* ScaleFT Web Access is currently available to select customers in beta
Today’s workforce isn’t limited to their desktop workstations. Employees increasingly work remotely from mobile devices, and the enterprise applications they use everyday are operated in the cloud. The traditional network perimeter security model doesn’t work well in this new reality, leaving companies vulnerable and employees frustrated.
As evidenced by Google’s BeyondCorp, the Zero Trust model is a more effective architecture for the modern cloud era. We built our platform from the ground up, closely following the principles of Zero Trust. Through configurable access policies, access to company web apps is granted based on the user and device attempting to connect to a specific resource – eliminating trust from the network, which mitigates common attack vectors, and makes employees happy to not have to use a VPN.
Specify who has access to what through simple team and role based controls. Further protect sensitive apps with policies that factor in additional controls such as ensuring that the user’s device is up to date.
All traffic to company web applications flows through a central gateway. This delivers a consistent authentication and authorization workflow, as well as provides a logical monitoring and logging point.
For the users, logging into web applications is straightforward, with ScaleFT handling the workflow behind the scenes. Every request is processed, with any needed remediation tips given back to the user.
ScaleFT integrates with your corporate Identity Provider for governance, and also operates an OpenID Connect workflow for a streamlined authentication and authorization workflow well suited for company apps.
The gateway that all requests flow through is a highly available reverse proxy service built to handle large volumes of traffic. The proxy protects the web apps from the public Internet, and handles the auth workflow.
Successfully authorized requests are issued a single-use JSON web token scoped to the user, connecting device, and resource being accessed. User metadata is injected into the token, which is encrypted.
ScaleFT exposes a public API that supports additional customization for features such as manager approval. The API is backed by a URL Handler that allows you to build event-driven workflows on top of ScaleFT.
If a request is not authorized, the user is told exactly why they were denied access, with tips for self-remediation. This is exposed through friendly human language instead of the usual archaic messaging.
ScaleFT monitors the end user session and is continually reevaluating trust in the background. Should a policy change or a user’s status change, the active session will be notified for any action to be taken.