Cyflare’s One Converged Security Platform (formerly SOC In A Box) service deploys managed appliances to end user networks via their channel partners. Cyflare needed a better way than SSH to securely remotely manage the devices.
Secure Access: SSH vs ZTNA
Cyflare has hundreds of appliances deployed to customers globally for remote security monitoring and management services.
While looking for a product to replace the default SSH access for appliance administration, Cyflare found TransientX’s TransientAccess. Cyflare’s goals were to:
- Implement a zero-trust model
- Move away from SSH
- Limit access to only the minimum resources allowed to the people that needed
- Reduce support overhead
The default manner of remotely managing the Cyflare appliances was via SSH. This came with a host of usability and security challenges. SSH was complicated to set up securely and manage, hampered by a lack of knowledge by partners and customers.
Now they simply login through the TransientAccess disposable container client. Policies set by Cyflare ensure they have visibility only to the appliances they are allowed to access. Cyflare automated a simple provisioning process that sclaes and enforces the least privilege principal for who can access what.
“Moving to TranstientAccess allowed us to focus more on our core services and worry less about the risk of a breach. Implementation of the solution is simple and requires no involvement from our customers. We practice what we preach, delivering for our customers a security management and monitoring solution that is itself truly secure from end to end. “ -Evan Hausle, Director of Sales Engineering”
As part of their search for a solution, Cyflare explored how they could implement true Zero Trust Network Access. Moving to VPNs were not an option as that would have created a whole new set of security issues. As part of the move to ZTNA, Cyflare was able to discontinue some legacy VPNs in place for other uses.
ZTNA Solution Evaluation: Transient Access
They evaluated other ZTNA solutions on the market, but found shortcomings with all the alternatives. Some products were:
- Passed traffic through their own systems (creating regulatory and compliance issues
- Limited to only web-based applications.
In addition to the technical advantages of TransientAccess, Cyflare selected TransientX because of the confidence in the team and the level of support they received.
In addition to the requirement of replacing SSH, another requirement for Cyflare was to host their own Controllers in order to deliver flexible provisioning for partners. The ease of deployment and support for different deployment options was another key factor in selecting TransientAccess.