Directory and Okta) to gain user and group policy control. This has enabled their IT team to easily provision segmented network access per application and/or network segment, restricted to their desired user group and policies. Furthermore, our comprehensive activity log has allowed them to easily view which servers, applications and cloud resources are being accessed, and receive alerts for any suspicious and/or unusual activity.
With our innovative cloud SDP, our client can now promote employee productivity, with a solution that’s not only customizable, easy-to-use and employee friendly, but also highly reliable and secure.