Turbocharge your Corporate Application Access with AWS and Prosimo

Tired of legacy VPNs and tunnel-hopping challenges? Tired of playing infrastructure Jenga with stacks of virtual appliances in the cloud? Wondering when “doing your job” became your job?

Prosimo + AWS Verified Access – Security, connectivity, visibility, all in one solution, in your cloud, natively.


Public clouds have become the de-facto center of gravity for enterprise workloads. Public cloud providers such as AWS have created building blocks for connectivity such as AWS Transit Gateway, AWS Cloud WAN, AWS PrivateLink, etc., allowing enterprises to create a flatter, simpler networks. Prosimo’s founding promise is based on an “embrace and extends” approach to cloud-native services. Prosimo already orchestrates Transit Gateway, Cloud WAN, Private Link, etc., for enterprises to consume these services as easily as possible to achieve their cloud networking outcomes. AWS Verified Access is a new service from AWS that provides secure access to corporate applications built using AWS Zero Trust principles). Verified Access evaluates each request in real time based on contextual security signals such as identity and device security status. This service blends perfectly with our ProAccess or “user-to-app” use case, where Prosimo takes a broader view of this traffic pattern with performance optimization, secure access, dynamic risk calculation, and orchestration of all ecosystem components as IDP, DNS, and connectivity needed to reach apps optimally. For enterprises looking at a unified offering to consume an end-to-end cloud-native solution fully orchestrated to provide secure access to their apps hosted anywhere for distributed users ( in addition to other traffic patterns ), Prosimo + AWS Verified Access becomes an additional choice.

How is this different from the traditional secure access offerings?

The existing middle mile offerings in the industry trombone enterprise traffic to their cloud-first (outside of AWS) just to enforce policies and bring it back to AWS at the far end, close to the application region. This breaks several well-architected frameworks, such as ingressing the AWS backbone as close to users as possible using Global Accelerator and leveraging cloud-native connectivity options such as Transit Gateway, Cloud WAN, and PrivateLink to connect to target workloads. This also introduces visibility blind spots for an operations team wishing to trace end-end flows. Prosimo not only orchestrates an end-to-end solution using these cloud-native services, but it also provides advanced controls such as dynamic risk-based access, B2B access using multiple IDPs, etc., without ever leaving AWS cloud, thus allowing customers to retain administrative control and end-to-end visibility over their data-in-transit. In addition, to secure access, Prosimo provides an option to balance cost vs. performance decisions for each application using the simple concept of lanes (price-optimized, balanced, and Performance lanes are available as one-click options). The same model can be extended to apps running in any cloud. Customers now have a single unified offering to achieve their secure access to private applications, application, and network security and connectivity outcomes.

What does the integration model look like for AWS workloads?

For AWS-specific workloads, Prosimo control plane will orchestrate the

  • AWS Verified Access service in the target workload regions and set up the IDP and DNS integrations.
  • Orchestrates connectivity options such as AWS Transit Gateway and AWS Cloud WAN for proximity-based user ingress.
  • Adds EDR controls needed
    Sets up log exports to SIEM.

All these are existing functions today with the Prosimo control plane, and the integration will extend this model to Verified Access for AWS workloads. In addition to Verified Access-specific controls, Prosimo will expose its value-added layers, such as performance controls needed, dynamic risk-based access, etc. Verified Access will be orchestrated by calling the APIs from Prosimo control plane for AWS workloads. User traffic ingresses the Prosimo fabric at the closest point and uses the performance lane set up for the application. Prosimo will enforce policies directly as the traffic ingresses for applications needing progressive policies such as dynamic risk-based access, then route to Verified Access as required.

Turbocharge the Secure Application Access journey

Enterprises get a full VPN Elimination use case leveraging a cloud-native service. Prosimo becomes a unified offering for all traffic patterns to AWS and any cloud. Customers don’t need to allocate resources to manage many integrations across IDP, Verified Access, AWS Route 53, Transit Gateway, PrivateLink, threat analytics, etc. They get a unified solution that is orchestrated end to end out of the box with performance control on a per-application level.


AWS Resources