Revolutionizing iPaaS Security – Digibee’s Zero Trust Implementation

Revolutionizing iPaaS Security – Digibee’s Zero Trust Implementation

NetFoundry | Revolutionizing iPaaS Security - Digibee's Zero Trust Implementation

Digibee

Digibee iPaaS enables software engineers to build and maintain even the most complex data and systems integrations with unprecendented speed and simplicity. It serves some of the world’s largest banks, and is the prefereed iPaaS solution for 250-plus businesses, including Assai, B3, Barkley, Bauducco, GoPro, Oobe, and Payless. Digibee has embedded NetFoundry’s zero trust connectivity into their solutions for their iPaaS security.

Integrating NetFoundry Cloud into ur platform helps us obtain a competitive advantage in our ability to digitally transform our customers' business with a faster tome to market a future-proofed IT infrastructure, the strongest security, and a reduced investment in operational costs.

Case Study Highlights

Accelerate innovation with faster deployments

Integrations between the iPaaS customer infrastructure are days to weeks faster, because they are no longer dependent on nailing up VPNs, managing IP address overlap problems, or deploying bastion hosts.

Provide customers with the strongest API security

APIs are unreachable from the Internet, only accessible from Digibee’s private NetFoundry Cloud zero trust overlay, while also making the APIs just as simple to consume. 

Better customer results without security tradeoffs

Customers no longer need to open up inbound ports, VPNs or bastions in order to consume Digibee services. Digibee uses the NetFoundry Cloud platform for all networking, including APIs and remote management.

Streamlining Enterprise Integrations by Overcoming Security and Scalability Challenges

Digibee re-engineered its integration architecture to eliminate complex VPN dependencies and security vulnerabilities, enabling scalable, cost-effective connections between their infrastructure and customer pipelines while supporting exponential growth and operational agility.

Challenge

Overcoming Operational Complexities and Security Concerns

Digibee’s integration architecture is designed to enable enterprise integrations of any scale and size, unlocking organizational agility and supporting exponential growth. The platform offered a built-in API gateway, protected by cloud provider security features to avoid attacks such as DDos. In this model, Digibee utilized a bespoke solution for point-to-point, device-centric tunnels and a trust model with coarse-grained access controls, resulting in a highly manual and configuration heavy architecture. 

Due to the attack surface created by open ports required by VPNS, Digibee’s leadership and technology teams began exploring alternatives to mitigate issues with IP overlap and reduce management time to simplify the connection between their infrastructure and their customers’ pipeline. The existing architecture simply had too many limitations to scale faster, safer, or more cost-effectively. Given the fact the company had different customers utilizing the same internal and overlapping IPs, the use of site-to-site VPNs made it hard to increase the customer base easily. And multiple providers further complicated VPN management and increased the cost of doing business.

Removing these interdependencies required the company to build a more robust infrastructure as its existing architecture was operationally burdensome to administer and difficult to scale. Customers scrutinized the security threat of open inbound ports required to access local interfaces and shift data to the Digibee platform in real-time. As a result, costs continued to rise due to ongoing operations and management of multiple types of customer endpoints, leaving Digibee struggling to optimize for performance and cost.

When integrating NetFoundry Cloud into its iPaaS architecture, Digibee experienced the following gains:

22%

Increase in customer revenue

18%

Reduction in infrastructure costs

15%

Expansion of global footprint

32%

Decrease in maintenance hours

NetFoundry "Zero Trust Designed-In" Architecture

Inherit strengths

1 - Secure by Default

Secure by default private, zero trust fabric overlay renders all APIs and customer-side assets invisible to the internet, closing all open inbound firewall ports

2 - Embedded Zero Trust

SDKs enhance the ability to build zero trust access directly into apps or any edge instantly extending anywhere, instead of a host device or gateway

3 - Closed Inbound Ports

Communication is outbound only requiring no overlapping IPs, no port-forwarding, and no firewall holes. Service binding via reverse communication is only permitted by AppNet association

4 - Least Privileged Access

Least priviledged micro-segmented app connections for data collection from APIs and admin access to networks for each individual customer session

5 - mTLS and X.509

Exceeds US federal government zero trust mandates with mutual TLS (mTLS), encryption and bi-directional X.509 certificate-based identity and authentication

6 - Authentication Required

Authenticate before connect: If a registered endpoint is not permitted to access a resource, it will never communicate to, or have awareness of, the provider of the resource unless provisioned to it

Solution

Achieving critical security at scale using AppNets

The integration of NetFoundry Cloud into Digibee’s infrastructure and customer pipeline allowed the company to immediately remove its complex dependencies on VPNs, mitigate issues with overlapping IPs, and scale the onboarding of new clients and workloads (UVP) with little to no friction. Reliant upon secure and efficient customer data transport, the ability to embed zero trust networking as code enabled the company to achieve unparalleled protection and security.

The iPaaS platform now exceeds US Federal government zero trust mandates with mutual TLS, X.509 identities, and a private DNS. CloudZiti authorizes each end-to-end encrypted session for least privileged access – creating micro-segmented networks for each individual customer session. Unlike the former complexities associated with the use of VPNs that exposed the vulnerabilities of the public facing edge, NetFoundry Cloud allowed Digibee to take edges off the internet and available only to authorized endpoints without VPN clients or overlapping, whitelisted static IP addresses – and do it with code and control it all from the cloud.

Digibee’s new cutting-edge zero-trust networking architecture enabled secure L3 access to IP: PORT/PROTO or internal DNS names through AppNetsAppNets are essentially NetFoundry’s implementation of zero trust microsegmentation and includes the identities, services and policies that are configured for each NetFoundry AppNet. This allowed endpoints to exist in multiple environments, and with the help of SDKs, zero trust access could be seamlessly integrated into the iPaaS application with performant RDP and SSH. AppNets offered outbound-only communication and service binding via reverse communication. Endpoints had to authenticate before connecting, and administrators could effortlessly provision access to new servces and distribute them to other endpoints. Users could safely access high-performaing services like  live video with this private network’sadded security and performance. 

NetFoundry Cloud elimited Digibee’s complex and expensive “bolted-on” infrastructure and processes that their public-facing endpoints traditionally required. The same platform secured remote management of the company’s infrastructure, secured connections to its CI/CD and ops management and monitoring solutions, and secured networking between its servers and backend data stores with certificate-based security applied to the network layers (not just applied to the user level).

Transforming Security and Scalability with NetFoundry’s AppNets

By integrating NetFoundry Cloud and AppNets, Digibee eliminated VPN dependencies, enhanced zero trust security, and seamlessly scaled customer onboarding and data transport, achieving secure, efficient connectivity across diverse environments with automated, code-driven management.

We have significantly reduced our VPN complexity and mitigated issues related to NAT and FTP with overlapping IPs, which has enabled us to onboard new clients and workloads with as little friction as possible. NetFoundry has allowed us to scale faster, safe, and more cost-effectively, while NetFoundry Cloud's zero trust overlay mesh network provides secure provisioning, management, and networking into our solutions as pure software.

Streamlining Operations and Enhancing Security with NetFoundry Cloud

NetFoundry Cloud empowered Digibee to embed secure, cloud-native networking into its platform, simplifying customer onboarding, reducing dependencies on traditional infrastructure, and enabling agile, automated management with improved performance and reduced support costs.

Operational simplifications, automation, and maintenance

NetFoundry Cloud enabled Digibee to embed secure provisioning, management, and networking into its platform as pure software, and its cloud-native integration with every major cloud allowed the company to build and run scalable applications. This greatly reduced the time to onboard new customers and deploy workloads, while improving and simplifying the security posture of the enterprise.

The new architecture eliminated VPN and private mobile APN backhaul and the dependencies on static IPs or port forwarding. It also enabled simple remote provisioning and management for authenticated administrators, using any network, even third party WiFi. Now with private app-specific networking, Digibee can limit bespoke IT systems and extend zero trust security across many use cases to be future-ready and solve new security challenges over time. 

The cloud orchestrated software improved app performance and productivity of the company, increasing agility and automation, and decreasing support costs. NetFoundry Cloud’s Smart Routing capabilities also ensured Digibee could automatically minimize latency as endpoints and routers dynamically choose the best path available on the private, zero trust fabric. The complete, integrated solution simplified customer deployments for the company and significantly reduced maintenance and support hours.

About NetFoundry

Networking once limited application innovation and automation, with security and performance improvements often added as an afterthought. NetFoundry is transforming cybersecurity by embedding zero trust networking directly into code. Our NetFoundry Cloud solution integrates zero trust networking as software within apps, APIs, IoT devices, and critical infrastructure—rendering these assets invisible and unreachable to attackers.

As the world’s first programmable, cloud-native, zero trust network, NetFoundry Cloud delivers unmatched scale, concurrency, and performance. It empowers developers, network engineers, DevOps, and cloud teams to programmatically manage private, high-performance, zero trust networking with ease.

Built on the NetFoundry Platform and the Ziti architecture, our solution is available as open-source via the OpenZiti project, the world’s most widely integrated and trusted open-source networking platform. With NetFoundry, secure, zero trust networking is no longer an afterthought—it’s engineered directly into the core of digital infrastructure.