Alex Marshall •
By Tanuj Chatterjee, SVP Engineering, Pango
How Pango moved to Twingate’s trendy distant entry mannequin in lower than 24 hours throughout Covid-19
Like many corporations, COVID-19 compelled us to maneuver to a very distant mannequin for each worker with out a lot discover. Whereas we had been already globally distributed with workplaces on three continents, there’s a major distinction between staff in a handful of workplaces world wide and a mannequin the place 100% of staff are distant.
One of many largest points we recognized instantly was that our legacy company VPN was not constructed to deal with everybody working remotely.
Whereas we provide the main shopper VPNs that thousands and thousands of individuals use to guard their privateness and safety, we used a reasonably conventional company VPN deployment for inner distant entry wants. We had been utilizing each an OpenVPN and IPSec primarily based VPN to supply entry to the interior assets and functions that our international worker base wanted to get their work accomplished. Even earlier than a 100% distant work mannequin, most of the international staff noticed efficiency points with these conventional VPN merchandise. With each worker instantly going distant, we knew these efficiency and reliability points would develop into main challenges for us to beat.
As well as, we glance to make continuous enhancements to our firm safety posture given the important position that our providers play in conserving thousands and thousands of individuals protected and safe. Due to that, we had recognized our OpenVPN and IPSec primarily based company VPN as a possible vulnerability level for outdoor attackers. Each conventional company VPN (together with these supplied by massive established enterprise safety corporations) require a public VPN gateway to perform. This public VPN gateway advertises itself on the web with a view to present distant entry to staff. Nonetheless, this identical public VPN gateway can be an assault floor for potential hackers and has already led to multi-million greenback safety breaches for corporations world wide.
Like each firm with a standard company VPN, our entry logs confirmed exterior events frequently probing the VPN gateway for vulnerabilities. Many corporations see a whole lot of unauthorized entry makes an attempt a second, and our company VPN gateways had been no completely different. Worse nonetheless, as a result of conventional VPNs place customers “on the community”, they’re a standard goal for hackers to realize entry into a company community and transfer laterally to trigger important injury.
Due to this, we had been wanting to implement an answer that each solved the distant entry productiveness challenges of our legacy company VPN whereas additionally considerably bettering our safety posture.
Exploring a Higher Method: Twingate
At Pango, we acknowledged the necessity for a greater choice to conventional company VPNs. We all know firsthand with our shopper merchandise that cell gadgets and the cloud have basically remodeled how folks reside their every day lives. These identical macro developments have additionally pushed basic adjustments to how work is completed in corporations world wide. Groups are regularly distributed, staff entry functions that reside in information facilities in addition to the general public web, and work is completed in every single place.
With a whole lot of consultants in safety and enterprise networking at Pango, final 12 months we created an inner mission to construct a contemporary various to company VPN. In a world the place the standard, perimeter primarily based method to community safety appeared more and more archaic, we knew there was a greater method. The end result of this effort is a brand new product referred to as Twingate. Twingate is a contemporary various to company VPNs particularly designed for a “work from in every single place” actuality.
Twingate provides a major enchancment to a company’s safety posture, whereas providing finish customers with seamless expertise and IT admins with a service that’s straightforward to handle. It supplies “Zero Belief Community Entry” with out the difficult deployment and configuration usually required by different options.
Key advantages of Twingate are:
- Eliminates public assault surfaces: With Twingate, your inner community is darkish to the skin web. With no public entry factors into the community, non-public assets and functions keep utterly non-public.
- Granular least-privilege entry: Twingate solves one of many largest points with conventional community safety fashions by eradicating the idea of “trusted customers” on the community. Customers are granted entry solely to the assets they want and nothing extra, which prevents the prospect of any compromised machine or account transferring laterally throughout the community.
- Straightforward to deploy & handle: Twingate is designed to be deployed in minutes. No community adjustments, no configuration adjustments to assets, and finish customers can obtain apps instantly from the general public shops. Directors can simply handle customers, set entry permissions, and achieve visibility over their numerous apps and providers from a central admin console.
- Quick & Dependable: Twingate effectively routes site visitors on to the top locations with out high-latency site visitors backhauls to a central company community. This implies customers get blazing quick efficiency wherever they’re.
Luckily, we had Twingate able to go when shelter-in-place pointers required us to shut all our firm workplaces.
The End result
Even whereas coping with all of the logistical complexities of shifting to a 100% distant work mannequin, we had been in a position to transfer your complete Pango worker base of 300 staff throughout three continents to Twingate in 24 hours.
Our IT groups deployed Twingate connectors into numerous distant networks together with VPCs in AWS and personal on-prem networks in below an hour, and had been in a position to begin granting distant entry to staff on that very same day. Our staff merely downloaded the Twingate shoppers instantly from the general public app shops. No want for IT handholding to put in difficult VPN profiles on a whole lot of gadgets.
After a couple of days of testing, we had been in a position to shut down our legacy company VPN and have your complete firm working on Twingate. Our IT and safety groups gained new-found visibility and management over our most important assets, and our staff had been ecstatic to by no means must cope with the efficiency and value challenges with the legacy VPN.
We estimate that we’ll save over $70,000 a 12 months with Twingate given the decrease complete value of possession vs our legacy VPN. Our IT groups are actually free of the frequent calls for of sustaining and managing a legacy company VPN, staff are each extra productive and happier, and we’ve considerably elevated our safety posture.
Whereas these are difficult occasions for each firm world wide, Twingate has helped us securely transition to a “work from in every single place” mannequin.