TRUSTED SECURE ACCESS

Keith RoseCustomer Success Manager

From Securing Network Perimeters (Software Defined Perimeter) to safeguarding your Digital Transformation

INSTASAFE SECURE ACCESS

Venture backed | India & USA | 100+ customers, with global footprints |4 times CIO Choice awardee

“Restricting users only to the resources they need to perform their job” and continuously monitoring their activities.

The True “Zero Trust” Secure Access Solution

Market Demand for Zero Trust Access

Market Pains:• Traditional application access solutions

(e.g. VPNs) do not meet the needs of modern enterprises:

• Cloud applications, mobile workforce, 3rd party access

• Attackers targeting access technology vulnerabilities to enter corporate networks

Software Defined Perimeter (SDP):• Allows secure and flexible access to cloud

and on-prem applications

• Leverages the principals of Zero Trust access

• Trust is continuously verified; access is limited

By 2022, 80% of new digital business applications opened up to ecosystem partners will be accessed through zero trust network access (ZTNA).

By 2023, 60% of enterprises will phase out most of their remote access virtual private networks (VPNs) in favor of ZTNA.

By 2023, 40% of enterprises will have adopted ZTNA for other use cases described in this research

Gartner – Zero Trust Network Access

Zero trust network access replacestraditional technologies, which requirecompanies to extend excessive trust toemployees and partners to connect andcollaborate.Security and risk management leadersshould plan pilot ZTNA projects foremployee/partner-facing applications.

“… SDPs will become a mainstream approach adopted by more than30% of enterprises over the next five years

InstaSafe named by Gartner as a Represented Vendor in Report –Market Guide for Zero Trust Network Access

Traditional IT Architecture— Network Centric

Security enforced at the network perimeter

FWs/VPNs

Partner

Employee

Personal DeviceNetworkLevel Access

Modern IT Network—Application Centric

The network perimeter is vanishing

Cloud generation challenges• Apps, data and employees

have moved outside of traditional network—thereis no perimeter to defend

• Partners, contractors and others need access to corporate Apps and data

• Access needs to be limited/restricted

• Device types have proliferated—including BYOD

Contractor

Personal Device

Personal Device

Customer

Partner

Partner

Contractor

Partner

Need: Simple & Flexible Secure Access during this Digital Transformation Journey

Today’s Network Challenges

Applications hosted acrossMulti Cloud Environments

Compliance & RegulatoryChallenges

Password Management & Security Concern of remote user & BYOD devices.

Challenges to Manage and Monitor too many Dashboards & IT hardware

Many Remote Offices with few no of user in each location / branches

No visibility of users accessing Public Cloud Applications (O365)

Quick Provisioning and de-provisioning requirements

High Dependency on MPLS

Existing Approaches—Securing Access to the Cloud

DMZ

VPN

Complex

• Increased timeto market

• Cumbersome and confusing user experience

• Maintain agents/ appliances

• Lateral movement around entire network

• Increased network attack surface

• Compliance readiness failure

Insecure

• High infrastructure and licensing costs

• Duplication required• High operational costs

Expensive

VPNs, firewalls, & DMZs—not up to the challenge

Our Approach—Securing Access to the Cloud

Zero Trust-based Secure application access

Personal Device

Customer

Partner

Contractor

PartnerPersonal Device

Partner

How It Works

Zero Trust-based application access

ISA Controller

EmployeeAffiliate

Chain PartnerContractorB2b Partner

B2c CustomerContextualPrevention

ApplicationServers

Deploy Connectors& Connect To Secure

Access Cloud

Point-to-pointAccess

ApplicationLayer

Monitor &Log Activities

Authenticate UserValidate Device Health

Point-to-pointAccess

Anyone to anywhere – simple and secure app access

Deploy in Minutes

Cloud Alternative to Traditional Access Methods

ISA SDP

Connectivity Direction Connectivity Direction

AWS/Azure/Google/On-Prem

Traditional DMZ—Connected via the Network

InstaSafe Secure Access—SDP-based Cloud Native Connectivity

Internet/MPLS

ProxySSLVPNBastion

Jump Host

Corporate DMZ

ApplicationsServices

Workloads

AWS/Azure/Google/On-Prem

Connectivity Direction Connectivity Direction

Internet/MPLSInternet/MPLS

ApplicationsServices

Workloads

Internet Internet

Superior Architecture Improves Security

HTTPSHTTPS

VPN Connectivity

• Indirect HTTPS connections established between users and applications using a reverse proxy

• Authenticated devices never gain direct access to the application server or network

• Eliminates OS or SSL/TLS vulnerabilities such as HeartBleed

• Policies can govern specific user actions and prevent data exfiltration

No direct connection to the application

Alternative Approach

• Uses a (VPN-like) endpoint client to connect users to applications through the cloud

• Authenticated users requesting access, gain direct layer 4 level access to the application server

• Approach exposes applications to network-based attacks such as OS or TLS vulnerabilities from malicious or infected users

Direct connectivity to the application server and network

Key Enterprise Use Cases

Applying Zero Trust access to secure corporate applications

Secure access for DevOps

Simple and secure access for dev environments

Secure access to corporate apps migrating to IaaS

Reduces complexity while improving security

Secure access for 3rd party users, M&A, & BYODAllows modern workforce to work from anywhere

13

FIELD USE CASES

From Securing Network Perimeters(Software Defined Perimeter)

to safeguarding yourDigital Transformation

Secure Access to applications hosted in AWS for Remote users

Provide a secure, simple and easy way for my users and contractors to access corporate applications distributed across AWS cloud and OnPremises without switching agents.

Allow application access for BYOD (unmanaged) devices without data leaks. Mitigate credential sharing and Device switching between the users. Authenticate user and user devices before accessing the application. Integrate MFA to satisfy compliance and security needs. Support all users devices and operating systems. Provide rule and role based access. Maintain all access logs: which user accessed which application at what time? Eliminate complexities in managing secure access.

Provide Zero-Trust access to cloud and on-premises applications while reducing complexity

DevOps

Secure Access for 3rd Parties & BYOD

Securely let 3rd parties (e.g. suppliers and partners) and BYOD devices access corporate applications

Contractor BYOD

Support the needs of the modern workforce using BYODs while working from anywhere

Let 3rd parties access corporate applications without exposing my network

Account for identity, device posture and sensitivity of resources when providing application access

Secure Access for DevOps Managing Development and Production Environments

Give DevOps teams with agile access to cloud environment without compromising security

DevOps

Allow DevOps resources to securely access multiple cloud environment from anywhere

Dynamically provision and de-provision access to VMs, PaaS and IaaS environments

Full audit trail over DevOps actions in cloud environments

Multi Cloud Peering

IaaSOn-Premises

Provide a secure and economical access for workloads distributed across AWS, Azure and GCP

Make my applications invisible from Internet. Make this connections live quick. have proper monitoring for connections and HA in place. Mitigate risks of network based attacks.

Provide Zero-Trust while reducing complexity

Experience: Zero Trust @ InstaSafe

Proof of Value Projects:• DevOps access

– Development environment– RDP or SSH access

• Corporate application access– Select applications– Hybrid Cloud / IaaS or on-

premises

• BYOD & 3rd party access– Select users / vendors– Select applications– Select devices

One of the top pilots

enterprises should budget for in 2019

You will see: • Simple & Flexible solution• Ease of deployment/use; no

agent required• Zero-Trust Access to

corporate applications

*Zero Trust Is an Initial Step on the Roadmap to CARTA - 12/18

We are Trusted by

Thank You