It’s time to rethink enterprise networks. They are overly privileged, slow, put the user last, and rest on flawed assumptions that slow businesses down while helping hackers tear across companies big and small. It’s time for a new foundation, a network that challenges the status quo and flips the script.
That’s why we founded Bowtie. Today, we're happy to introduce our company and invite you to try a new way to network.
Yesterday’s Networks are Failing Us
Enterprises today sit atop computer networks built where the businesses physically are, but enterprises themselves are dynamic collections of distributed people working toward a shared mission. More than ever before, these people are working independently, far away from the head or regional office, and each of them have unique access needs.
To maintain operations away from the places where enterprise networks are built, we have turned to remote access solutions, usually virtual private network software written in and inspired by the dial-up modem era. These solutions typically grant full access to enterprise resources, assuming that access control happens somewhere else. To simulate being in the enterprise network, users must first open and configure an application and then turn it “on” to connect. The employee’s reward for navigating the VPN is an overly privileged, slow, and brittle experience.
Compounding this situation, security incidents – ranging from sophisticated phishing campaigns targeting individual employees by name to Log4Shell-style remote code execution – are on the rise. Outsourced trust and legacy networks that make assumptions about who is connecting to them and what they should have access to can lead to debilitating, headline-grabbing attacks.
This happened to Uber in September 2022 when its VPN was hacked, handing control of much of its IT infrastructure over to the attackers. More recently, LastPass had its backup files stolen, exposing customer data to phishing and brute force attacks, and both Okta and Slack have had portions of their source code stolen from GitHub. These incidents demonstrate the pitfalls of overly privileged network design and of giving third parties exclusive control over your critical services.
The holy grail in security is to make the right thing to do the easy thing to do, but the legacy solutions most businesses use today are anything but easy and have users running for the exits, looking for any alternative to lessen the pain of the corporate VPN.
A Modern Approach for Enterprise Networks
The technology industry is marked with reversals to prevailing designs which, while initially counterintuitive, ultimately address problems in new ways. With enterprise networking, traditional design has been to build and concentrate privileged connectivity at every enterprise site, such as data centers, offices, or factories. Employees connect either in person or through a VPN, using “concentrators” to bring remote connections into principal sites from which user traffic is distributed. This pattern is known as the hub-and-spoke model, and is a natural offshoot of the need for enterprises to build underlying physical infrastructure at each of their locations.
There is a better way: rather than build privileged networks at each enterprise site and then bring users to those sites, the enterprise network moves out to the edge and exists inside each device used by the enterprise. These devices connect to each enterprise site concurrently and take the shortest path to reach those sites.
This model is founded on Zero Trust network access principles with each connection strongly authenticated, using enterprise identity, and limiting access to only what each employee needs for their work.
To be successful, users must only interact with this encrypted edge overlay network once, just as they would if they were connecting to wifi or their email in the morning. It must be invisible. The user needs only to log in to their computer, open a browser, shell, or other application, and begin their work.
By reversing the traditional network architecture – building unprivileged physical networks to power identity-driven virtual networks – and focusing the enterprise network on the edge, employees get the in-office privileged network experience they expect from anywhere they are.
Bowtie is a distributed enterprise edge networking product rooted in zero trust network access principles.
We improve upon agentless web gateway, proxy, or port forwarding solutions by giving customers a full network experience, encompassing every protocol and use case, unbounded by physical location. By moving the enterprise network to the endpoint, businesses can build their access policies and implement security monitoring and protection strategies just once rather than for each site and tech stack. Bowtie gives businesses a unified global view of their operations, regardless of locality.
To achieve this, Bowtie is built on modern encryption and tunneling technologies, supporting concurrent connectivity to multiple enterprise points of presence. Customers never again need to switch from network A to B to get access to that critical database or to improve performance. Bowtie connects to both A and B at the same time, without conflict, using high-performance tunnels to operate as close to wire speed as possible.
Bowtie’s greatest strength, however, is its invisible design. Users are often unaware that Bowtie is even operating, which is the same experience employees have always enjoyed sitting at their desks in the office.
Bowtie achieves this by investing in techniques to ensure connectivity is established even across adverse network conditions, using single packet round trip connection establishment so that the enterprise network is ready as soon as the wifi link comes up, and stays connected as users roam between networks. Improving security and user experience simultaneously is rare, and that is precisely Bowtie’s mission.
We set out to build Bowtie based on our experience as operators of security-sensitive enterprise networks where traditional assumptions no longer served us. In doing so, we set down a series of promises and principles that would underpin our product.
The first is embedded into the company’s name: Bowtie Works. To achieve our vision of moving the enterprise network to the edge, the highest objective we have is that Bowtie works. In the traditional in-person privileged network model, operators and users alike depend on the network being present and giving them access to the information and resources they need. A reliable network is a prerequisite.
Bowtie provides this seamless experience in software, from anywhere the internet is accessible, and we focus all of our efforts on ensuring that the connection always works. Reliability is the core requirement upon which all of our access control, visibility, and security features are built. Bowtie Works.
The other key principle underpinning the Bowtie product is that trust and security are paramount.
Being forced to choose between best-of-breed software and having agency over your security and data is a false dichotomy.
Enterprises should be able to leverage the ease of use offered by cloud-managed software models while retaining ownership and control of their deployments and software architectures.
To achieve this, Bowtie embraces the local-first philosophy of software engineering, giving customers complete control over their deployments, with no operational dependencies on Bowtie the company for the functionality of their networks. This is particularly true concerning the security critical elements of our solution. Unlike some network access providers, Bowtie cannot introduce new clients into a customer network, and our solution does not require routing all customer traffic through our data centers. Access control, encryption, and availability are under exclusive customer control, where they belong.