prosimo logo

A fintech company accelerates its transition to Zero Trust

CASE
STUDY

Key Challenges

Provide Passwordless, frictionless access to Tech Company’s private network and applications from anywhere in the world with the ability to validate user identity, context, and posture.

Consistent user experience across various roles and locations while accessing private applications.

Lack of visibility and backhauling all traffic through an on-prem hub impacted application performance while limiting remediation options.

Troubleshooting was slow due to a silo-centric infrastructure that required overlay traffic to be correlated against the underlay and app workloads.

Faster Time to Value

Vector
Progress-bar

The company worked with Prosimo to help transform the traditional castle and moat architecture into a more modern Zero Trust model with a context-aware authorization framework for their cloud applications. Prosimo provided a cloud-native Zero Trust Network Access (ZTNA) solution, deployed with greater cloud agility and automation/APIs across multiple regions to a global user base spread across various geographies, and leveraged the defense-in-depth model to keep the threats away from their enterprise workloads.

Attack Surface Reduction

Cloud spend savings

Prosimo worked with the company to significantly reduce the attack surface for their enterprise applications, DevOps and CI/CD pipeline tools, and collaboration apps with sensitive internal data using the Identity aware proxy that created an airgap between unauthorized access and their applications with inbuilt behavioral analysis engine led by machine learning and step up authentication.

Minimal Application downtime during Production Rollout

Clock
Resiliance & Availability

The company seamlessly rolled out a Zero Trust model with a well-planned migration strategy by moving critical apps first to Prosimo’s cloud-native transit without impacting the user experience and keeping existing DNS with bulk onboarding application domains using their existing DNS servers. This left the choice for cloud architects to migrate the applications in groups with minimal application downtime and change management windows.

Scalability and Performance

Search
MTTR & MTTI reduction

With Prosimo, the company could seamlessly scale up to support 20,000 users (including employees, contractors, and service agents), hundreds of concurrent user sessions, and over 2000 applications. At this scale, the company optimized the per-app performance through Prosimo’s proximity-aware routing to onboard users to the nearest cloud entry point and used application optimization techniques to improve the user experience significantly.

The fintech company partnered with Prosimo to accelerate the transformation to a Zero Trust Architecture (ZTA). Prosimo provided the company with a flexible remote access solution that optimizes performance, security, and user experience. Prosimo’s cloud-native approach enabled the company to quickly deploy the solution at scale without adding operational overhead. With Prosimo’s defense-in-depth security stack led by Machine Learning and data analytics, the company could reduce the attack surface significantly for their enterprise applications in the cloud.

Zero Trust Security model for Enterprise Apps

With over 15 offices in different countries and 15,000 employees, a fintech company specializing in business software started streamlining and modernizing how employees and partners access applications. The company’s Security and Risk management department has been mainly focused on Zero Trust security, an approach in which all communications are validated, authorized, and access is strictly controlled for every user and device, regardless of whether they are inside or outside the network. This move to Zero Trust is driven by the need for secure and easy access to enterprise applications for remote workers, core business applications for customers and partners, increased cloud adoption in AWS, and new sophisticated attacks testing the limits of traditional VPN security solutions.

Furthermore, the company is embracing work style reform with a significant global presence where users are no longer confined to an office or on-prem locations. The company is empowering employees to work from anywhere — at home or in a café. While remote access has existed in one form or another for many years, it was never intended to be used extensively or as a primary means of connecting to enterprise applications. Also, user experience was never a priority as most users and applications “lived” in the exact location – the enterprise campus.

Regarding application access, the Head of the Information Security and Risk Management Department explains,

Today, the definition of ‘workspace’ extends beyond just ‘the office’ to include spaces like our homes and coworking sites. In these times, we believe that a Zero Trust security environment is necessary for people to be able to work safely anywhere, anytime, and in the same sort of environment as if they were in the office. We must provide our employees with a new, unified UI/UX and support a more open work style. This means rethinking our approach to architecture and infrastructure. Security is a key focus, but we also need to take into account the ease of access with Single Sign-on (SSO) and passwordless authentication while still providing the most optimal access leveraging cloud backbone, Edge network location to reduce first, mid-mile latencies that we typically see with VPN over the Internet and ensuring integrated identity management. We are also using various cloud services to improve our efficiency, so we feel we need to manage and protect every one of our devices very closely.”

Existing Architecture

Where it all started to fail

The financial tech company faced a few issues in moving toward a modern and unified digital experience. Notably, their legacy IT infrastructure had become even more complex because of acquisitions and their usage of AWS and other public & hybrid clouds. Whether a single virtual machine or a highly distributed service mesh, an application endpoint represents a fixed destination. Arriving at that destination can be highly complex and potentially insecure. The company had taken a conventional perimeter-based model that relied heavily upon VPN for access, creating many challenges, including having different user identities for each system, legacy authentication methods, and non-seamless remote user experience via a VPN. The complete VPN tunnel-based architecture also altered their visibility into access patterns and insights and their ability to troubleshoot effectively. Their desired outcome was to adopt a Zero Trust model that solved disparate security systems’ complexity and cost problems. This would enable digital transformation by shifting to identity-aware defense instead of relying on legacy systems to secure their applications in the cloud and provide their application transactional level visibility without creating any hindrance to user experience.

Prosimo Application experience Infrastructure for Zero Trust Access

While searching for a better solution to these traditional challenges as part of its move to a cloud-first approach, the company discovered Prosimo Application eXperience Infrastructure (AXI). Prosimo is a cloud-native network for cloud-native infrastructure. Prosimo integrates with existing cloud-native network constructs to maintain a direct path to application endpoints while providing security and performance. Prosimo offered them a “Full-Stack Cloud Transit.” that helped the company facilitate secure connectivity to applications in conjunction with an organization’s IDP and SSO EDR solution to enforce authentication and authorization. Content caching on a per-application basis keeps user experience high by minimizing full round trips between the user and app. The Prosimo gateway is deployed within minutes and in the customer’s cloud administration control and cloud accounts, which helps the financial company to maintain its regulatory compliance. Each Prosimo gateway is deployed and operational in minutes, which provides the company with a new level of flexibility and speed in deploying remote access for their users across the globe.

Security now, not later.

Implementing a Zero Trust strategy was a critical priority of the fintech organization. A broad array of IDP support is available from the Prosimo platform. This allows a security policy administrator to create restrictions based on identity contexts from the IDP service. Prosimo may be configured to check for an endpoint agent and monitor a variety of user contexts throughout the entirety of a session. If any change to one or more contexts exceeds a configured threshold, the user can be placed into quarantine until an investigation and remediation are completed. One of the most compelling features of the security component was the option to limit a user’s access to a single application. Regardless of whether a user is authorized to access an application, VPNs often expand the potential attack surface by allowing network access to a broad array of endpoints. Prosimo allowed granular mappings of users to only the apps they should access. This most resembled the SaaS-like access experience the company wanted to provide.
Architecture with Prosimo

Impact and outcomes

Prosimo allowed the company to deliver a secure and flexible remote access solution that drove productivity through exceptional application experience. Users no longer required the use of a VPN that limited application performance. By moving the cloud Edge closer to users, Prosimo removed the Internet’s indiscriminate routing from the data path – they enjoyed the quality and uptime of one or more public cloud backbone networks instead of an unpredictable network. With Prosimo’s support for bulk onboarding of applications, the financial services company could provide its users seamless access to hundreds of thousands of enterprise domains and applications with minimal management overhead for their operations team. Additionally, with Prosimo’s support for active-active application deployments, the users were always directed to the application hosting servers closest to them. This resulted in significant improvement in performance and user experience. This feature also allowed the company to seamlessly redirect users to the other application servers in case of local application server failures.

The bigger
picture

Prosimo enabled the fintech company to deliver a secure and flexible remote access solution that drove productivity through exceptional application experience. By leveraging cloud-native networking functions, Prosimo provided the same experience for both users and cloud operations teams irrespective of which cloud the applications are deployed. Prosimo provided the most reliable and consistent experience without substantial operational overhead to deploy or manage. With deep visibility into network and application traffic, the Prosimo solution significantly improved the quality of life for the operations teams. Prosimo’s Machine learning-led recommendations for platform infrastructure expansion and reduction helped the company to scale and reduce costs simultaneously.

Let Prosimo handle your
multi-cloud challenges