A little less than a year ago we white-boarded the vision for "NAC for SaaS", though we didn't have a name for it at the time. Our goal was to find a way to bridge endpoint posture with enterprise SaaS applications like Box, Salesforce, Google Drive and NetSuite in a generic and extensible manner. That initial whiteboard session has spawned many more. Fueled by copious quantities of coffee, we've spent many months building and refining this solution. Several iterations and one patent application later, we think we've got a pretty cool solution.
 |  |  |  |
The state of SaaS security has evolved but still remains strongly focused on authentication and data. As no SaaS application can be accessed without a device of some type, it's important that organizations ensure those PCs, Macs and mobiles accessing their SaaS applications are secured with antivirus, personal firewalls and disk encryption, and not compromised with malware like key loggers and Remote Access Trojans.
One of the ways that SaaS has improved productivity is by allowing employees to access their work from anywhere on any device. However, this freedom comes at the cost of IT visibility and control. SaaS is the logical extension of BYOD since most work is done online. Gears is designed to work with BYOD deployments by providing important endpoint security visibility, malware protection, and policy enforcement without requiring any installation by the end user. So it made sense that we should integrate the two.
If you've followed our release blog posts for the last few months, you may have noticed that we've made several aspects of 'NAC for SaaS' available. Our latest update rounds-out the solution and is frankly pretty exciting.
Introducing Gears Client Certificate Integration
Our initial 'NAC for SaaS' release used our new browser cookie API, and later releases iterated on this concept. Our latest update introduces an entirely new integration method using client certificates. With some inspiration by the team at Adallom, we found an easy way (for the customer), to reliably and uniquely identify each Gears endpoint, whether it is managed by the installed Gears agent or simply runs our dissolvable client. By combining this unique identification with our rich cloud APIs, Gears is now able to integrate endpoint posture with any application that uses a browser. No browser plugins to install, no Java or ActiveX to run, it just works. The process is nearly invisible to the end user and is incredibly simple for IT administrators to configure (it's literally one click).
The first integration is with the aforementioned Adallom (these guys really know SaaS security) and we sincerely enjoy working with them. Their team is just as passionate as ours — time zones didn't seem to matter as we were all working around-the-clock to get this ready before RSA. As mentioned above, enabling the integration in the Gears console is just one click:
Checkbox to Enable Client Certificate Integrations
Contact us if you're interested in learning more about the integration or want a copy of the demo video showing the Adallom integration in action.
Some of you may have figured out by now that this can be used for much more than SaaS, and you're right! We've already integrated with Check Point using the cookie API and are now working with Check Point, Pulse Secure (FKA Juniper), Avaya, F5 and others to also use the client certificate so Gears can be integrated without any VPN helper like Java, ActiveX or a browser plugin!
 |  |  |
We're really excited about all the new opportunities this has created and we hope you're excited too. Look for documentation, demo videos and more soon. In the mean-time, contact us if you'd like to get more information about integrating with Gears this way, what integrations are planned, or just to see the demo videos.
