How a Global Paint and Chemical Company Secured Remote Workers with TransientAccess ZTNA

Betek, with 2000 employees in 16 countries, chose TransientAccess to replace its legacy VPN with Zero-Trust Network Access (ZTNA), allowing them to use remote clients, SAP in particular, with confidence.

While looking for a product to replace their current VPN solution and secure remote workers, Betek found TransientX’s TransientAccess based on a recommendation from their partner, Maya ICT, one of Turkey’s leading MSSPs. Maya ICT had already incorporated TransientAccess into their cloud security offering for customers. Betek’s goals were to:

• Implement a zero-trust model
• Secure remote workers with ZTNA and eliminate the VPN
• Provide granular control of remote network access between offices
• Provide secure access by 3rd parties to in-house SAP apps without a VPN
• Implement micro-segmentation of critical apps
• Create and manage application-based user policies within minutes
• Support private cloud and hybrid architectures

As part of their search for a solution, Betek explored how they could implement microsegmentation in their critical applications for the company with their existing systems, but they could not fully support this for end users. Managing the many different user profiles in order to partially control access to their VPNs was time consuming and difficult.
This solution was not scalable and was difficult in terms of change management. Moreover, they had to support a wide variety of their customers’ IT architectures, including private cloud and hybrid architectures.

” TransientAccess is very easy to use, but the main benefit is that it provides very powerful control with the features it provides.
They made it possible to define a variety of policies for different groups with different needs. We could not find any other alternative system that met our needs as we define various policies for all our users. It provides security so easily.” -Feza Zengin,
IT Manager at Betek.

Read the full case study here or contact us to try it out for yourself.

Zero Trust Network Access: What and Why?

Legacy NAC and VPN for accessing corporate networks

ZTNA, NAC, SDP, RDP, VPN: Making sense of the remote access alphabet soup.

Zero Trust Security is a hot topic and with good reason. But what does it really mean in practice, when applied to solving remote access security challenges? In this post we provide an introduction on Zero Trust Security as it applies to Network Access (ZTNA) to help sort it out.

Before Zero Trust, a user or device was validated as having the correct credentials and the right to access the network. Once that step was complete the user or device had a wide open path to the network and resources. To mitigate the risk that a valid user would access systems they weren’t supposed to, role-based access control (or RBAC) was implemented. In theory this worked in conjunction with least-privileged access (the Principle of Least Privilege or PoLP) so that users were only granted access to the resources they needed and nothing more.

VPNs – Virtual Private Networks – are the ubiquitous technology for providing remote users access to enterprise resources. However, they are a network-layer technology, meaning that once the user is validated and logged in, the user’s device now has an open network connection to the corporate network. To mitigate the security risk of this open pipe, in addition to RBAC and PoLP, enterprises deploy Network Access Control (NAC) to verify first that a given device has the correct security posture – is the device allowed, independent of the user? Does the device have up to date AV running and passed a scan? And so forth.

VPN
Legacy NAC and VPN for accessing corporate networks

Once a user logged in to the VPN client, and his device passed the NAC security check, one of the most common resources accessed are remote desktops, most often with Remote Desktop Protocol or RDP. Although it is a proprietary Microsoft protocol, it does have cross-platform support for non-Windows devices.

That in essence is the technology stack most widely deployed in enterprises today to enable remote access: VPN clients where devices are validated by NACs. Users are granted access based on RBAC, PoLP to resources, including remote desktops over RDP.

Zero Trust Network Access (ZTNA) offers a simpler, more secure alternate vision. ZTNA turns the existing paradigm on its head – rather than open up a wide open pipe and then retroactively find ways to narrow it down, ZTNA assumes no device or user should be trusted, and no access granted by default except that explicitly required only for the duration required.

This is critical in a world where there is no fixed perimeter any more, but rather a software-defined perimeter (SDP).

TransientAccess takes ZTNA and SDP a step further, delivering true app-to-app connectivity over disposable networks. That is, there is never a device to device connection, nor is a user validated for anything more than what the user needs access to for the time the user is accessing it.

TransientAccess Zero Trust Network Access
TransientAccess Zero Trust Network Access

TransientX has a unique approach to Zero Trust Network Access (ZTNA):

  • A lightweight agent, creating a disposable virtual network connecting the local app to the enterprise resource on-prem or in the cloud.
  • A “Transient Virtual App Network”

This approach means TransientX can deliver on the promise of truly secure remote access for an organization’s workforce and business partners. Learn more in our intro video, contact us to get TransientAccess now or scroll below for further reading:

Further Reading:

https://transientx.com/content/zero-trust-network-access.html

https://transientx.com/content/zero-trust-network-access.html

References:

https://en.wikipedia.org/wiki/Principle_of_least_privilege

https://en.wikipedia.org/wiki/Role-based_access_control

https://en.wikipedia.org/wiki/Virtual_private_network

https://en.wikipedia.org/wiki/Remote_Desktop_Protocol

https://en.wikipedia.org/wiki/Software_Defined_Perimeter

How a Leading Sports Club Secured SAP with TransientAccess ZTNA

Fenerbahce ZTNA Case Study with TransientAccess

TransientAccess delivers true Zero Trust Network Access for the Fenerbahce Sports Club

With over 5000 employees and more than 300,000 members,
Fenerbahce is one of the largest multi-sport clubs in Turkey and is a
major retailer in its own right.

With their dedicated fan bases, legal and illegal betting riding on game results and big revenue streams, professional sports clubs are among the most targeted companies by hackers. Successful attacks can have devastating effects on company operations and reputation.

An organization’s viability can be imperiled because of damage caused by IP loss. For an organization like Fenerbahçe, SAP is the most important digital asset to defend. Protecting such a high value asset means going beyond traditional security paradigms. Most organizations deploy multiple security layers to protect SAP data, such as NGFWs, AV, MFA along with robust IT security policies. Yet all these steps can still leave holes that
need to be closed.

FC Fenerbahce relies heavily on SAP for all business-critical processes. The executives and security teams are responsible for carrying out this process knowing that their business revolves around this information. However, they are also aware of hidden dangers such as user accesses, file downloads, and data leaks that can occur due to data streaming. It therefore became critical to implement solutions that monitor and prevent such leaks.

“After a detailed product assessment, in-depth presentations and a pilot
project to measure performance in our company’s environment,
TransientAccess demonstrated reliability and effectively demonstrated its
value in providing SAP access and data security.”
– Bülent Kaçmaz, CTO, FC
Fenerbahçe

Securing remote access for SAP with ZTNA

TransientAccess is able to proactively eliminate threats such as data loss and ransomware attacks by providing users with an operational convenience they have not experienced before.


As a result, TransientAccess provides proactive protection against commercial damage by ensuring data protection and facilitating secure operational processes. Thanks to the micro-segmentation feature of TransientAccess, only relevant users are authorized to access company data in the relevant SAP modules. IT Managers can now see ‘who’ can access ‘which’ data from the SAP system and make sure that this data is securely encrypted, even outside the company.

Read the full case study here or contact us to try it out for yourself.