What is Zero Trust
Platform
- Security, Authorization & Access Controls
  Provides CASB, Malware Defense and DLP Across All Users, Devices & Resources
  - Secure Access Service Edge
    The most advanced SASE and Zero Trust platform that allows users to work from anywhere with fast and secure connections to all applications
  - Adaptive Access Policies
    Provides Continuous Conditional Access to Apps, Data & Services
  - Criteria-Based Access Policies
    Provides Role-Based Access to Sensitive Apps & Data
  - ChatGPT Risk Module
    Monitors and Secures User ChatGPT Conversations
  - Malware Defense
    Prevents Ransomware & Device Infections
  - Data Loss Prevention
    Ensures Sensitive Information is not Lost
  - RBI and Browser Isolation
    Provides Contractors, 3rd Parties & BYOD Secure Access to Resources
  - Device Posture Checks
    Including Anti-malware, Firewall & Disk Encryption for Compliance
  - SSL Decryption
    Ensures Policies & Protection Apply to Encrypted Content
  - Secure Mobile Users
    Automatically & Transparently Secure All Traffic From Devices In & Out of the Office
  - Outbound Firewall Protection
    Extends Beyond the Physical Network Perimeter
  - DNS Security
    Quickly Secures BYOD Networks with Simple Configuration
- Application & Data Discovery
  Clearly Understand What Needs Protection
  - CASB
    Provides In-App Controls for Granular Access Decisions
  - Built-in Resource Catalog
    Enables Classification of Protected Apps and Services
  - Asset & Device Catalog
    Ensures Devices are Healthy, Compliant & Secure
  - Resource Labeling by Type & Security Objective
    Enables Risk Assessments and Understanding Business Impact of Sensitive Resources
  - Automatic Resource Discovery & Classification
    Reduces Overhead on Security Teams and Identifies Shadow IT
- Federated Identity Provider Integration
  Eliminates Unauthorized Users and Provides Role-Based Access Policies
  - SSO Identity Providers
    Integrates with Identity Providers Including Azure AD, Okta, Ping, SAML, OIDC
  - Step-Up Authentication
    Ensures the Right Level of Identity Confidence When Accessing Sensitive Resources
  - Group-Based Policies
    Leverage Okta, Azure AD and SAML Providers to Simplify Creation & Management of Security Policies
  - SSO for Legacy Apps
    Ensures Modern Authentication is Performed Even When Apps Do Not Support It
  - Supports Multiple Concurrent Identity Providers
    Authenticate Users Across Multiple Domains
- Alerting, Auditing, Logging & Reporting
  Provides In-Depth Detailed Visibility For Security Teams Across All Users, Devices & Transactions
  - Detailed Logging and Reporting
    Provides Visibility for Every Resource Transaction
  - Risk & Threat Reports
    List Infected Devices & High Risk Users
  - Digital Experience Management
    Provides Insights Into End-user Experience While Leveraging Business-critical SaaS Applications
  - Next-Gen Incident Dashboard
    Monitor and Instantly Address Security Threats
  - ChatGPT Risk Module
    Controlled Use of ChatGPT With Security and Monitoring
  - SIEM Integration
    Ensures Logs Are Copied to External Databases
  - Splunk Enterprise Security Add-On
    Automatically Populate Your Splunk Dashboards With Valuable Data
  - Integrates with Your Security Stack
    Including ICAP, Proxy Chaining and Log Forwarding
- Cloud Security & Connectivity
  Easily Protect Apps & Data Across SaaS, Cloud & Datacenters
  - iboss Zero Trust SD-WAN
    Streamline Connectivity & Security with iboss Zero Trust SD-WAN
  - Azure Cloud Security Gateways
    Extend the Security Edge Natively, Ensuring Robust Protection While Reducing Backhauling Costs
  - iboss ZTNA VPN Co-Pilot
    Provides a Transparent and Seamless Transition From VPN to ZTNA
  - Connect Organization Owned Devices
    Provides Access & Ensures Compliance Checks
  - Connect SaaS Apps
    Including O365 & Teams to Offload Overloaded On-Prem Proxies
  - Connect Cloud Providers
    Including AWS & Azure to Protect Multi-Cloud Resources
  - Connect On-Prem Resources
    Within Datacenters with Drop-In Proxy Replacements Eliminating High Renewal Costs
  - Terminal Server Protection
    With Unique Policies & Logging for Each User
  - IPsec & GRE Tunnels
    Provides Branch Office Local Internet Breakouts to Cloud Security
  - Private On-Prem Gateways
    Extends the Security Service Edge into the Datacenter to Protect Local Resources
  - Offload MPLS
    MPLS & SD-WAN Become More Efficient with Cloud Security
  - Dedicated Cloud IPs
    Enable Resource Anchoring to Ensure Proper Authorization & Third-Party Integration
Industry
- Mitie Switches to iboss For Fast and Secure Connections
  Mitie, a Global Provider of Smart Spaces, successfully migrates 8,500 devices from Zscaler to iboss in under 3 weeks.
  View Case study
- Business
  - Private Access VPN Replacement
    Replace VPN with Zero Trust Network Access allowing users to connect to private applications from anywhere
  - Cloud-Based Branch Office Web Security
    Eliminate data backhaul to on-prem appliances from remote offices
  - Microsoft 365 Features & Integration
    Native Microsoft integrations including Office 365, Microsoft Cloud App Security CASB and Azure
  - Stream Cloud Logs to Any External SIEM
    Gain visibility into web activity by streaming real-time log events directly from iboss cloud to your existing logging database or SIEM
  - Ensure GDPR Compliance
    The iboss cloud allows admin configurable zones to ensure cloud security is applied while meeting regulatory requirements
- Healthcare
  - For Healthcare
    Fast and Secure Connectivity from Anywhere, Designed for Healthcare
  - Secure Access Service Edge
    The most advanced SASE and Zero Trust platform that allows users to work from anywhere with fast and secure connections to all cloud applications
  - Private Access VPN Replacement
    Replace VPN with Zero Trust Network Access allowing users to connect to private applications from anywhere
  - Microsoft 365 Features & Integration
    Native Microsoft integrations including Office 365, Microsoft Cloud App Security CASB and Azure
  - Stream Cloud Logs to External SIEM
    Gain visibility into web activity by streaming real-time log events directly from iboss cloud to your existing logging database or SIEM
  - Integrates with your existing security stack
    Easily integrate iboss cloud with your existing workflows using a 100% open API
  - Terminal Server Protection in the Cloud
    User based policies and reporting for Windows Terminal Servers
  - Make MPLS and SD-WAN More Efficient with Cloud Security
    Send internet traffic directly to the cloud from branch offices to alleviate this load from private site-to-site connections
  - Data Loss Prevention
    Secure sensitive data with data loss prevention
- Finance
  - For Finance
    Fast and Secure Connectivity from Anywhere, Designed for Financial Institutions
  - Secure Access Service Edge
    The most advanced SASE and Zero Trust platform that allows users to work from anywhere with fast and secure connections to all cloud applications
  - Private Access VPN Replacement
    Replace VPN with Zero Trust Network Access allowing users to connect to private applications from anywhere
  - Microsoft 365 Features & Integration
    Native Microsoft integrations including Office 365, Microsoft Cloud App Security CASB and Azure
  - Stream Cloud Logs to External SIEM
    Gain visibility into web activity by streaming real-time log events directly from iboss cloud to your existing logging database or SIEM
  - Integrates with your existing security stack
    Easily integrate iboss cloud with your existing workflows using a 100% open API
  - Terminal Server Protection in the Cloud
    User based policies and reporting for Windows Terminal Servers
  - Make MPLS and SD-WAN More Efficient with Cloud Security
    Send internet traffic directly to the cloud from branch offices to alleviate this load from private site-to-site connections
  - Data Loss Prevention
    Secure sensitive data with data loss prevention
- Education
  - Student Risk Module Identifies Threats
    Safeguard Student Risk to monitor signs of cheating, suicide, drug use, bullying, violence, and mass shootings, to protect students & schools
  - Web Filtering for CIPA Compliance
    Streamline web filtering and CIPA compliance for students whether on campus or at home
  - Granular Student Web Activity Reports
    Generate detailed web activity history reports for any student which includes on-campus at home Internet use
  - YouTube and Social Media Controls
    Safe access to Google, YouTube and social media including Safe Search enforcement
  - Automatic Safe Search Enforcement
    Enforce Safe Search across search engines including Google, Bing, Yahoo and YouTube
  - Create Teacher and Student Based Policies
    Flexible filtering polices for teachers vs. students across any device on or off network
  - Cloud Web Security for One to One Initiatives
    Easily take home devices in the cloud to ensure CIPA compliance at all times
  - Ensure Fast Connections During State Testing
    Achieve seamless and uninterrupted state testing
  - iboss Classroom Management
    Visually monitor the activities of all of your students, from any location
- Government
  - For Government
    Fast and Secure Connectivity from Anywhere, Designed for Government
  - Secure Access Service Edge
    The most advanced SASE and Zero Trust platform that allows users to work from anywhere with fast and secure connections to all cloud applications
  - Complete Data Isolation & Extensible Platform for Government Entities
    The best choice for government entities for fast and secure connections for users from anywhere with a SASE platform that completely isolates network data traffic
  - Private Access VPN Replacement
    Replace VPN with Zero Trust Network Access allowing users to connect to private applications from anywhere
  - Microsoft 365 Features & Integration
    Native Microsoft integrations including Office 365, Microsoft Cloud App Security CASB and Azure
  - Stream Cloud Logs to External SIEM
    Gain visibility into web activity by streaming real-time log events directly from iboss cloud to your existing logging database or SIEM
  - Integrates with your existing security stack
    Easily integrate iboss cloud with your existing workflows using a 100% open API
  - Terminal Server Protection in the Cloud
    User based policies and reporting for Windows Terminal Servers
  - Data Loss Prevention
    Secure sensitive data with data loss prevention
Use Cases
- Replacement Use Cases
- Replace VPN with ZTNA
- Replace Proxy with SSE
- Replace VDI with Browser Isolation
Resources
- Award Winning Cloud Security Platform
  The iboss Zero Trust Secure Access Service Edge is consistently recognized as an industry leader in cloud security. Our patented containerized cloud architecture ensures secure, fast and reliable connectivity to cloud applications from any device, from any location.
  View Awards & Recognition
- Cloud Data Centers
  View Global Cloud Points of Presence that deliver the iboss Zero Trust SASE
- Cloud Status
  View real time status of the global Zero Trust Security Service Edge
- News
  See iboss in the latest news
- Blog
  Latest insights on Zero Trust Security Topics
- Events
  Join us for upcoming events and webinars
- FAQ
  Get answers to frequently asked questions
- Solution Briefs
  Detailed solution briefs covering iboss Zero Trust Security Use Cases
- Reviews
  Recognized by industry experts as the leading Zero Trust Security Platform
- Case Studies
  Learn how the iboss platform has been leveraged by leading organizations around the world
- Cloud Compliance
  The iboss global cloud fabric meets industry standards and certifications, including SOC1, SOC2 and ISO compliance
- Patents
  The iboss platform is protected by over 250 issued and pending patents
- Demo Videos
  View videos and demos of the iboss Zero Trust Platform
- Awards
  The most award winning Zero Trust Security Service Edge
- Careers
  Join the iboss team
Partners
- iboss Partners
  Partnering with iboss for Success
- Technology Alliances
  The iboss Cloud Platform extends capabilities with leading Technology Alliances Partners
- iboss MSP
  Scale your MSP offering by leveraging iboss to secure Internet access in the cloud
Get Demo
Get Pricing

Replace VDI with Browser Isolation

The iboss Zero Trust SASE replaces VDI with Browser Isolation
to improve security and reduce costs

Download this Solution Brief Download PDF

CHALLENGES

Legacy VDI is typically used to protect sensitive resources in high-risk situations where data loss is more likely to occur. For example, with VDI, Call Center agents interacting with customer data can do so through a VDI pane-of-glass preventing data from touching agent devices. This is important for security and compliance regulations such as GDPR, which require data to remain within geographical regions. If Call Center agents are not located within GDPR regions, VDI can allow them to interact with the customer data while keeping the data compliant and remote. VDI is also used for contractor and third-party access to sensitive resources so that data from those applications do not leave the organization and land on untrusted devices.

However, VDI is expensive to deploy and manage and requires a lot of infrastructure and subscription costs. To make things worse, hosting the infrastructure necessary to run VDI is even more expensive in high-cost regions, such as India or Asia, where major Call Centers are operated. In addition, VDI does not provide security and visibility as users interact with resources, as connections within the VDI session do not run through a deep-content inspection proxy. This increases risk due to uncontrolled and unmonitored access.

PAIN POINT

VDI Infrastructure is Expensive – VDI requires expensive infrastructure and data center space to operate

iboss SOLUTION

Replace VDI with Browser Isolation – Browser Isolation eliminates the need for infrastructure and data center space reducing both CAPEX and OPEX substantially

KEY BENEFITS

Quickly replace VDI with Browser Isolation to greatly reduce infrastructure costs related to VDI

Consolidate point products such as VPN, Proxies, and VDI with ZTNA, SASE, and Browser Isolation for lower costs

Provide isolated VDI-like Browser Isolated sessions to Call Center agents instantly, in any region, to reduce risks and improve security

Provide contractor and third-party access to specific resources through Browser Isolation to prevent sensitive data from leaking to untrusted guest devices

Gain visibility from detailed logging for every interaction between users and sensitive private resources within the isolated browser session for better security

Eliminate the need for third parties to install VPN software to gain access to private resources by leveraging Browser Isolation instead

SOLUTION

The iboss Zero Trust Secure Access Service Edge is an advanced security solution that completely replaces the functionality delivered by legacy VDI with a global consolidated cloud security service that includes Browser Isolation. Browser Isolation is the modern replacement for VDI and requires no infrastructure deployments. Browser Isolation uses the end-user’s browser to form a VDI-like interface to authorized applications. And because the iboss Zero Trust SASE includes ZTNA, CASB, malware defense, compliance policies, and logging, all interactions inside the isolated browser session have security applied and log events generated for visibility.

Browser Isolation supports SSO with MFA so that users can be authenticated before gaining access to sensitive resources. Data from those resources never touches end-user devices ensuring data remains safe. The iboss Zero Trust SASE includes Browser Isolation that is available everywhere, instantly, which results in fast time-to-value as the need to purchase, deploy and manage infrastructure is eliminated. The costs associated with VDI infrastructure are also eliminated, substantially reducing costs.

KEY CAPABILITIES

Provide VDI-like access to any resource through Browser Isolation to prevent data loss
Connect Call Center agents to sensitive resources through a pane-of-glass to ensure data remains in-region compliant and reduce the risk of data loss
Connect contractors and third parties with SSO to private resources, with data separation, without the need to install VPN software
Consolidates VPN, Proxies, and VDI into a single solution that includes ZTNA, Secure Access Service Edge, and Browser Isolation
Includes CASB, malware defense, DLP, Exact Data Match, compliance policies, and logging for all interactions with sensitive private resources

PAIN POINTS

Pain Point	iboss Solution
VDI Infrastructure is Expensive – VDI requires expensive infrastructure and data center space to operate	Replace VDI with Browser Isolation – Browser Isolation eliminates the need for infrastructure and data center space reducing both CAPEX and OPEX substantially
Call Center agents interact with high-risk customer data – Call Center agents need to support customers by accessing sensitive data, but the risk of data loss, breach, or compliance violations is high	Browser Isolation Provides Isolated Access – Browser Isolation completely separates the data and application from Call Center agents through a pane of glass preventing data from leaking to unauthorized locations.
Contractors Need to Install VPN for Access – Contractors need to install VPNs to gain needed access to sensitive resources, but the risk is high for data loss	Browser Isolation Provides Agentless SSO Access – Browser Isolation can authenticate and provide access for contractors with no software installs while ensuring data remains within the organization by protecting it with a pane-of-glass
VDI Provides little Access Security + Visibility -When users access resources through a VDI session, no security is applied to those interactions, and no log events are generated due to a lack of proxy capability	Browser Isolation + SASE - The iboss Zero Trust SASE runs all Browser Isolated sessions through the Secure Access Service Edge, which applies security and generates log events for all interactions within the isolated session.

USE CASES/BUSINESS VALUE

Use Case/Challenges	Solution Description	Benefits
Need to provide sensitive customer data access to Call Center agents	The iboss Zero Trust SASE provides Browser Isolation which separates customer data from Call Center agents to reduce the risk of data loss.	Quickly grant Call Center agents access to apps and data they need to support customers without increasing the risk of breach or data loss.
Need to eliminate VDI infrastructure to reduce costs	The iboss Zero Trust SASE includes Browser Isolation which does not require any infrastructure and is delivered directly from the cloud as a service.	Substantially lower costs from VDI infrastructure and the data center space required to operate it.
Need to eliminate or reduce the data center footprint.	Because the iboss Zero Trust SASE Browser Isolation runs within the iboss service, it requires no data center space. Infrastructure related to VDI can be eliminated by reducing or eliminating the data center footprint.	Substantially lower operating and infrastructure costs as well as reduced management overhead.
Need to gain logging visibility and apply security to all interactions within a VDI session	The iboss Zero Trust SASE Browser Isolation capability runs through the iboss Secure Access Service Edge and automatically benefits from CASB, malware defense, compliance controls, CASB, and logging.	Reduce security risk and increase compliance with increased security and visibility.
Need to allow contractors and third parties access to sensitive resources without the need for a VPN	The iboss Zero Trust SASE provides third-party access through Browser Isolation which supports SSO via Azure, Okta, Ping, or any SAML capable Identity Provider. Isolated sessions are VDI-like, prevent data from touching third-party devices, and only provide access to authorized resources. Browser Isolation eliminates the need for third parties to install VPN software as access is granted through a browser.	Reduce or eliminate the cost of expensive infrastructure related to VDI and replace it with instant Browser Isolation delivered by the iboss Zero Trust SASE. Prevent data from leaking to untrusted devices. Connect contractors without VPN software installs.

TECHNICAL SOLUTION

VDI has been the solution used to connect users to high-risk applications when the risk of data leakage is high because it can provide access through a pane-of-glass that separates the application and data from the user. Although it is a powerful mechanism to reduce risk, it requires substantial investment in infrastructure and data center space. VDI also does not natively support deep-content security or logging because it is a point product that lacks a proxy.

The iboss Zero Trust SASE can solve the issues related to VDI by delivering the same capability through Browser Isolation. Browser Isolation separates users from sensitive resources with a pane-of-glass, just like VDI, except it uses the end user’s browser to provide isolated access. This prevents the application and data from touching high-risk users and devices to reduce the risk of breaches and data loss.

In addition, VDI does not provide visibility or security while users interact with sensitive resources. Because iboss Browser Isolation is part of the iboss Zero Trust SASE, all connections automatically have protection applied, including CASB, malware defense, DLP, Exact Data Match, compliance policies, HTTPS decrypt and logging at scale and delivered in the cloud.

iboss’ Zero Trust Secure Access Service Edge

A Single Unified Edge – Eliminating VPNs, VDIs, & Legacy On-Prem Proxies

The iboss Zero Trust SASE consolidates VPNs, Proxies, and VDI into a single solution to reduce complexity and increase security while reducing costs. ZTNA capabilities within the iboss Zero Trust SASE support SSO authentication, including MFA, and will perform SAML SSO before access to a resource is allowed. This allows SSO to be extended to legacy applications and services that do not support it by allowing iboss to perform SSO before access is granted. In addition, CASB, malware defense, compliance policies, DLP, and logging are applied to every connection to increase security, compliance, and visibility.

A Complete Platform: ZTNA + Secure Access Service Edge

Providing both Connectivity and Advanced SaaS Security Services

The iboss Zero Trust SASE provides extensive network and security capabilities that completely replace VPN, Proxies, and VDI with ZTNA, Secure Access Service Edge, and Browser Isolation. This increases security, improves the end-user experience, consolidates technology, and substantially reduces costs.

iboss SASE Benefits & Use Cases

Replaces legacy VPN, proxy appliances and Virtual Desktop Infrastructure (VDI) with a single service

Enhances security with inspection of all content including files, data, and cloud application traffic

Connects users to applications in the office automatically

Eliminates proxy and security appliance bloat and renewal costs

Eliminates costly proxy appliance mgmt. overhead

Reduces complexity, cost & operational overhead related to managing network security infrastructure

Connects call center agents, contractors and guests through a pane of glass to prevent data loss

Increased effectiveness of network & security staff

Allows centralized security policies to protect all transactions and sensitive cloud data