While working at Palo Alto Networks on endpoint security we had a front row seat for some major changes in enterprise IT, networking, and security. Namely, the collapse of the enterprise perimeter, the rise of the cloud and, more recently, the disruption of network and application access. Here are some of the key trends we noticed:
Collapse of the Perimeter & The Rise of Cloud
The entire notion of enterprise IT was designed to build a layered defense around the network perimeter. The shift from on-premises data centers to cloud delivered apps and services has enabled massive scale, more agility and significant cost savings. But from a security and risk perspective, It tilted the playing field in the direction of attackers in a way that we are still grappling with today. Now, the security weaknesses and vulnerabilities of your partners are your own. Third party risk is now a major concern. This trend was exposed in the Target attack nearly a decade ago, and continues to this day, ask any SolarWinds or Kasaya customers.
Zero Trust Access – Disrupting Traditional Access Controls
With the rise of the internet and mobility, the notion of work started to change a decade ago. You no longer had to be in the office to do your job. Tools like VPNs, VDI emerged to provide remote access to enterprise applications and services. For years they were known to be vulnerable to attack and provided a poor user experience. The past 18 months have exposed these shortcomings. With work from anywhere solidified, enterprise access needed to change, and change it is. Nearly 40 vendors have emerged offering Zero Trust Network Access (ZTNA) solutions. Identity and access management is another crowded market with dozens of vendors and new approaches.
What do these crowded markets have in common? The focus is on the user and identity as the new perimeter. We saw a real gap in the Zero Trust market around device identity. Identifying and authenticating the user but not the device made no sense to us. Protecting the device from threats? That’s important, but not good enough from a Zero Trust perspective. In that model, insecure and vulnerable devices are often allowed to access enterprise applications and services.
When and How to Trust
These market changes evoke some fundamental questions on how to really achieve Zero Trust from a device perspective:
- What devices are accessing my applications and services?
- When is it OK to trust a device to access enterprise services, applications, and resources?
- How would I control access by user and device rather than only by user?
- How do businesses ensure that the devices are trusted before they are allowed to access apps and services?
- How can you ensure a strong device security posture without compromising business continuity?
- Is there a way to improve device security by enabling end user self-service security updates?
While the industry has been addressing network security and user identity, which are complex problems, they have neglected device identity, while it is the devices that are the favorite targets by adversaries to launch targeted attacks such as ransomware.
That’s why we founded Infinipoint, to solve the gap in Zero Trust for devices – ensuring a strong device security posture while maintaining business continuity.
A Single Enforcement Point: Device Identity and SSO
Now the hard part, identifying the best place to authenticate the device. The challenge we had to overcome was authenticating the device without disrupting the user experience or business continuity. Infinipoint is the first vendor to enable a consistent login experience with Single SignOn (SSO) that delivers centralized access to both on-premises and cloud applications. With Infinipoint, you can protect against risky devices, as well as unwanted access to your applications and data. This combination of user and device trust builds a strong foundation for a Zero Trust security model.
So here we are, the only company addressing the issue of device identity. We are pioneering the Device-Identity-as-a-Service (DIaaS) security category with a single enforcement point for all major identity providers including Okta, ForgeRock, Ping Identity, and Azure Active Directory, and business services such as Salesforce, Google Workspace, Office 365 and AWS.
The Infinipoint DIaaS offering helps customers to:
- Deliver ongoing security posture outcomes.
- Protect data and services from vulnerable/dangerous/non-compliant devices.
- Enable a risk-managed process for the organization to adapt to the evolving working format with real-time discovery, management, and remediation of threats to business operations.
- Improve productivity, optimizing security management through process and automation, including end user one-click remediation.
Zero Trust is about enabling the enterprise to verify everything it connects to, so the user, the device and the network can all be trusted. DIaaS enables the enterprise to verify and trust devices. When a device does not meet the policy as “trusted”, Infinipoint enables 1-click remediation so the device can be updated to meet the policy, without disrupting user access.
We are solving a massive problem that has been largely ignored within the Zero Trust architecture until now.
CEO and Co-Founder
CTO & Co-Founder