Jellyvision Strengthens Security and Streamlines Onboarding with Twingate
Jellyvision is an industry leader in employee benefits engagement, combining predictive analytics and behavioral science to make the benefits process a delightful experience. Twingate’s easy onboarding and Okta integration helped Jellyvision complete its transition from an on-premises VPN to Zero Trust.
“I feel like we live in the future now with Twingate’s software-defined perimeter."
Eli Golden
VP of Information
The value of security at Jellyvision
Handling employee information — especially financial and health information — is an enormous responsibility. Naturally, securing Jellyvision’s customer data is a top priority. Eli Golden, VP of Information at Jellyvision, takes a broad view of data security’s importance, which led him to consistently evaluate the state of Jellyvision’s security stack.
Jellyvision’s antiquated VPN required a modern replacement
Jellyvision had remote working policies before the pandemic. However, they still used legacy VPN technology to provide remote access to the company’s resources. “One primary thing I like to tell my team is technology changes every single day, never stay comfortable,” Golden said. “Up until about 2018, one thing that bothered me was that our VPN was still very much an appliance in a server room. We were just masking our IP address as if it was our office. I always thought that that felt a little bit antiquated.”
As Golden learned more about Zero Trust and software-defined perimeters (SDPs), he decided this was how Jellyvision would evolve from VPN’s aging technology.
Making the business case for Zero Trust
Golden’s team puts potential vendors through an extensive security review process. “Data is currency, security is everything,” Golden explained. “We need to make sure everything is protected and the most secure it can be.”
Because security tools don’t typically drive revenue, some teams can find it challenging to make the business case for investing in new tools. For Golden, the rigor of Jellyvision’s security vendor review process is critical to ensuring new investments in security solutions are prioritized by the business.
“At the end of the day, it’s my job to explain the need from an executive level, a budgeting level, that sometimes you have to spend money to make money,” said Golden. “Security very much falls into that realm. It benefits everyone at the company.”
Jellyvision’s selection criteria addresses the needs of multiple stakeholders, including:
Security: Can vendors document their data security practices through SOC2 or similar compliance programs?
Management: How quickly can the solution spin up in AWS, and can it migrate to other cloud platforms?
Usability: Will the vendor’s enhanced security make user access to resources more or less convenient than current systems?
Before the team found Twingate, they explored a ZTNA solution that seemed to fit their selection requirements. However, as use of the product scaled the team faced a host of new challenges.
Because their initial ZTNA solution did not offer split tunneling, all traffic (including traffic that did not need protection) was routed through a centralized chokepoint. This meant slow downs and connectivity issues for end users, and loads of tickets for Golden and his team.
Golden’s team also faced challenges with management and administration. Their new solution’s integration with Okta was weak, leading to additional admin overhead when managing users and entitlements. They also had a lackluster support experience.
Golden began to evaluate other vendors, and was able to quickly put Twingate to the test.
“Within ten minutes, we were up and running with our proof of concept. That took three months with another SDP provider. I can’t say enough how easy it was. That’s really what impressed me with Twingate.”
Strengthening Jellyvision’s security posture
Once the Jellyvision team was actively using Twingate, they were able to immediately leverage a number of security improvements. Twingate ZTNA eliminates the vulnerabilities of VPN’s hub-and-spoke topology by establishing direct, encrypted connections between each user’s device and the specific resources they need to do their work. Granular access rules give companies the control they need to protect sensitive data from constant threats.
Twingate requires no open inbound ports, enabling organizations to immediately close off exposure to the public internet and potential malicious actors.
Twingate made it easy for Golden and the team at Jellyvision to apply granular access controls including user, device, and contextual data, to their private resources. “That's such an extra level of security that we never even thought about with our traditional VPN appliance in our server room,” said Golden.
Between Twingate’s distributed network architecture and granular access control policies, Golden and the team at Jellyvision can significantly reduce the impact of any compromised credentials:
“A traditional VPN is like a moat around a castle,” Golden explained. “Once you get over the moat, you can access any room in the castle. Twingate locks every door, so even though you got over the moat, you need the key — the role you’re in and the access you’ve been granted — to get through the door.”
Because Twingate is split tunnel by default, the team at Jellyvision was able to leverage these security improvements while also giving end users an smoother, more performant experience.
Driving ROI with Twingate
Jellyvision reduced their new hire onboarding process by over 97%, going from three hours to only a few minutes. Golden’s team uses Kandji, the Apple device management software, to create zero-touch deployments on the Macs they send to new employees. The Twingate Client is already in place when the system starts, so employees can get to work right away while keeping Jellyvision’s security posture stronger than before.
Replacing Jellyvision’s legacy VPN with Twingate also streamlined user support. “Nobody really asks questions about Twingate,” said Golden. “I honestly can’t think of a single time a user has had an issue with Twingate that wasn’t caused by us needing to build an entitlement.”
Twingate’s seamless Okta integration is really that easy
Twingate’s architecture assumes that integrations are essential to the Zero Trust security model. Integrating with enterprise-class security solutions, from device security to identity and authentication management, makes Twingate the central orchestration layer for least-privilege access practices. Twingate’s native Okta integration was a particular selling point for Golden:
“We are completely bought into Okta, so having that seamless integration between Okta and Twingate really helped us out. The one area I don’t need to touch is Twingate because it’s all managed through Okta groups. Anything I change in Okta will automatically update in Twingate. It’s really that easy.”
Beyond simply the efficiency gains of the Twingate and Okta integration, deploying Twingate enabled Golden and the team at Jellyvision to apply an extra level of security to Okta itself. “Based on the entitlement they have or where their IP address is, I can actually lock out Okta applications directly through Twingate,” Golden said.
Refining Jellyvision’s access control
As Golden looks forward to the next stage in Jellyvision’s Zero Trust journey, he is considering Twingate’s enhanced security features. For example, Twingate Usage-Based Auto-Lock lets administrators set minimum usage requirements on user access. After a certain period of inactivity, the permission expires and the user must request a renewal.
“I can spend weeks and months making my network the most secure network in the world, but if I take away the wrong access from the wrong person, it looks bad on me,” said Golden. “But if there’s an automated rule that says, ‘Hey, this person hasn’t accessed this in sixty days, let’s take it off.’ That’s how we get around it. That’s really cool.”
Request a demo to see how easy Twingate’s Zero Trust Network Access solution is to integrate into your security stack, or go hands-on right now with our free Starter tier for individuals and small teams.