Secure Access Service Edge (SASE) is a modern security approach focused on keeping enterprise users safe anywhere they work and on any endpoint device they use. Zero Trust Network Access (ZTNA) is a foundational part of SASE architecture. However, current endpoint connection technologies utilize either a legacy remote access VPN or a “clientless” cloud access security broker (CASB) approach which is limited to browser delivered apps. Neither of these approaches meet the security demands of today’s diverse enterprise environments that include employees using managed (MDM) and Bring Your Own Device (BYOD) devices. In addition, SD-WAN solutions do not extend beyond the branch office without additional end-user hardware (such as a puck) for remote workers – either at home or while traveling.
Security should start at the true edge – on endpoint devices. Simply tunneling all traffic off the device to a remote server/cloud isn’t good enough. Here’s why:
Powered by the Data Management Engine, Mobolize Access enables security, routing and tunneling from the endpoint client to improve scalability, usability, and performance for SASE services (SWG, DLP, SD-WAN, MiTM, etc.) – with feature parity for all major OSs and equal support for both MDM and BYOD devices.
The Data Management Engine delivered by our on-device client software enables fine-grain capture and precision routing from the client and works seamlessly whether the device is on or off the corporate network. This results in high-performance security with limited impact on the battery, throughput, and app compatibility.
Access is a higher performing, more secure solution that improves the end-user experience by protecting and routing company data exactly where it needs to go and non-work activity direct to origin thus protecting the user against online threats and respecting user privacy.
An enterprise business partner needed to move beyond the ‘Cloud Connector Client’ model and engaged Mobolize to improve performance, reduce security risks associated with the broad attack surface of the full tunnel VPN, and gain end user trust (separation of work and personal data usage). Existing solutions only worked on managed devices to offer per app routing and split tunneling, thus limiting reach. Cloud Client Connectors tunnel all the traffic which has privacy issues for users, slows down the device and data, and some apps simply don’t work – resulting in the end users turning on and off the client as well as challenges with cost, scalability and the large attack surface they create. The Data Management Engine with Access features, enabled via Mobolize SDK, delivers precision routing of traffic by app, IP, and domain (no more managing a list of IPs that are constantly changing) and works without the need for device management (MDM). Privacy of end user personal apps and browsing is maintained as that traffic goes direct to origin. Business apps and services are micro-tunneled to exactly where they need to go while everything else runs unimpeded at full speed.