Minimize Your Attack Surface with CloudConnexa™ Device Identity Verification & Enforcement (DIVE)
Take Your ZTNA to a Whole New Level with CloudConnexa™ Device Identity Verification & Enforcement (DIVE)
OpenVPN Cloud is now CloudConnexa™ — learn more here.
Concerned about access control? Restrict the use of untrusted devices with Cloud Connexa Device Identity Verification & Enforcement (DIVE).
DIVE gives Cloud Connexa administrators the power to leverage one of the key principles of Zero Trust Network Access (ZTNA) — Least Privilege — granting access to only the resources a user should have, from only the devices they are authorized to use. When combined with the inherent Cloud Connexa micro-segmentation and identity-based access controls, DIVE further minimizes the attack surface.
What Is Device Identity Verification & Enforcement?
The growth of remote and hybrid workforces, and the increasing number of smartphones, tablets, and laptops accessing company networks, makes securing mobile devices a critical component of ZTNA. DIVE, a built-in feature of Cloud Connexa, makes it easy for Admins to verify device identities before granting network access.
The addition of DIVE boosts the ZTNA essentials Cloud Connexa already provides — hiding your applications from public view, using digital certificates for users and devices — by giving Admins the option to manually add authorized device identities (UUID) as well as lock digital certificates, automatically, to specific devices. This means a user trying to access the network with an alternate device, even with an authorized connection profile, will be blocked.
DIVE establishes a 1:1 relationship between a Cloud Connexa Profile and Device, thereby establishing a trusted connection.
Recommended Reading: Why Secure Remote Access is a Win for Everyone
Why Does DIVE Matter?
Cloud Connexa Device Identity Verification & Enforcement is a Wide-area Private Cloud (WPC) security policy that empowers Cloud Connexa administrators to strengthen their security posture — and reduce their attack surface — by explicitly specifying the device identities (UUIDs) of trusted devices permitted to connect to the WPC and locking digital certificates to specific devices, disabling Profile re-use across multiple Connect Clients and Devices.
DIVE boosts your ZTNA approach — and minimizes your network attack surface — by giving Admins full visibility into devices used and limiting authenticated user access to trusted devices with unique digital identities.
With DIVE, Cloud Connexa provides a comprehensive, industry-leading network security solution that lets Admins build ZTNA using defined access control policies for users and devices.
Recommended Reading: Three Ways to Integrate Device Posture Checks With Your VPN
How Do I Get Started?
When it comes to ZTNA, hiding your apps from public view and using identity-based access policies isn’t enough.
Ready to take your network security to a whole new level and make Device Identity Verification & Enforcement part of your ZTNA approach? Simply ensure devices are running a minimum of:
- Windows: OpenVPN Connect 3.3.7.
- MacOS: OpenVPN Connect 3.4.2.
- Linux: OpenVPN3 v19_beta.
- Android: OpenVPN Connect 3.3.2.
- iOS: OpenVPN Connect 3.3.3.
- ChromeOS: OpenVPN Connect 3.3.2.
By default, DIVE is set to Off. To enable:
- Navigate to Settings → Users.
- Click Edit.
- Change Device Enforcement to Learn and Enforce or to Enforce.
Once enabled, a correct digital certificate alone won’t allow access — the device identity must match an authorized device for the user to access the network/services.
Want to know even more? Get all the details about access controls with these helpful resources from our knowledge base: User Guide - Device Enforcement.
Recommended Reading: The Best Multi-Factor Authentication Tool is the One Your Business Will Use
Get Started With Device Identity Verification & Enforcement Today
Ready to take your business to the next level with Cloud Connexa? Work from anywhere and from any device with confidence. Create an account today for three free connections and the secure network connectivity your business needs.