NetFoundry Cloud: Simplifying Zero Trust Networking Deployments

NetFoundry Cloud: Simplifying Zero Trust Networking Deployments

NetFoundry | NetFoundry Cloud: Simplifying Zero Trust Networking Deployments

NetFoundry Cloud is a comprehensive, enterprise-grade Network-as-a-Service (NaaS) solution designed for seamless deployment, configuration, and management of zero trust overlay networks powered by the NetFoundry Ziti platform and architecture. Widely adopted by the open source OpenZiti community, NetFoundry Cloud supports development, prototyping, and production deployment of OpenZiti solutions, even in highly secure and mission-critical environments.

Harnessing the global innovation of OpenZiti, NetFoundry Cloud provides a robust NaaS designed for IT and OT applications with stringent security demands. As a fully managed service, NetFoundry handles all hosting, updates, maintenance, and security, allowing organizations to deploy secure, high-performance overlay networks instantly across the programmable NetFoundry Fabric—without the need for additional infrastructure or hardware.

This resilient, scalable service significantly reduces the cost, time, and complexity of implementing zero trust internet overlays, enabling businesses to focus on their core objectives while benefiting from enhanced security, streamlined scalability, optimized performance, and complete network visibility.

Instant Secure Networks

Unlock secure, high-performance connectivity with NetFoundry Cloud, the enterprise-grade NaaS solution that deploys zero trust overlay networks effortlessly.

NetFoundry vs DIY

Forget the complexities of DIY: NetFoundry Cloud simplifies deployment, management, and compliance with zero trust principles and global reach, while cutting costs and reducing risk.

NetFoundry Cloud Advantages

NetFoundry Cloud drastically simplifies secure networking compared to traditional private self-managed networks. Companies must carefully consider the challenges of building and operating their own infrastructure and networks given the complexity of today’s hyper-connected world and constant exposure to security risks. Here are some advantages of using NetFoundry Cloud over traditional DIY (Do It Yourself) in-house approaches:


Ease of Deployment

DIY: Requires significant time and expertise to manually configure and deploy network components across multiple cloud environments.


Multi-Tenant and OEM/White label

NetFoundry Cloud: The NetFoundry platform is designed to be EOMed and embedded in physical and software products. It is geared toward MSPs, software companies and smart connected product manufacturers who want to build zero trust connectivity into their products and services to deliver to clients. This includes providing a multi-tenant platform with a multi-account structure and RBAC, per customer PKI with the ability to integrate individual customer identity and 3rd party tools seamlessly, extensive logging and auditing, centralized consumption, reporting and billing, high automation and APIs, as well as the ability to white label and brand the product with flexible pricing to fit your commercial Go-To-Market strategy.

DIY: Requires custom solutions for multi-tenancy, RBAC, PKI/integrations, logging, billing, APIs, and white labeling.


Cost Efficiency

NetFoundry Cloud: Reduces costs with a managed service model, eliminating the need for extensive in-house resources and ongoing maintenance. NetFoundry provisions, configures, manages, and upgrades the infrastructure, including OS, Ziti software installations, and NetFoundry-hosted controllers and routers.

DIY: High initial setup costs and ongoing expenses for infrastructure, maintenance, and skilled personnel.


Scalability

NetFoundry Cloud: Seamlessly scales with automatic resource adjustments based on demand, ensuring optimal performance and cost-efficiency. It supports over 150 million fabric sessions weekly.

DIY: Manual scaling is complex and resource-intensive, requiring careful planning and execution.


High Availability

NetFoundry Cloud: Built-in redundancy, load balancing, and multi-region replication ensure high availability and reliability, with daily backups and disaster recovery (DR) across sites for high SLAs.

DIY: Ensuring high availability requires significant expertise and resources to implement and maintain redundancy and failover mechanisms.


Security

NetFoundry Cloud: Comprehensive security services including IAM, encryption, DDoS protection, and zero trust principles are built-in and managed. Production and development systems run in ‘dark networks’ with no inbound ports, with administrative access ephemeral based on JIT/JEA policy.

DIY: Implementing and maintaining robust security measures requires extensive knowledge and continuous effort.


Global Reach

NetFoundry Cloud: Utilizes a global network of data centers for low-latency routing and edge computing, enhancing performance and user experience. Controllers and edge routers can be deployed in several cloud providers’ data centers or self-hosted. Networks can also be geographically constrained and deployed locally for sovereignty.

DIY: Establishing a global presence requires significant investment in infrastructure and expertise in managing distributed networks.


Simplified Management, Visibility, and Analytics

NetFoundry Cloud: Centralized management of multi-tenant zero trust networks via a web console and APIs, with built-in telemetry, monitoring, patching, upgrades, and detailed dashboards for connection health checks, network flows, path latency, and more. Each network is dedicated to the customer and isolated from other customer networks.

DIY: Requires custom solutions for management, monitoring, and maintaining visibility across the network.


Expert Support and Proactive Monitoring

NetFoundry Cloud: Access to NetFoundry’s team of experts ensures your network runs smoothly and efficiently. NetFoundry provides 24/7 support, including technical engineering and pre-sales assistance, along with built systems and tooling to monitor networks and act on alerts.

DIY: Requires in-house expertise to troubleshoot and resolve issues, adding to operational complexity.


Self-Healing Network

NetFoundry Cloud: Configures the network to properly utilize OpenZiti self-healing capabilities, providing the least latency paths within the fabric for your traffic based on “smart routing”.

DIY: Setting up and operating a self-healing network properly requires advanced knowledge, expertise, and experience.


Accelerated Software Updates

NetFoundry Cloud: Customers can request and receive priority paths for feature requests, sometimes delivered within days, providing rapid software fixes and enhancements. This access to NetFoundry’s product and engineering teams accelerates development and ensures critical capabilities are available when needed.

DIY: Requires internal development resources to create and implement new features, which can be time-consuming and costly.


Compliance and Integration

NetFoundry Cloud: SOC2 Type 2 certified, with a legal framework and SLAs in place. Offers pre-built integrations with leading IdP/CAs, IAM, directories, SIEM/SOC/SOAR, EDR, SSO, and more, simplifying compliance and integration.

DIY: Achieving and maintaining compliance and integrating with various enterprise systems requires significant effort and expertise.


Liability Protection

NetFoundry Cloud: The Cyber Resilience Act (CRA) and the Product Liability Directive (PLD) are two cornerstone regulations designed to address security, safety, and accountability. NetFoundry’s zero-trust platform helps companies meet these by embedding secure, scalable networking into digital products, reducing vulnerabilities and ensuring compliance.

DIY: Without zero trust designed in, companies must bolt on software to comply. This leads to complex security management, higher operational costs, and increased risks.

NetFoundry Cloud Feature Summary

Aspect
NetFoundry Cloud
Unique Capabilities
Ease of Deployment
Quick with orchestration tools.
NetFoundry Console & Orchestration Platform
Cost Efficiency
Lower costs, managed service.
Rapid provisioning, volume purchase power of public cloud computing power, economies of scale
Scalability
Automatic scaling.
Proven, tuned, optimized NetFoundry Fabric
High Availability
Built-in redundancy and DR.
Over 140 POPs available
Security
Comprehensive, managed security.
Configured with no open inbound ports; Services including IAM, encryption, DDoS protection
Global Reach
Global data centers, low-latency.
Over 140 POPs available
Management and Analytics
Centralized with built-in tools.
NetFoundry Console & Telemetry; automated monitoring and alerts
Support and Monitoring
24/7 expert support.
Experienced team
Self-Healing Network
Utilizes self-healing capabilities.
Optimized set up of Ziti self-healing features
Software Updates
Rapid updates and fixes.
Automated processes
Compliance and Integration
SOC2 certified, pre-built integrations.
Hardened and compliant environments
Liability Protection
Secure by design, ideal for CRA and PLD compliance.
Zero Trust connectivity that can be embedded and designed into products.

Navigating EU Regulations

The EU has introduced the Cyber Resilience Act (CRA) and Product Liability Directive (PLD) to ensure digital product security, accountability, and safety. These regulations highlight secure product standards and hold companies accountable for harm due to security flaws, making compliance essential for regulatory adherence and customer trust.

 

Overview of the Cyber Resilience Act (CRA)

The CRA mandates that connected devices meet cybersecurity standards, covering design, lifecycle maintenance, and post-market updates. It applies to IoT devices and software applications, requiring regular testing and documentation. CRA also introduces penalties for non-compliance, pushing manufacturers to uphold strict security measures.


Overview of the Product Liability Directive (PLD)

The PLD holds companies liable for defects, expanding this to include cybersecurity flaws. It eases the burden of proof for consumers and extends liability across the supply chain, covering new types of damages like data loss. Non-compliance with PLD can lead to financial penalties for manufacturers.


How the CRA and PLD Work Together

CRA proactively requires cybersecurity integration from design, while PLD reactively addresses liability when security flaws cause harm. Together, they enforce cybersecurity as part of product safety, offer consumers protection, and incentivize compliance.


How NetFoundry Supports Compliance

NetFoundry’s zero-trust solution helps meet CRA and PLD requirements by embedding security into network operations. Key benefits include:

  • Zero Trust Security: Eliminates traditional network connections to reduce attack surfaces.
  • Microsegmentation: Independently authorizes each session, protecting against lateral movement.
  • Logging and Monitoring: Provides real-time telemetry to support compliance audits.
  • Flexible Deployment: Operates across multi-cloud, hybrid, and on-premises environments.

EU Cyber Compliance

Designed for the Cyber Resilience Act (CRA) and Product Liability Directive (PLD), NetFoundry embeds advanced security into your digital products, reducing vulnerabilities and ensuring accountability.

Real-World Success Stories

Discover how industry leaders leverage NetFoundry’s zero trust solutions to enhance security, scalability, and rapid deployment.

Case Studies

  1. Leading Cybersecurity Software Provider (White Label): Within 90 days, this provider launched a white-labeled zero trust solution for their clients using NetFoundry. Instead of building, managing, and scaling their own infrastructure, they leveraged NetFoundry’s APIs, reducing time and complexity for rapid deployment at scale.
  2. Global Cybersecurity OEM: During a proof-of-concept (PoC) with a major U.S. financial client, this OEM needed NetFoundry to support a specific proxy. NetFoundry quickly developed the solution, enabling a successful PoC and deal closure, demonstrating agile, client-focused support.
  3. Marposs: Marposs used NetFoundry Cloud to develop and launch a secure, next-generation product for OT and mission critical environments. Within days, they had a working prototype, and in under a year, the full solution was deployed, transforming secure deployment in critical infrastructure.
  4. TZ Smart Lockers: TZ implemented NetFoundry to secure its smart locker systems used by global logistics providers. Using zero trust principles, they achieved seamless, scalable, secure connectivity across facilities, allowing real-time access and improved security management for distributed systems.
  5. NetFoundry’s Internal Scaling: As NetFoundry grew, manual patching became impractical. As we started developing a solution, the product (Saltstack) had a very bad CVE and with many massive vendor patching systems being publicly compromised as a result (including Cisco). Realizing we could not risk customer systems in future, we rebuilt our patching system using Ziti itself, to ensure the attack vector is impossible in future. 

Summary

NetFoundry Cloud is an enterprise-grade turnkey NaaS solution that eliminates the complexities and costs associated with building and maintaining Ziti-based overlay networks in mission-critical, highly secure environments. The solution includes comprehensive support, advanced features, and seamless integration to ensure your cloud environment is protected, efficient, and future-ready. This managed service approach provides your business with speed, agility, and cost efficiency, allowing you to focus on your core business objectives while enjoying enhanced security, scalability, performance, and visibility.

Secure NaaS Solution

With a fully managed service approach, NetFoundry Cloud delivers agility, scalability, and cost savings—enabling you to focus on business growth while ensuring robust security and seamless performance.

NetFoundry Cloud vs Do-It-Yourself Comparison

Aspect
NetFoundry Cloud
DIY
Ease of Deployment
Quick deployment with orchestration software and APIs; automation tools or YAML/JSON.
Requires significant time and expertise for manual configuration and deployment.
Cost Efficiency
Managed service model reduces costs by eliminating in-house resources and maintenance.
High setup costs and ongoing expenses for infrastructure and skilled personnel.
Scalability
Automatic resource adjustments for optimal performance and cost-efficiency; supports high volume.
Manual scaling is complex and resource-intensive.
High Availability
Built-in redundancy, load balancing, multi-region replication, daily backups, and disaster recovery.
Requires significant expertise and resources for redundancy and failover.
Security
Comprehensive security services including IAM, encryption, DDoS protection, and zero trust principles.
Requires extensive knowledge and continuous effort for robust security measures.
Global Reach
Global network of data centers for low-latency routing and edge computing; local deployment for sovereignty.
Significant investment and expertise needed for managing distributed networks.
Simplified Management and Analytics
Centralized management with built-in telemetry, monitoring, patching, upgrades, and detailed dashboards.
Requires custom solutions for management and monitoring.
Expert Support and Monitoring
24/7 expert support, proactive network monitoring, and alert response.
In-house expertise needed for troubleshooting and resolving issues.
Self-Healing Network
Utilizes OpenZiti self-healing capabilities for optimal traffic routing.
Advanced knowledge and experience needed for setup and operation.
Compliance and Integration
SOC2 Type 2 certified with pre-built integrations for compliance and enterprise systems.
Significant effort required for achieving compliance and integration.
Accelerated Software Updates
Priority feature updates and rapid software fixes provided by NetFoundry.
Internal development resources needed for new features, which can be time-consuming and costly.