HackerTrans
TopNewTrendsCommentsPastAskShowJobs

warcloud

no profile record

comments

warcloud
·3 anni fa·discuss
Hey Tudor,

I really like the concept and I think it could be the future of corporate access in a way, but I'm trying to look at this through a security lens. I think my main concern with this would be around potential unauthorized access and the impact that might have on an organization. If my target market for this is enterprise clients, I would go to great lengths to ensure that the only person who could access this virtual phone, is the user that's intended to access it.

I'll try to keep this short, but here are some ideas I think would really boost adoption and practicality:

1. IP Whitelisting In the portal, users should be able to add a VPN gateway IP or users home IP to an allowlist at the very least.

2. Zero Trust integration The goal here is to be able to enforce device/user identity restrictions in a way that only certain devices/users have access to their virtual smartphone.

3. Management Plane With the above in mind, it might make sense to have IT/Management configure the whitelisting/user certificates for ZTNA in a management portal, so there is separation of duties here.

With the above feature requests in place, I would then add a 3rd line item on the pricing page for "Enterprise Pricing" with a "Contact us for a quote" option.

For my use case, and I think others may have a similar use case, I would like to use this for my MFA applications and various other internal applications, but if there's no way to restrict access to an individual user, this is essentially a huge security risk from a business standpoint.

Hope you find this useful!