¶ Introduction
Exium’s Secure Access Service Edge (SASE) solution is tailored to address the complexities of secure internet access, particularly for organizations in highly regulated industries such as finance. In these sectors, strict regulatory and compliance mandates often require that internet-bound traffic originates from registered company locations, utilizing known public IP addresses. This document outlines how Exium facilitates this requirement and enhances security for remote users working outside traditional office environments.
¶ Challenge
For organizations in industries governed by stringent security and compliance standards, web and SaaS applications frequently necessitate access only from specific source IP addresses. This poses challenges for remote users who typically operate from dynamic locations, such as homes, coffee shops, or airports, where their source IP addresses differ from the company’s registered IP addresses. Additionally, some regulations may require IP addresses to be registered under the company’s name, further complicating access for remote personnel.
¶ Exium's Solution: Secure Traffic Routing
Exium’s SASE solution overcomes these barriers by allowing internet-bound traffic to be routed from sites where Exium’s cyber gateways are deployed. Here’s how the solution works:
|
|
Secure Traffic Routing via on-prem SASE Cyber Gateways |
|---|---|
| 1 |
Traffic Tunneling:
|
| 2 |
Cyber Gateway Deployment:
|
| 3 |
Source Network Address Translation (NAT):
|
| 4 |
Seamless Access:
|
¶ Benefits
| Regulatory Compliance: | Enhanced Security: | Improved User Experience: |
|---|---|---|
| Exium’s SASE solution facilitates adherence to stringent compliance requirements by ensuring that all internet-bound traffic originates from authorized company IP addresses. | By routing remote traffic through robust security protocols within the CyberMesh, organizations can ensure that sensitive data is protected from exposure to potential risks. | Remote users experience uninterrupted access to web and SaaS applications, enhancing productivity whether they are working from home, on the go, or in alternative workspaces. |
¶ Configuring Internet Traffic via on-prem Cyber Gateways
- Navigate to the MSP admin console : Go to "Companies" and select the desired company name, or access the Customer/ Client Workspace Sign In directly.
- Click on Sites → Zero Trust Paths in the left menu bar
- Select CyberGateway from drop down list
- Click on Add Trust Path, to add Trust path to Route traffic
- Click on Add Trust Path will open Trust path panel
- Add the Public IP or subnet you want to route via On-Prem CyberGateway in Network destination
- For single Public IP, Please add it in subnet format with /32 i.e. 8.8.8.8/32
- Allowed User group will have workspace selected by default. if access need to be given selected groups, you can remove workspace and select groups from drop-down list.
- Click on Save
Once configuration changes done as mentioned above, internet traffic for remote users with SASE agent will be routed to On-prem CyberGateway as per configuration.
Traffic steering configuration in admin console needs to be configured as Conditional access or Tunnel All traffic for Internet traffic routing via On-Prem CyberGateway.
¶ Conclusion
Exium’s SASE solution effectively addresses the challenges of secure internet access in regulatory-sensitive environments. By enabling seamless routing of internet-bound traffic through its cyber gateways, organizations can maintain compliance, enhance security, and ensure that remote users have consistent and reliable access to essential services. This approach reinforces Exium’s commitment to delivering innovative security solutions that meet the evolving needs of the modern workforce.
To learn more about implementing SASE, XDR, IAM/ MFA, and GRC for your organization and explore tailored solutions that meet your unique requirements, contact Exium at partners@exium.net for a consultation or demonstration. If you are ready to get started, check out our testing and onboarding process.