Case Study - NetFoundry

KEO Replaces VPNs with NetFoundry’s Zero Trust Network

Surendran Naidu — Fri, 14 Nov 2025 18:10:43 +0000

Case Study

KEO Replaces VPNs with NetFoundry’s Zero Trust Network

KEO

KEO International Consultants, a global leader in architecture, engineering, and project management, has been at the forefront of delivering iconic projects for over 57 years. Ranked among the top international firms by ENR and World Architecture, KEO’s mission is to drive innovation and create remarkable experiences.

To support its global operations and diverse workforce, KEO recognized the need to overhaul its network infrastructure and find a VPN replacement, ensuring seamless connectivity across project sites, branch offices, and remote locations.

KEO International Consultants transformed its network by partnering with NetFoundry to replace outdated MPLS and VPN technology, achieving over 50% cost savings and a 60% improvement in operational efficiency. This cloud-native, Zero Trust model enhances connectivity and security for KEO’s global workforce, supporting its innovation and digital transformation initiatives.

Case Study Highlights

Cost Reduction

Reduced network costs by over 50% with zero trust connectivity.

Global VPN Replacement

Enabled global workforce support with secure, agile cloud-native networking.

Rapid Deployment

Deployed secure networks in minutes, boosting operational efficiency by 60%.

Scaling Challenges Ahead

KEO needed a secure, cost-effective solution to replace inefficient MPLS circuits.

Obstacle

KEO faced numerous challenges in maintaining and scaling its global network. The reliance on MPLS private circuits and VPNs for secure access proved expensive, inefficient, and unable to support the organization’s growing connectivity needs. The existing VPN technology lacked modern security features and could not provide the robust, agile connectivity required to support their workforce efficiently. As KEO expanded its cloud presence through Azure in Europe, they needed a solution that could securely connect employees across branches, project sites, and remote locations, while reducing costs and improving performance. The firm planned to decommission their outdated MPLS circuits, but the lack of a scalable, secure alternative presented a significant hurdle. They also need a VPN replacement that is less of a burden to manage and maintain for all its customers, 3rd parties, vendors and partners.

Opportunity

KEO partnered with NetFoundry to leverage NetFoundry Cloud, its Zero Trust Network-as-a-Service (NaaS) platform. The solution provided a software-defined, cloud-native alternative to traditional networking models, allowing KEO to implement secure, micro-segmented connections from endpoints, branches, and cloud environments like Azure. The private secure network segments called AppNets were the perfect replacement for VPNs. The benefits of NetFoundry’s platform included:

Agility: Enabled secure and reliable connectivity, resulting in a 60% improvement in operational efficiency.
Software-Defined Networking: Eliminated the need for physical circuits and complex hardware, simplifying management and deployment.
NaaS Model: A fully managed, operational expense model with all infrastructure maintained by NetFoundry.
Cost Savings: Achieved more than a 50% reduction in costs compared to traditional MPLS circuits.
Simplification: Unified a single, global, zero trust and SASE (Secure Access Service Edge) environment.
Future-Proof Flexibility: A scalable solution that adapts to any use case and supports additional cloud and digital transformation initiatives.

Agile Secure Connectivity

NetFoundry’s AppNets deliver cost-effective, scalable, and software-defined networking.

“NetFoundy presented us with the opportunity to reset the old clichés and to disrupt long-standing operating models, creating a far more agile workforce and work itself. By collaborating with NetFoundry we are changing the game and building a highly agile digital organization to deliver unmatched innovation to our clients."

Damir Jaksic, Chief Information Officer, KEO International Consultants

Rapid Network Deployment

KEO swiftly builds secure, global networks, enhancing efficiency and operational flexibility.

Outcome

With the NetFoundry Cloud platform and AppNets, KEO transformed its global network into a fully programmable, cloud-native fabric. The firm can now deploy secure networks in minutes, allowing them to scale quickly and efficiently. By adopting NetFoundry’s NaaS model, KEO eliminated the need for dedicated IT resources to manage hardware and instead shifted their focus to delivering value to clients.

As a result, KEO achieved the following:

Reduced network costs by over 50% while maintaining high throughput performance.
Deployed secure networks rapidly, minimizing setup time from weeks to mere minutes.
Supported a globally dispersed workforce and implemented “Work from Anywhere” initiatives seamlessly.
Leveraged zero trust architecture and AppNets to provide military-grade security and secure web access, enhancing protection against cyber threats.
Improved operational efficiency by approximately 60% through simplified network management.
Reduced the risk of security breaches and vulnerabilities with a robust, end-to-end zero trust solution.

KEO’s network transformation exemplifies the power of cloud-native orchestration, allowing the company to manage zero trust, high-performance networks across the globe efficiently and securely.

VPN Replacement with NetFoundry AppNets

KEO International Consultants successfully transformed its networking infrastructure with NetFoundry’s Zero Trust NaaS platform. By replacing outdated MPLS circuits and VPN technology, KEO achieved significant cost savings, improved network performance, and enabled secure, agile connectivity for its global workforce. The collaboration between KEO and NetFoundry laid the foundation for further cloud-first initiatives and digital transformation, enhancing KEO’s ability to deliver innovative solutions to its clients.

Secure Connectivity Redefined

KEO replaces MPLS and VPN, achieving cost savings and enhanced performance.

About NetFoundry

Networking once limited application innovation and automation, with security and performance improvements often added as an afterthought. NetFoundry is transforming cybersecurity by embedding zero trust networking directly into code. Our NetFoundry Cloud solution integrates zero trust networking as software within apps, APIs, IoT devices, and critical infrastructure—rendering these assets invisible and unreachable to attackers.

As the world’s first programmable, cloud-native, zero trust network, NetFoundry Cloud delivers unmatched scale, concurrency, and performance. It empowers developers, network engineers, DevOps, and cloud teams to programmatically manage private, high-performance, zero trust networking with ease.

Built on the NetFoundry Platform and the Ziti architecture, our solution is available as open-source via the OpenZiti project, the world’s most widely integrated and trusted open-source networking platform. With NetFoundry, secure, zero trust networking is no longer an afterthought—it’s engineered directly into the core of digital infrastructure.

The post KEO Replaces VPNs with NetFoundry’s Zero Trust Network appeared first on NetFoundry.

LiveView Technologies Case Study

Robert Caamano — Sat, 05 Oct 2024 16:19:40 +0000

NetFoundry

Resources

Case Study

LiveView Technologies Case Study

Case Study

Distributed Video Surveillance Made Simple and Secure

LiviView Technologies, LVT, provides on demand, rapidly deployed surveillance to some of the largest companies in the world. Energy, law enforcement, DOTs, retail and construction rely on LVT’s leading security technology and surveillance solutions. LVT’s success resulted in a large, distributed network which became very expensive and difficult to manage using legacy networking. LVT partnered with NetFoundry to transform the networking from a rapidly growing cost center to a competitive advantage, including strengthening data security for LVT, LVT customers and the LVT ecosystem.

We are committed to making the world a safer place, and we are just as committed to protecting our clients’ data and information. Partnering with NetFoundry isn’t just a way to accomplish this, but the best way.

Steve Lindsey, CTO and CIO, LVT

Case Study Highlights

Transformative Security & Cost Efficiency

LVT partnered with NetFoundry to enhance data security through zero trust network overlays while significantly reducing cellular and cloud egress costs, turning networking into a competitive advantage.

Streamlined Operations & Innovation

The shift to a software-only architecture improved operational efficiency by centralizing controls and telemetry, enabling LVT to drive innovation in analytics, AI, and seamless partner integrations.

LVT's Network Management Obstacles

LVT struggled with security risks from private mobile APNs and VPNs, high egress costs from data backhauling, and operational complexity due to decentralized controls. Those challenges hindered automation and innovation, limiting effective customer data protection.

Obstacle

LVT had significant challenges with multiplying locations and networks for their surveillance cameras that are distributed globally, leveraging multiple cellular carriers, local networks (for example, a retailer’s local network) and increasingly private 5G.

The data is distributed across cameras, LVT sites, customers and partners. With the rise of edge compute and edge AI, the workloads are becoming even more distributed.

Finally, there is a management network – including monitoring, upgrades, remote management, APIs, telemetry and operations. As LVT is highly automated, this is a very dynamic network.

Challenges with large, distributed, dynamic networks

LVT’s growth and commitment to protecting their customers’ data presented several challenges:

Security vulnerabilities

The private mobile APN and local networks do not provide the zero-trust posture which LVT demanded for its customers. The VPNs from the private APN providers to the LVT sites were even worse.

Significant cellular and cloud egress costs

All data had to be backhauled to LVT sites. LVT distributed data from there, resulting in high cloud egress costs. Meanwhile, cellular costs were rising as choices like Wi-Fi were often not secure or reliable enough.

Velocity and operational obstacles

The lack of centralized telemetry, controls, identities and policies compromised many LVT automation initiatives. Dependencies on firewalls and ACLs, VPNs, hardware and IP addresses added operational overhead and complexity. Adding to the complexity was the need for bespoke solutions for different needs, e.g. needing to manage different solutions for inbound (e.g. secure remote access) and outbound data needs, as well as differences between different edges and clouds.

Lack of innovation

LVT innovation was one reason behind their success. Newer initiatives to leverage edge compute, integrate with partners, and use local networks including private 5G and Wi-Fi were made infeasible by dependencies on legacy networking, including the need to backhaul all data. Even using multiple clouds was problematic due to the VPN backhaul from the mobile carrier APNs.

Business Benefits of the NetFoundry-based Solution

Innovation

By replacing legacy networking and security with a pure software, network independent solution, LVT continues to shape the future of surveillance.

Cost savings

Eliminating the upfront costs and OpEx of cloud egress, private APNs, VPNs and hardware dependent solutions enabled LVT to invest more in building world class products.

Quality improvement

Despite multiple last mile bandwidth providers, LVT gained centralized telemetry, controls, identities and policies. This ultimately enabled high quality services and better customer visibility.

Strong security

LVT has always been proactive in protecting customer data, so LVT seized the opportunity to upgrade to a zero implicit trust architecture which exceeded guidelines from NIST and CISA, and meant LVT was continuing to be the leader.

Solution & Outcome

Optimizing large, distributed, dynamic networks

LVT partnered with NetFoundry to solve each of the challenges described on the previous page. It also enabled LVT to move to a software-only, network-independent architecture to get the future-proofed extensibility and flexibility LVT wanted to ensure they could continue to shape the future of surveillance:

Security

NetFoundry’ software-only, zero trust network overlays meant underlay networks no longer mattered. Private APNs and VPNs could be eliminated. Wi-Fi, public APN and private 5G could be used. LVT, customer and partner networks could receive LVT data without any network exposure – rather than host perimeter security devices or poke holes in their firewalls, they open outbound-only sessions to the private LVT network overlay. Their firewall rules are literally deny-all inbound!

Cost savings

Cellular and cloud egress costs were massively reduced. Some data can go directly from cameras and edge sites to destinations, without first backhauling to LVT sites, and then incurring cloud egress costs. The most cost-efficient local bandwidth could be used for each site. Unreliable (but cheap or free) networks could be used for operations like software upgrades because the NetFoundry software enables different networks to be used for different purposes.

Operations excellence

Gaining centralized, network- independent telemetry, controls, identities and policies fueled LVT’s quality control and automation initiatives. Velocity skyrocketed due to the elimination of dependencies on firewalls, ACLs, VPNs, hardware and IP addresses. The NetFoundry solution secured both inbound and outbound, and abstracted away differences in edges, networks, clouds and customer environments such that LVT simply manages centralized identities and policies.

Accelerated innovation

LVT unblocked initiatives in quality, analytics, AI and functionality. LVT was now able to leverage any network, edge compute and cloud. LVT was able to integrate with partners and APIs without any network engineering or security risks. The replacement of hardware, infrastructure and IP-address dependent solutions with NetFoundry’s 100% software solution meant that the entire LVT stack became one software system, with corresponding extensibility and flexibility.

A New Era in Surveillance Technology

LVT partnered with NetFoundry to create a software-only, network-independent architecture, enhancing security and cutting costs. This transformation improved operational efficiency and enabled greater innovation in quality and analytics, simplifying collaboration with partners.

About NetFoundry

Networking was once a barrier to app innovation and automation with dependencies on after-the-fact security and performance engineering. NetFoundry is shifting the paradigm in cybersecurity by embedding zero trust networking and security as code. Our NetFoundry Cloud solution embeds zero trust as software into apps, APIs, IoT devices, and other valuable assets rendering critical infrastructure invisible to the internet – and unreachable by potential attackers. It is the world’s first programmable, cloud native, zero trust network with near unlimited scale concurrency, and performance. NetFoundry Cloud represents a new art of the impossible by enabling developers, network engineers, DevOps, and cloud teams to programmatically control private, zero trust, high performance networking. NetFoundry Cloud is built on NetFoundry’s Ziti platform which is part of the OpenZiti project, the world’s most used and widely integrated open source networking platform.

The post LiveView Technologies Case Study appeared first on NetFoundry.

Top 5 U.S. MilGov Contractor Private 5G Case Study

Michael Kochanik — Fri, 27 Sep 2024 01:22:18 +0000

Military Group Deploys Zero Trust Connectivity On Any Device, Any OS, Anywhere

How a Leading Contractor Embedded Secure Zero Trust Communication in Military Field Devices

Military groups needed secure communication between 5G handsets, reconnaissance drones, and databases, requiring session-level microsegmentation with specific session permissions.

Top 5 U.S. MilGov Contractor
Private 5G.MIL™ Communications

5G.MIL is a secure, 5G-enabled “network of networks” integrating military and commercial telecommunication infrastructures. It supports seamless, resilient communication across air, land, sea, space, and cyber domains, enhancing interoperability between 5G, NextG, and DoD networks for effective military operations.

Obstacle

The primary obstacle for the military contractor was ensuring the secure and efficient transmission of highly sensitive mapping data captured by drones over a private 5G network, overcoming challenges posed by traditional VPN solutions in deployment, management, scalability, and access control granularity

Opportunity

The opportunity lay in leveraging NetFoundry’s Ziti’s Zero Trust architecture to provide secure, application-layer communications with fine-grained access control, seamlessly integrating with the private 5G network to protect data transmissions between drones, virtualized databases, and mobile devices used by ground troops.

Outcome

The integration of NetFoundry’s Ziti networking into the military contractor’s project ensured secure, real-time communication within the private 5G network, protecting sensitive mapping data from drones and enabling ground troops to efficiently access and interact with this information, thereby enhancing operational effectiveness and mission success.

Securing Drone Data

The primary obstacle faced by the military contractor was ensuring the secure and efficient transmission of highly sensitive mapping data captured by drones. This data needed to be transmitted over a private 5G wireless network to a cluster of virtualized databases. The challenges included:

Traditional VPN Limitations:
- Cumbersome to deploy, manage, and scale.
- Insufficient granularity in access control.
Dynamic and Mobile Nature of Ground Troops:
- Required a secure yet flexible means of accessing and interacting with data in real-time using mobile devices.
Existing Security Measures:
- Inadequate to address the high stakes of potential data breaches, compromising mission success and troop safety.

This created an urgent need for a more robust, scalable, and fine-grained access control solution.

Applying Zero Trust

NetFoundry and the Ziti Platform presented a compelling solution to these challenges due to its Zero Trust architecture and open-source nature:

Application Layer Security:
- Provides end-to-end encryption.
- Ensures only authenticated and authorized entities can access the data.
Fine-Grained Access Control:
- Each ground troop can access only the data necessary for their specific role and mission.
Flexibility and Scalability:
- Seamlessly integrates with the private 5G wireless network.
- Facilitates secure communication between drones, virtualized databases, and mobile devices.
Protection Against Interception:
- Ensures data transmitted and received is protected against unauthorized access.
- Maintains confidentiality and integrity of mission-critical information.

Mission Accomplished

The integration of Netfoundry Ziti Platform into the military contractor’s project was a decisive success, ensuring secure communications across the private 5G wireless network:

Zero Trust Architecture:
- Secured all communications from drones to ground troops’ mobile devices.
- Real-time encryption and authentication prevented unauthorized access and data breaches.
Enhanced Operational Effectiveness:
- Enabled ground troops to securely and efficiently retrieve and interact with up-to-date mapping data.
- Improved situational awareness and operational effectiveness.
Demonstrated Feasibility:
- Showcased the feasibility and effectiveness of using drones and private 5G technology for secure battlefield intelligence.
Validated Technology:
- Positioned the military contractor as a leader in innovative and secure communication solutions for defense applications.

Lives depend on this solution.

Solution Overview: Embedded Zero Trust Communication in Military Field Devices

Achieve Secure 5G with NetFoundry

Session-Level Microsegmentation for Military Applications

Learn how Ziti enabled secure, session-specific communication for military applications,

ensuring robust security and operational efficiency.

The post Top 5 U.S. MilGov Contractor Private 5G Case Study appeared first on NetFoundry.

VPN Alternative: Tata Sons’ Shift to NetFoundry’s Zero Trust AppNets

Surendran Naidu — Wed, 25 Sep 2024 18:03:26 +0000

NetFoundry

Resources

Case Study

VPN Alternative: Tata Sons’ Shift to NetFoundry’s Zero Trust AppNets

Case Study

Tata Sons is the principal investment holding company and promoter of Tata companies, India’s only value-based corporation – a visionary, a pioneer, a leader, since 1868. Tata group is a global enterprise comprising 13 companies across ten verticals. The group operates in 100 countries across six continents. 66% of the equity share capital of Tata Sons is held by philanthropic trusts, which support education, health, livelihood generation, and art and culture.

We wanted a VPN alternative to have an easy-to-use, seamless and secure solution for our users to connect to apps hosted across clouds from anywhere.

Royen Fernandes, Tata Sons IT

Case Study Highlights

Software-only, Zero Trust NetFoundry Cloud replaces multiple point solutions

The NetFoundry Cloud has enabled Tata Sons to replace SSL VPNs, jumpshots, MPLS VPNs and SDWANs with a single Zero Trust overlay network and application-specific AppNets without the need for any hardware. NetFoundry Cloud is a Network As A Service offering of the NetFoundry Ziti Platform hosted and managed by NetFoundry experts.

Global, Secure Network with Distributed Users and Applications

Tata Sons employees, along with other users, seamlessly access applications hosted across private and public clouds, as well as hosted data centers, from any location. Leveraging a zero trust network overlay, they achieve the highest levels of security, control, and visibility, with full adherence to zero trust principles. Whether on Windows or Mac devices, users assigned to NetFoundry AppNets are granted least-privilege, microsegmented network access to specific resources, ensuring secure connectivity to essential systems from any location.

Tata Sons needed a VPN alternative to improve its security across distributed environments. It required a zero trust architecture and transitioned from VPNs to NetFoundry AppNets.

Challenge

Overcoming security concerns and optimizing network design

Tata Sons wanted to improve the IT security posture, moving away from vulnerable VPN technology and multiple point solutions that hampered performance. The goals were to find a VPN alternative that provided seamless and secure access for apps to users from the office or anywhere with consistent application performance. Tata Sons had deployed, SSL VPN for remote access, IPSEC or MPLS VPN and P2P links to connect offices and employees working from anywhere to apps hosted in private DC, Azure public cloud and hosted DC. Tata Sons wanted to improve security posture and overcome performance bottlenecks due to VPNs and point solutions. With the advent of zero trust architecture and software defined networks, Tata Sons wanted to explore alternative solutions that would help meet the security, performance, agility and visibility goals and be ready for future growth

VPN alternative and network for the future: Distributed apps and users with complete visibility and control

Tata Sons had moved apps to Azure and a hosted cloud provider while some apps are hosted at the private DC. Tata Sons employees access apps from the branch locations or anywhere. There was also a requirement to connect the clouds viz Azure cloud / DC / hosted cloud. With COVID 19 changing the future of work culture, Tata Sons wanted to provide a seamless and productive experience to the users; wherever they were located. The new solution is required to support users connecting with a variety of devices including personal (BYOD) laptops and desktop PCs along with corporate supplied laptops. The existing internet connections and infrastructure at offices, private data centers, and hosted clouds had to be utilized for the new solution, while remote users could connect using any available home internet service. The old approach would not be secure enough. Tata Sons need a VPN alternative.

With NetFoundry Cloud implementation, Tata Sons experienced the following gains:

3 solutions replaced by NetFoundry Cloud

SSL VPNs for remote users, MPLS VPN for branches, DC and cloud & SDWAN

99.999%

uptime in the last 4 years

70%

reduced cost compared to point solutions

NetFoundry Cloud Zero Trust Architecture

Inherent Features By Design

1. Secure by default private, Zero trust fabric overlay renders all Apps and resources invisible to the Internet with no listening or open firewall ports or IPs

2. Routers on HA with automated load sharing of traffic ensure highest availability at Azure Cloud and private DC

3. Communication is outbound only requiring no listening IPs or ports and no firewall holes. Service binding via reverse communication is only permitted by AppNet association

4. Least privileged micro-segmented app connections for users and admin to access each application hosted across multiple cloud / DCs

5. Exceeds guidelines provided by NIST for zero trust architecture. Implemented with mutual TLS (mTLS), Poly 1305 cha cha 20 encryption and bi-directional X.509 certificate-based identity and authentication

6. Authenticate before connect: If a registered endpoint is not permitted to access a resource, it will never communicate to, or have awareness of, the provider of the resource unless provisioned to it

Solution

Achieving critical security across the organization with AppNets, a VPN alternative

The integration of NetFoundry Cloud into Tata Son’s infrastructure and apps allowed the company to immediately remove its complex dependencies on VPNs, mitigate issues with multiple point solutions and achieve deep insights into metrics such as application and endpoint utilization, dial logs, etc. With little to no friction, users and apps were migrated to the NetFoundry Cloud platform from the existing set up. The ability to embed zero trust networking for various use cases such as: (1) Remote access for employees to distributed apps, (2) Connectivity from branches to distributed apps, and (3) Hybrid cloud connect for data center and public cloud interconnect enabled the company to achieve unparalleled security and optimal performance.

The Tata Sons IT security architecture now exceeds the NIST framework on zero trust architectures for the network layer. NetFoundry Cloud authorizes each end-to-end encrypted session for least privileged access – creating microsegmented networks for each user group that prevents lateral movement of attacks between AppNets (microsegmented networks). Unlike the former complexities associated with the use of VPNs that exposed the vulnerabilities of the public internet, NetFoundry’s solution closes all inbound ports at the customer edge. The apps and endpoints are dark to the internet. This approach by itself keeps most internet originated attacks at bay.

Simple, efficient and performant

NetFoundry Cloud eliminated Tata Son’s complex and expensive “bolted-on” infrastructure and reduced the wait times to onboard apps and users. The smart routing fabric provides the least latency path over the Internet between any two communicating endpoints. The network can be globally extended to anywhere in the world on demand. The routers are deployed with high availability at Azure cloud and hosted cloud. The NetFoundry Cloud HA routers provide default load sharing of traffic so that the resources are optimally utilized while providing redundancy.

Operational simplifications and consistently high uptime

Tata Sons has been using the NetFoundry Cloud platform for 4 years since 2020 and over the years, there has been a proven track record of > 99.999% uptime. User friendly UI for admins, use of attributes for identities and services in the service policies has greatly simplified operations for the admins in the IT team. The user group and role level controls with specific micro-segmented AppNets (service policies) and least privilege access helps the security team with all the required control and exceeds any audit and compliance requirements of any globally recognized security control or standard. The NetFoundry Cloud metrics provides deep insights to the Tata Sons IT team. With the NetFoundry Cloud zero trust mesh network available across all DC, branch, user device / Cloud and hosted cloud locations, Tata Sons has complete reach of a military grade zero trust network that can scale on demand, expand globally and available across any new edge or cloud. NetFoundry Cloud has made Tata Son’s network security, “Future Ready”.

“We made the right choice by selecting NetFoundry. The platform is user-friendly, allowing our users with swift connections to accomplish tasks. Also, the solution works well with least overheads, enabling our users to connect seamlessly even with low bandwidth networks.” – Royen Fernandes, Tata Sons IT

Tata Sons achieved enhanced security by replacing VPNs with NetFoundry’s zero trust platform and AppNets, enabling seamless management and performance.

About NetFoundry

The post VPN Alternative: Tata Sons’ Shift to NetFoundry’s Zero Trust AppNets appeared first on NetFoundry.

Revolutionizing iPaaS Security – Digibee’s Zero Trust Implementation

Mike Guthrie — Fri, 20 Sep 2024 15:56:13 +0000

NetFoundry

Resources

Case Study

Revolutionizing iPaaS Security – Digibee’s Zero Trust Implementation

Digibee

Digibee iPaaS enables software engineers to build and maintain even the most complex data and systems integrations with unprecendented speed and simplicity. It serves some of the world’s largest banks, and is the prefereed iPaaS solution for 250-plus businesses, including Assai, B3, Barkley, Bauducco, GoPro, Oobe, and Payless. Digibee has embedded NetFoundry’s zero trust connectivity into their solutions for their iPaaS security.

Integrating NetFoundry Cloud into ur platform helps us obtain a competitive advantage in our ability to digitally transform our customers' business with a faster time to market a future-proofed IT infrastructure, the strongest security, and a reduced investment in operational costs.

Rodrigo Bernardinelli, CEO & Co-Founder, Digibee

Case Study Highlights

Accelerate innovation with faster deployments

Integrations between the iPaaS customer infrastructure are days to weeks faster, because they are no longer dependent on nailing up VPNs, managing IP address overlap problems, or deploying bastion hosts.

Provide customers with the strongest API security

APIs are unreachable from the Internet, only accessible from Digibee’s private NetFoundry Cloud zero trust overlay, while also making the APIs just as simple to consume.

Better customer results without security tradeoffs

Customers no longer need to open up inbound ports, VPNs or bastions in order to consume Digibee services. Digibee uses the NetFoundry Cloud platform for all networking, including APIs and remote management.

Streamlining Enterprise Integrations by Overcoming Security and Scalability Challenges

Digibee re-engineered its integration architecture to eliminate complex VPN dependencies and security vulnerabilities, enabling scalable, cost-effective connections between their infrastructure and customer pipelines while supporting exponential growth and operational agility.

Challenge

Overcoming Operational Complexities and Security Concerns

Digibee’s integration architecture is designed to enable enterprise integrations of any scale and size, unlocking organizational agility and supporting exponential growth. The platform offered a built-in API gateway, protected by cloud provider security features to avoid attacks such as DDos. In this model, Digibee utilized a bespoke solution for point-to-point, device-centric tunnels and a trust model with coarse-grained access controls, resulting in a highly manual and configuration heavy architecture.

Due to the attack surface created by open ports required by VPNS, Digibee’s leadership and technology teams began exploring alternatives to mitigate issues with IP overlap and reduce management time to simplify the connection between their infrastructure and their customers’ pipeline. The existing architecture simply had too many limitations to scale faster, safer, or more cost-effectively. Given the fact the company had different customers utilizing the same internal and overlapping IPs, the use of site-to-site VPNs made it hard to increase the customer base easily. And multiple providers further complicated VPN management and increased the cost of doing business.

Removing these interdependencies required the company to build a more robust infrastructure as its existing architecture was operationally burdensome to administer and difficult to scale. Customers scrutinized the security threat of open inbound ports required to access local interfaces and shift data to the Digibee platform in real-time. As a result, costs continued to rise due to ongoing operations and management of multiple types of customer endpoints, leaving Digibee struggling to optimize for performance and cost.

When integrating NetFoundry Cloud into its iPaaS architecture, Digibee experienced the following gains:

22%

Increase in customer revenue

18%

Reduction in infrastructure costs

15%

Expansion of global footprint

32%

Decrease in maintenance hours

NetFoundry "Zero Trust Designed-In" Architecture

Inherit strengths

1 - Secure by Default

Secure by default private, zero trust fabric overlay renders all APIs and customer-side assets invisible to the internet, closing all open inbound firewall ports

2 - Embedded Zero Trust

SDKs enhance the ability to build zero trust access directly into apps or any edge instantly extending anywhere, instead of a host device or gateway

3 - Closed Inbound Ports

Communication is outbound only requiring no overlapping IPs, no port-forwarding, and no firewall holes. Service binding via reverse communication is only permitted by AppNet association

4 - Least Privileged Access

Least priviledged micro-segmented app connections for data collection from APIs and admin access to networks for each individual customer session

5 - mTLS and X.509

Exceeds US federal government zero trust mandates with mutual TLS (mTLS), encryption and bi-directional X.509 certificate-based identity and authentication

6 - Authentication Required

Authenticate before connect: If a registered endpoint is not permitted to access a resource, it will never communicate to, or have awareness of, the provider of the resource unless provisioned to it

Solution

Achieving critical security at scale using AppNets

The integration of NetFoundry Cloud into Digibee’s infrastructure and customer pipeline allowed the company to immediately remove its complex dependencies on VPNs, mitigate issues with overlapping IPs, and scale the onboarding of new clients and workloads (UVP) with little to no friction. Reliant upon secure and efficient customer data transport, the ability to embed zero trust networking as code enabled the company to achieve unparalleled protection and security.

The iPaaS platform now exceeds US Federal government zero trust mandates with mutual TLS, X.509 identities, and a private DNS. CloudZiti authorizes each end-to-end encrypted session for least privileged access – creating micro-segmented networks for each individual customer session. Unlike the former complexities associated with the use of VPNs that exposed the vulnerabilities of the public facing edge, NetFoundry Cloud allowed Digibee to take edges off the internet and available only to authorized endpoints without VPN clients or overlapping, whitelisted static IP addresses – and do it with code and control it all from the cloud.

Digibee’s new cutting-edge zero-trust networking architecture enabled secure L3 access to IP: PORT/PROTO or internal DNS names through AppNets. AppNets are essentially NetFoundry’s implementation of zero trust microsegmentation and includes the identities, services and policies that are configured for each NetFoundry AppNet. This allowed endpoints to exist in multiple environments, and with the help of SDKs, zero trust access could be seamlessly integrated into the iPaaS application with performant RDP and SSH. AppNets offered outbound-only communication and service binding via reverse communication. Endpoints had to authenticate before connecting, and administrators could effortlessly provision access to new servces and distribute them to other endpoints. Users could safely access high-performaing services like live video with this private network’sadded security and performance.

NetFoundry Cloud elimited Digibee’s complex and expensive “bolted-on” infrastructure and processes that their public-facing endpoints traditionally required. The same platform secured remote management of the company’s infrastructure, secured connections to its CI/CD and ops management and monitoring solutions, and secured networking between its servers and backend data stores with certificate-based security applied to the network layers (not just applied to the user level).

Transforming Security and Scalability with NetFoundry’s AppNets

By integrating NetFoundry Cloud and AppNets, Digibee eliminated VPN dependencies, enhanced zero trust security, and seamlessly scaled customer onboarding and data transport, achieving secure, efficient connectivity across diverse environments with automated, code-driven management.

We have significantly reduced our VPN complexity and mitigated issues related to NAT and FTP with overlapping IPs, which has enabled us to onboard new clients and workloads with as little friction as possible. NetFoundry has allowed us to scale faster, safe, and more cost-effectively, while NetFoundry Cloud's zero trust overlay mesh network provides secure provisioning, management, and networking into our solutions as pure software.

Rodrigo Bernardinelli, CEO & Co-Founder, Digibee

Streamlining Operations and Enhancing Security with NetFoundry Cloud

NetFoundry Cloud empowered Digibee to embed secure, cloud-native networking into its platform, simplifying customer onboarding, reducing dependencies on traditional infrastructure, and enabling agile, automated management with improved performance and reduced support costs.

Operational simplifications, automation, and maintenance

NetFoundry Cloud enabled Digibee to embed secure provisioning, management, and networking into its platform as pure software, and its cloud-native integration with every major cloud allowed the company to build and run scalable applications. This greatly reduced the time to onboard new customers and deploy workloads, while improving and simplifying the security posture of the enterprise.

The new architecture eliminated VPN and private mobile APN backhaul and the dependencies on static IPs or port forwarding. It also enabled simple remote provisioning and management for authenticated administrators, using any network, even third party WiFi. Now with private app-specific networking, Digibee can limit bespoke IT systems and extend zero trust security across many use cases to be future-ready and solve new security challenges over time.

The cloud orchestrated software improved app performance and productivity of the company, increasing agility and automation, and decreasing support costs. NetFoundry Cloud’s Smart Routing capabilities also ensured Digibee could automatically minimize latency as endpoints and routers dynamically choose the best path available on the private, zero trust fabric. The complete, integrated solution simplified customer deployments for the company and significantly reduced maintenance and support hours.

About NetFoundry

The post Revolutionizing iPaaS Security – Digibee’s Zero Trust Implementation appeared first on NetFoundry.

TZ Deploys NetFoundry Cloud To Remotely Manage Its Smart Locker Systems

Tod Burtchell — Wed, 18 Sep 2024 15:45:19 +0000

NetFoundry

Resources

Case Study

TZ Deploys NetFoundry Cloud To Remotely Manage Its Smart Locker Systems

Case Study

TZ develops end-to-end integrated smart connected locker solutions that enable companies to manage secure access, streamline workflows, and utilize transactional data for enhanced productivity. Offering value-added services such as remote management capabilities, TZ allows businesses to manage, monitor and control their connected lockers from anywhere, improving efficiency and reducing operational overhead. As a leader in intelligent locker design, TZ supports agile workplaces with solutions for employee storage, package delivery, asset management, and tracking. Their notable clients include Bank of America, Apple, Microsoft, Adidas, and Schneider Electric.

Our customers don't even need to open a single inbound firewall port in order for TZ to remotely manage our software which is deployed on their networks. This greatly strengthens security for our customers, and streamlines their operations. For example, InfoSec reviews which historically can take weeks became single-meeting events.

JOHN WILSON, CEO, TZ Limited

Case Study Highlights

Zero trust third party customer access

Private, zero trust IoT fabric renders all smart locker systems and server side assets invisible to the internet, eliminating open inbound ports.

Operational excellence and satisfaction

Automated provisioning, remote management, and service delivery processes improves customer deployment speed and uptime.

Extensive and scalable outcomes

Leveraging a global, zero trust IoT overlay network ensures uniform deployments across customers, regardless of hardware, networks, geographies or clouds.

Revolutionizing Locker Management with Integrated Software Solutions

TZ’s fully integrated platform enhances Smart Locker systems with real-time monitoring, remote management, and seamless third-party integration, addressing security and operational challenges in IoT device management and streamlining data capture across distributed networks.

Challenge

Delivering a Fully Integrated Software Platform for Lockers

TZ made the strategic decision to reposition its Smart Locker management systems to leverage growing market demand for information management systems that capture and integrate data at important exchange points in geographically distributed networks where items are deposited or collected by people. “Our new solutions positioning more clearly reflects customer demand drivers, wider market growth potential, adjacent market opportunities, and core business capabilities,” TZ Limited CEO, John Wilson, said.

TZ’s software infrastructure represents a fully integrated and flexible platform that starts at the localized client application at the locker bank for workflow implementation, synchronizes with an enterprise level centralized server for remote system reporting, live locker unit monitoring and integration with third party systems. With sophisticated features such as remote locker bank control and management, real-time granular transactional reporting, locker reservation, smartphone app operation, and integration with third party back-end systems for streamlined operation.

Typically companies remotely managing IoT devices face the problem of on-premise deployments due to traditional security measures such as VPNs, static IP addresses, and port forwarding, which results in costly engineering truck rolls to update software. With this type of infrastructure, customers scrutinize security threats of open inbound ports required to access the on-premise IoT devices. Ultimately, costs continue to rise due t ongoing operations and management of multiple types of customer endpoints and infrastructure.

When integrating NetFoundry Cloud into their IoT architecture, NetFoundry customers on average experience the following gains:

25%

Increase in customer revenue

33%

Expansion of global footprint

50%

Reduction in deployment costs

85%

Reduction in customer downtime

Traditional Insecure IoT Architecture

Inherit Vulnerabilities:

Any software deployed on customer networks requires open inbound firewall ports, permitted IP addresses, VPNs or bastions

InfoSec reviews are long and unpredictable. Often these reviews would mandate that additional software be bolted-on to compensate for the vulnerabilities

Static IP addresses and portforwarding are required for identification and routing adding further complexity and security concerns for customers

TZ's Zero Trust Architecture With NetFoundry Cloud

Inherit Strengths:

Secure by default private, IoT fabric (software defined network) renders all lockers and server assets invisible to the internet, closing all openinbound firewall ports

Embeds zero trust into any app or any edge instantly extending anywhere, leveraging prebuilt solutions – connect “anything to anything”

Removes the need for split tunneling, static IP addresses, and port forwarding for each kiosk, eliminating the vulnerability of changes to the store network

Enables least privileged micro-segmented app connections for data collection from IoT smart locking devices and admin access to network devices across all customers

Exceeds federal government zero trust mandates with mutual TLS (mTLS),encryption and bi-directional X.509 certificate-based identity and authentication

Solution

Achieving critical security with less complexity and cost

Switching to NetFoundry Cloud further enabled TZ to increase its infrastructure security, deliverability, and scalability with less complexity. Ingesting and transferring customer data from smart locking devices across a private, zero trust IoT fabric eliminated open inbound ports with a secure by default solution. TZ now has a far simpler and faster operating model when scaling from tens of thousands of devices.

Most traditional IoT models have an operational burden associated with deploying and maintaining customer solutions with dependencies on IP addresses, port forwarding, and split tunneling for each device. TZ engineers can directly connect to kiosks independent of a connection to Azure, facilitate remote maintenance, and the pre- and post provisioning of kiosks.

The full-mesh, self-healing, global NetFoundry Fabric is more reliable and resilient than VPN tunnels, supporting more than 300 global cloud regions compared to OpenVPN’s 35, and enables simple and scalable remote management of TZ’s global admins and heavily distributed lockers. Where RDP and SSH over VPNs across long internet links can be painful and slow for remote admins, the NetFoundry Cloud fabric optimizes latency and reliability of these sessions.

Automation, accelerated deployments, and reduction in downtime also improved the company’s time to revenue.

Improving performance and product delivery experiences

NetFoundry Cloud improved TZ’s business speed and agility to respond to changing market dynamics, while enabling new innovation across operations and customer offerings. Its multi-cloud native technology and automation provides TZ with the simplicity and scalability to grow its business anywhere in the world regardless of customer volumes, geographies and use cases.

With multi-cloud native, embedded zero trust security, TZ can now easily extend into any cloud with centralized orchestration via API or web console, giving unparalleled visibility and control. NetFoundry Cloud’s private DNS and mesh network offers near real-time intelligent routing across clouds, so there are no single points of failure as the real-time performance of the internet is a constant factor in dynamic route selection. This battle tested performance allows TZ to automate and scale solution deployments across the globe with significantly reduced TCO, network response times, and business risk, supporting growth well beyond hundreds of thousands of kiosks and lockers.

Smart routing and closer proximity to infrastructure and customers by utilizing the constantly growing coverage and reach of cloud service providers’ expansion also improved QoE. This creates new addressable markets as TZ is now able to meet country specific regulations like data privacy concerns, and became a unique selling point in the company’s value proposition and customer acquisition strategy.

Achieving Scalable Security and Performance with NetFoundry Cloud

NetFoundry Cloud enhances TZ’s infrastructure security, scalability, and operational efficiency by eliminating traditional IoT complexities, enabling seamless global expansion with reduced costs, improved performance, and faster time to revenue across thousands of smart devices and kiosks.

Leveraging NetFoundry Cloud as a trusted partner to facilitate secure customer operations will further innovate the scalable adaptability of our core software modules to address our customer use case opportunities.

JOHN WILSON, CEO, TZ Limited

Enabling Secure IoT Data Management and Business Expansion with NetFoundry Cloud

NetFoundry Cloud empowers TZ Limited to securely manage IoT data across customers, reduce operational risks, and seamlessly transition to new revenue models and service offerings, supporting their evolution from hardware manufacturer to logistics software provider.

Streamlining remote management and operations with customer expansion

Securely ingesting and transferring data from IoT devices across all customers is a priority for TZ Limited. NetFoundry Cloud will enable innovative outcome delivery at the highest level of quality while substantially reducing the risks and costs associated with meeting or exceeding these secure outcome expectations. According to Wilson, “NetFoundry Cloud has been a main enabler in our shift from a smart locker hardware manufacturer to a supplier of logistics software solutions.”

NetFoundry Cloud will also make it easier for TZ to deploy new revenue models and service offerings without building additional security and networking infrastructure.

About NetFoundry

The post TZ Deploys NetFoundry Cloud To Remotely Manage Its Smart Locker Systems appeared first on NetFoundry.

Case Study - NetFoundry

KEO Replaces VPNs with NetFoundry’s Zero Trust Network

KEO Replaces VPNs with NetFoundry’s Zero Trust Network

KEO

Case Study Highlights

Scaling Challenges Ahead

Obstacle

Opportunity

Agile Secure Connectivity

Rapid Network Deployment

Outcome

VPN Replacement with NetFoundry AppNets

Secure Connectivity Redefined

About NetFoundry

LiveView Technologies Case Study

LiveView Technologies Case Study

Distributed Video Surveillance Made Simple and Secure

Case Study Highlights

Transformative Security & Cost Efficiency

Streamlined Operations & Innovation

LVT's Network Management Obstacles

Obstacle

Challenges with large, distributed, dynamic networks

Security vulnerabilities

Significant cellular and cloud egress costs

Velocity and operational obstacles

Lack of innovation

Business Benefits of the NetFoundry-based Solution

Innovation

Cost savings

Quality improvement

Strong security

Solution & Outcome

Optimizing large, distributed, dynamic networks

Security

Cost savings

Operations excellence

Accelerated innovation

A New Era in Surveillance Technology

About NetFoundry

Top 5 U.S. MilGov Contractor Private 5G Case Study

Military Group Deploys Zero Trust Connectivity On Any Device, Any OS, Anywhere

How a Leading Contractor Embedded Secure Zero Trust Communication in Military Field Devices

Top 5 U.S. MilGov ContractorPrivate 5G.MIL™ Communications

Obstacle

Opportunity

Outcome

Securing Drone Data

Applying Zero Trust

Mission Accomplished

Solution Overview: Embedded Zero Trust Communication in Military Field Devices

Achieve Secure 5G with NetFoundry

Session-Level Microsegmentation for Military Applications

VPN Alternative: Tata Sons’ Shift to NetFoundry’s Zero Trust AppNets

VPN Alternative: Tata Sons’ Shift to NetFoundry’s Zero Trust AppNets

Case Study Highlights

Challenge

Overcoming security concerns and optimizing network design

VPN alternative and network for the future: Distributed apps and users with complete visibility and control

With NetFoundry Cloud implementation, Tata Sons experienced the following gains:

3 solutions replaced by NetFoundry Cloud

99.999%

70%

NetFoundry Cloud Zero Trust Architecture

Inherent Features By Design

Solution

Achieving critical security across the organization with AppNets, a VPN alternative

About NetFoundry

Revolutionizing iPaaS Security – Digibee’s Zero Trust Implementation

Revolutionizing iPaaS Security – Digibee’s Zero Trust Implementation

Digibee

Case Study Highlights

Accelerate innovation with faster deployments

Provide customers with the strongest API security

Better customer results without security tradeoffs

Streamlining Enterprise Integrations by Overcoming Security and Scalability Challenges

Challenge

Overcoming Operational Complexities and Security Concerns

When integrating NetFoundry Cloud into its iPaaS architecture, Digibee experienced the following gains:

22%

Top 5 U.S. MilGov Contractor
Private 5G.MIL™ Communications