What is Secure Access Cloud (SAC)?

SAC is a Software as a Service platform that allows corporate IT organizations to provide secure connectivity to corporate applications and services for designated audiences. SAC allows doing the above without exposing internal networks/datacenters to risks associated with network access and provides unparalleled visibility and governance into activities that are performed by the accessing parties.

SAC Secure Access Cloud (TM) is based on Zero Trust Network principles and implements a Next Generation Access platform to deliver the benefits of Zero Trust to enterprise networks.

 

How does SAC work? 

SAC Secure Access Cloud (TM) provides brokered point-to-point connectivity by leveraging its two main components:

1. SAC Connectors - lightweight software agents, distributed as Docker Containers, that need to be deployed in the corporate datacenters (on-premises or IaaS/PaaS). Each connector can broker connectivity to multiple applications, services or workloads, providing it has the ability to connect to them internally. Connectors reach out to Points of Delivery (PoDs) of SAC Secure Access Cloud to serve the connections.

2. SAC Secure Access Cloud (TM) PoDs - cloud-based resilient and scale-able points of delivery of the service. Users that try to connect to their corporate applications / services / workloads get directed to one of these, that, in turn, brokers connectivity to the actual resource by leveraging the connection to a SAC Connector.

More details on the solution architecture can be found in this Knowledge Base article.

 

What other solutions does SAC replace?

This, actually, depends on the use-case. The goal is to provide secure connectivity to applications/services for specific designated parties. This goal can be achieved by using technologies, such as Remote Access VPN, SSL VPN, Dedicated Proxy, Network / Application Firewalls, Privileged Access Management, etc...

Due to its unique approach, in addition to replacing the solutions mentioned above, SAC can also eliminate the need to perform various Network Segmentation procedures, such as creating Demilitarized Zones (DMZs), separating cloud environments into outfacing and internal Virtual Private Clouds (VPCs), etc...

 

How SAC is different from other solutions?

Access / connectivity provided by SAC is based on Zero Trust and Software Defined Perimeter principles, introducing a paradigm shift in a basic approach of "In order to access application/service, I need to have network connectivity to it".

The fundamental differences between these approach and the traditional Perimeter Security one are:

Service Cloaking - no DNS information or "visible" IP ports of protected assets are exposed to external networks.

Pre-Authentication / Authorization - users and devices need to undergo authentication / authorization vs our service prior to being provisioned with an ability to send even a single request to the actual protected asset

Application-Layer Access - users are only granted access at an application layer, not a network access.

In addition to the above benefits of Software Defined Perimeter approach, SAC introduces unique benefits of its own: 

Full visibility and governance into the activity - access provisioned with SAC allows full auditing every action performed by the accessing party, down to its internal elements. Automated policy enforcement can react to various actions and orchestrate complex responses.

Client-less Software-as-a-Service Platform - No need to deploy and manage either physical or virtual appliances, or endpoint agents of any kind. Supports any endpoint platform (PC, Mobile or special devices)

No changes to the existing IT Security infrastructure - there is no need to introduce any changes to the production configuration of Network Routers, Firewalls or other infrastructure elements.

100% Software Defined infrastructure - our platform is dynamically configurable by Management Portals and APIs, making it an excellent choice for any dynamic environment, such as Infrastructure-as-a-Service or Hyper-converged Infrastructure.

 

Where is SAC infrastructure hosted?

SAC infrastructure is hosted in the datacenters managed by the leading Infrastructure as a Service providers. Our system is multi-cloud, multi-region and utilizes isolated locations, such as Availability Zones, in the regions where it is deployed.

 

How many SAC Connectors do I need to deploy?

Each SAC Connector can serve connectivity to multiple IT resources for multiple users. The exact amounts actually depend on the following parameters, that should be considered for each case:

  • Segmentation of the corporate datacenters (each connector must have TCP connectivity with the resources it provides access to)
  • Resilience / redundancy - it is advised to have, at least, 2 different connectors located on different machines to serve each resource, in order to build a highly available architecture
  • Load of users' activity, amount of simultaneous sessions and bandwidth of each of them. The infrastructure the connectors are running on can scale, and the connectors are designed to use as much resources as they get access to

 

What guarantees the SLA of SAC platform?

Our infrastructure is periodically undergoing scrupulous audits by external parties and is subject to very strict certification. All audit and test reports are available upon request. 

Our state-of-the-art Continuous Delivery Pipeline, advanced Application Monitoring Infrastructure and modern, container-based dynamic back-end ensure the ability of our platform to scale for every need and to remain operational even in the most extreme conditions.

For more details on how SAC operates and protects customer data please read this KB article.

 

What do I need to get started?

Refer to "Getting Started" articles in our Help Center in order to learn how to start using SAC in your environment.