VPNs, or virtual private networks, are a mainstay of corporate network security (and also consumers trying to stream Netflix while pretending to be from other countries). VPNs create an encrypted channel between your device (a laptop or a smartphone) and a company’s servers. All of your internet traffic gets routed through the company’s IT infrastructure, and it’s almost as if you are physically located inside your company’s offices.
Despite its ubiquity though, there are significant flaws with VPN’s architecture. Corporate networks and VPN were designed assuming that most workers would be physically located in an office most of the time, and the exceptional device would use VPN. As the pandemic has made abundantly clear, fewer and fewer people work in a physical office with a desktop computer attached to ethernet. That means the vast majority of devices are now outside the corporate perimeter.
Worse, VPN can have massive performance problems. By routing all traffic through one destination, VPNs not only add latency to your internet experience, they also transmit all of your non-work traffic through your corporate servers as well. From a security perspective, VPNs also assume that once a device joins, it’s reasonably safe and secure. VPNs don’t actively check network requests to make sure that every device is only accessing the resources that it should.
Twingate is fighting directly to defeat VPN in the workplace with an entirely new architecture that assumes zero trust, works as a mesh, and can segregate work and non-work internet traffic to protect both companies and employees. In short, it may dramatically improve the way hundreds of millions of people work globally.
It’s a bold vision from an ambitious trio of founders. CEO Tony Huie spent five years at Dropbox, heading up international and new market expansion in his final role at the file-sharing juggernaut. He’s most recently been a partner at venture capital firm SignalFire . Chief Product Office Alex Marshall was a product manager at Dropbox before leading product at lab management program Quartzy. Finally, CTO Lior Rozner was most recently at Rakuten and before that Microsoft.
The startup was founded in 2019, and is announcing today the public launch of its product as well as its Series A funding of $17 million from WndrCo, 8VC, SignalFire and Green Bay Ventures. Dropbox’s two founders, Drew Houston and Arash Ferdowsi, also invested.
The idea for Twingate came from Huie’s experience at Dropbox, where he watched its adoption in the enterprise and saw first-hand how collaboration was changing with the rise of the cloud. “While I was there, I was still just fascinated by this notion of the changing nature of work and how organizations are going to get effectively re-architected for this new reality,” Huie said. He iterated on a variety of projects at SignalFire, eventually settling on improving corporate networks.
So what does Twingate ultimately do? For corporate IT professionals, it allows them to connect an employee’s device into the corporate network much more flexibly than VPN. For instance, individual services or applications on a device could be setup to securely connect with different servers or data centers. So your Slack application can connect directly to Slack, your JIRA site can connect directly to JIRA’s servers, all without the typical round-trip to a central hub that VPN requires.
That flexibility offers two main benefits. First, internet performance should be faster, since traffic is going directly where it needs to rather than bouncing through several relays between an end-user device and the server. Twingate also says that it offers “congestion” technology that can adapt its routing to changing internet conditions to actively increase performance.
More importantly, Twingate allows corporate IT staff to carefully calibrate security policies at the network layer to ensure that individual network requests make sense in context. For instance, if you are salesperson in the field and suddenly start trying to access your company’s code server, Twingate can identify that request as highly unusual and outright block it.
“It takes this notion of edge computing and distributed computing [and] we’ve basically taken those concepts and we’ve built that into the software we run on our users’ devices,” Huie explained.
All of that customization and flexibility should be a huge win for IT staff, who get more granular controls to increase performance and safety, while also making the experience better for employees, particularly in a remote world where people in, say, Montana might be very far from an East Coast VPN server.
Twingate is designed to be easy to onboard new customers according to Huie, although that is almost certainly dependent on the diversity of end users within the corporate network and the number of services that each user has access to. Twingate integrates with popular single sign-on providers.
“Our fundamental thesis is that you have to balance usability, both for end users and admins, with bulletproof technology and security,” Huie said. With $17 million in the bank and a newly debuted product, the future is bright (and not for VPNs).
By Danny Crichton