Zero Trust & VPN Replacement for a Global Investment Platform
A global venture investment platform · Financial services / fintech · Global
Replaced a legacy VPN with Cloudflare Zero Trust — WARP, Access, Gateway, and Tunnels — bringing 60+ SaaS applications behind ZTNA with SSO and moving AWS and on-prem connectivity off OpenVPN.
behind Zero Trust Network Access with SSO
legacy OpenVPN/FortiGuard/GlobalProtect retired
connectivity moved to Cloudflare Tunnels and WARP
log push for monitoring and threat response
The challenge
- Deploy the WARP client across all devices and replace traditional VPN access with secure, fast Cloudflare connectivity.
- Integrate Zero Trust Network Access with SSO for 60+ SaaS applications, and stand up secure web gateway and firewall policies.
- Replace OpenVPN connectivity to AWS and on-prem environments with Cloudflare Tunnels, and push logs into the existing EDR for monitoring.
Our approach
- 1 Automated WARP client enrollment via JumpCloud device policies across the fleet.
- 2 Configured WARP in full mode for private network access and set up secure web gateway DNS, network, and HTTP policies to best practice.
- 3 Integrated Cloudflare Access with SSO for 60+ SaaS applications and designed split-tunnel network access interconnecting AWS and on-prem locations.
- 4 Migrated from OpenVPN/FortiGuard/GlobalProtect to WARP with Cloudflare Tunnels, and integrated Log Push with the existing EDR for monitoring and response.
Cloudflare & cloud services used
Client identity is withheld at the customer’s request. The figures and outcomes above are client-reported and reflect the engagement as delivered.
Facing something similar?
Nanosek can scope the work, the risks, and the rollback plan with you — as an authorized Cloudflare MSP/ASDP partner that also runs the rest of your cloud estate.