Implementing network access controls at a remote-first startup

Kapiche is a feedback analytics platform that helps CX decision-makers better understand their customers at scale, delivering the confidence and insights to power better business decisions. Headquartered in Brisbane, Australia, Kapiche is a remote-first startup, so its two dozen employees need secure, remote access from anywhere in the world.

Cam Parry held various DevOps and security positions in the Australian financial and cloud services industries before joining Kapiche in 2021 at a critical moment in the startup’s journey. Within a month, the company would face its first SOC-2 audit. The responsibility for getting many of the technical controls in place fell on Parry’s shoulders. “Though my official title is Staff SRE, I look after the platform and security day to day,” Parry said. “Our audit was starting in March, and we needed a VPN or Zero Trust network access solution.”

Twingate’s magic just worked

Twingate combines enterprise-grade secure access services with consumer-grade usability to create Zero Trust security solutions that scale from the smallest startup to global enterprises. Unlike the hub-and-spoke architecture imposed by VPN gateways, Twingate’s software-based ZTNA solution creates direct, encrypted peer-to-peer connections between user devices and protected resources.

Parry considered multiple enterprise solutions like Tailscale and Google Identity-Aware Proxy, but they either lacked a suitable feature set or imposed other constraints. He also considered open source, “but things like Nebula were too low-level, and we didn’t want to run our own.”

Twingate’s free Starter tier lets individuals and small teams deploy a secure remote access solution in just minutes. Parry took advantage of this no-commitment option to see how Twingate would work with Kapiche’s architecture. While building out the proof of concept, Parry set the Twingate system a tough challenge: deploying to the unique Linux build Kapiche’s Chief Product Officer uses. 

“It just worked for him. I was waiting for the ball to drop, it was almost too easy. Twingate just worked like magic.”

Fast deployment and time savings drive returns

Kapiche saw further returns on its Twingate investment thanks to the lower administrative overhead relative to legacy VPN technology. Deployment times were faster and help desk tickets dropped dramatically. This level of savings is particularly important at a fast-moving twenty-person startup like Kapiche, where everybody’s time is overbooked.

“What is better peace of mind and better sleep worth to you?” Parry asked. “It’s like months of savings over about three years. A bigger thing for the founders is the opportunity cost. They get my time back. If there’s something that saves my time, they’ll usually go for it.”

Twingate’s focus on the customer journey improves the user experience for administrators and users alike. A unified interface and consumer-like deployment processes let organizations implement Twingate quickly. From a single pane of glass, administrators can manage access to protected resources by remote and in-office users alike. 

“When I was doing the proof of concept,” Parry explained, “I probably took half an hour to set it up. Across all other environments, it took a couple of days. Other solutions would have taken weeks going on months…. Being able to just try Twingate on our dev environments and validate the use case was one of the things that got us over the line.”

Kapiche leverages Twingate security enhancements

Twingate is more than a VPN replacement, offering a frictionless path towards implementing a Zero Trust security model. Over the three years since Kapiche deployed Twingate, the company has leveraged Twingate’s ongoing investments in internet security and analytics capabilities.

“You think of VPN as this highly restrictive environment that can’t be used for everything,” Parry said. “I want to get Twingate where it’s used for everything in our organization.”

Kapiche quickly adopted Twingate Internet Security after its release last year. Combining DNS encryption with DNS and content filtering, this new capability continuously protects users against threats on the public internet. Rich DNS log data generates analytics to help organizations reduce risks and protect end users. 

“Twingate Internet Security was exactly the kind of feature that you’re surprised gets built, but you think, ‘That’s definitely what I want.’” 

Twingate’s analytics capabilities gave Parry better visibility into how Kapiche employees used resources, including engineers whose Linux builds didn’t align with the company’s new access control policies.

Ephemeral Access is another recent release that Parry plans to adopt. Twingate customers can specify expiration times for resource access. By default, Ephemeral Access offers a choice of thirty, sixty, or ninety-day windows, but administrators can set the timer to go off much sooner or later.

“The expiring policies move things towards the least privilege model,” Parry said. “With those kinds of features, I can go off and do something else because I know Twingate’s going to help me trust the ecosystem.”

Learn more about how Twingate’s secure access solution can enhance your security ecosystem, or try it yourself by joining our free Starter tier for individuals and small teams.