Introducing Remote WorkForce ZTN
The first true Zero Trust solution
Designed specifically for Small and Medium-sized Businesses
Zero Trust IT Security
Easy to Install
Easy to Administer
Easy to Use
What is Zero Trust?
Zero Trust is a security protocol that assumes any user, asset, or resource is untrustworthy and must be verified and continually evaluated before access is granted.
The best way to understand the Zero Trust concept is to contrast it with early LANs (Local Area Networks). Basically, LANs connect everyone in an organization to all printers, servers, applications, etc. Firewalls kept intruders out, but once on the network, you were trusted. Then, various IT security approaches (passwords, access control lists, etc.) were imposed to protect sensitive apps and data. Over time, the IT security infrastructure became more and more complex – but breaches, nonetheless, frequently occurred.
Zero Trust starts from a completely different perspective. Access is granted to each specific application, not to the entire network. Other resources on the network are not even visible, therefore they are inherently protected.
Zero Trust is a fundamental paradigm shift in IT security. The concept originated in 2003. Gartner, Forrester and even Google began to promote it around 2010. It has now achieved wide-spread acceptance. There is even a Presidential Directive requiring government agencies to adopt the Zero Trust model.
There are several major Zero Trust products on the market, but these were designed for large scale organizations and are too cumbersome and expensive for most SMBs. But SMBs need the same protection!
At Private Communications Corp. (PCC), we studied the Zero Trust specifications from the NIST (National Institute of Standards and Technology) and the Cloud Security Alliance. We designed our product to meet these requirements, but right-sized for typical needs of SMBs.
Remote WorkForce ZTN
Our Zero Trust Network (ZTN) is built upon the solid foundation of our Remote WorkForce VPN. Remote WorkForce VPN is a modern, cloud-based VPN which can replace legacy LANs, with superior features:
Designed for Work-From-Anywhere. Remote WorkForce VPN automatically establishes a secure, encrypted connection to protect corporate communications from anywhere, whether employees are at home, in a coffee shop, or on the road.
Built for Distributed Computing. In today’s environment, corporate IT resources may be:
- Inside the office LAN
- On a cloud-based network (AWS, Azure, GCP)
- SaaS applications (Salesforce, etc.)
Remote WorkForce VPN provides end-to-end encryption for all IT resources, without requiring back-hauls through the LAN for resources in the cloud. Routing to the appropriate network is handled automatically, simplifying access for users.
Remote WorkForce ZTN provides a true Zero Trust layer on top of our VPN. Employees only have access to IT resources that they are specifically authorized to use. Other corporate resources are not even visible and any unauthorized attempts to access them are blocked.
Both our VPN and ZTN are highly secure, using 256-bit encryption, Multi-Factor Authentication, and malware filtering. Both include reporting to enable managers to know when an employee is working and what they are doing online.
How it works
An administrator in the organization first enters the following information:
- Users (name, email address, group)
- Networks (LANs, AWS/Azure/GCP, SaaS providers)
- Resources (apps, websites, virtual desktops).
Each resource is designated for access only by certain group(s) or all groups.
When users are registered, they automatically receive an email instructing them to install a small app on their device(s). (It’s easy.) No other changes are necessary. When the device is opened, the user is automatically connected and authenticated via email address, password and device ID. Devices are tightly controlled by Multi-Factor Authentication.
Users can continue to access resources as they have in the past (bookmarks, etc.) or can use a simple menu of authorized resources which Remote WorkForce ZTN provides. In either case, routing to the correct network is automatic:
A software Gateway is installed on each network, behind the firewall. The Gateway automatically establishes an outbound connection through the firewall (no open port is necessary).
When the user requests a resource, Remote WorkForce ZTN checks to see if that user is authorized. If so, an end-to-end encrypted tunnel is established to that resource – and only that resource. No other corporate resources are even visible, and any unauthorized access is blocked by the Gateway.
- User on a device requests a resource on some network, such as a LAN.
- VPN server notifies the Controller that the request is being made.
- The Controller checks the rules to see if that user is authorized to access that particular resource.
- If so, the Controller notifies the Gateway of the user’s request.
- The Gateway establishes a secure, outbound connection back to the VPN server.