Today's workforce isn't limited to the walls of the office, they're working from remote locations, using a wide range of cloud services and SaaS apps. The traditional network perimeter security model no longer applies, leaving companies vulnerable and employees frustrated.
Google got it right with their BeyondCorp initiative, effectively redesigning their corporate security architecture with the user experience top of mind. We built our Web Access product following the same Zero Trust principles as Google. Access to company web apps is only granted once the user and device are fully authenticated and authorized at the application layer, eliminating trust from the network. As an added bonus, you no longer need to use a corporate VPN, which makes everyone happy.
Specify who has access to what through simple team and role based controls. Further protect sensitive apps with policies that factor in additional controls such as ensuring that the user’s device is up to date.
All traffic to company web applications flows through a central gateway. This delivers a consistent authentication and authorization workflow, as well as provides a logical monitoring and logging point.
For the users, logging into web applications is straightforward, with ScaleFT handling the workflow behind the scenes. Every request is processed, with any needed remediation tips given back to the user.
ScaleFT integrates with your corporate Identity Provider for governance, and also operates an OpenID Connect workflow for a streamlined authentication and authorization workflow well suited for company apps.
The gateway that all requests flow through is a highly available reverse proxy service built to handle large volumes of traffic. The proxy protects the web apps from the public Internet, and handles the auth workflow.
Successfully authorized requests are issued a single-use JSON web token scoped to the user, client device, and resource being accessed. The token includes attestations of user identity and authorization, which origin servers can validate cryptographically.
ScaleFT exposes a public API that supports additional customization for features such as manager approval. The API also integrates with a client-side URL Handler that allows you to build event-driven workflows on top of ScaleFT.
If a request is not authorized, the user is told exactly why they were denied access, with tips for self-remediation. This is exposed through friendly human language instead of an opaque error message.
ScaleFT monitors the end user session and is continually reevaluating trust in the background. Should a policy change or a user’s status change, the active session will be notified for any action to be taken.
"If a company like ScaleFT can help get us there, we're 100% on the BeyondCorp model. We won’t be able to do it ourselves and I was very grateful to be able to see a company like ScaleFT come along and solve a lot of the hard parts. It's not very often you get to read something that Google's doing and say, 'Hey, we can do that too now!'"
- Ryan Seekely, Director of Infrastructure and Security at Quid