Case Study

Carta Chooses Banyan Security for Zero Trust Remote Access

“We threw a lot of challenges and requests at Banyan in a very short period of time, but they stepped right up and took the solution to the next level. That’s exactly how a great partnership should work.”
Vincent Parras Manager of Trust Security Governance and Risk Management Compliance, Carta

Company Info

Carta is a San Francisco, California-based technology company that specializes in capitalization table management and valuation software. The company’s software platform enables founders, investors, and employees to manage their cap tables, valuations, portfolio investments, and equity plans. Founded in 2012, Carta now manages billions of dollars in equity for more than 20,000 private companies, public companies, and investors.

IT and Business Challenges

Carta had been relying on a traditional VPN solution before moving to Banyan. “We were using an open source, enterprise distributed VPN server called Pritunl,” explained Parras. “And like all VPN solutions, it didn’t scale easily. Installing and configuring the VPN was cumbersome, but doable. It was a full-tunnel solution, meaning all traffic was sent over the VPN. Since everything gets routed through the same tunnel, it quickly becomes a ‘train wreck’ in terms of speed and throughput during times of high demand.”

The Banyan Security Solution Parras started his search for a Zero Trust Network Access (ZTNA) solution in 2019 to replace the existing VPN. Parras asked several of his colleagues what options they’d recommend, and several of them suggested he look at Banyan. “I originally considered a move to Duo Security right after they had been acquired by Cisco,” he noted. “But Duo told me we’d need two separate connectivity solutions based on our different use cases. The first one was the Duo Zero Trust solution for the standard ports they already supported. But for our non-standard ports, we’d have to stick with a traditional Cisco VPN. That meant we’d have to deploy and manage two separate solutions instead of one. After reviewing the alternatives, we decided to go with Banyan since their Zero Trust solution would enable us to eventually move away from our VPN.

Deploying Banyan Zero Trust Remote Access

Carta started using Banyan Zero Trust Remote Access in December 2019. The Banyan solution provides a secure way for employees, developers, and third parties to work from anywhere, accessing corporate data without relying on network-centric solutions like VPNs. Banyan’s Zero Trust offering leverages user and device trust scoring with continuous authorization to ensure robust protection, while providing seamless and productive access to hybrid and multi-cloud apps, hosts, and servers. Carta is now using Okta for identity and Banyan for network access. “The long-term vision for Banyan that we’re after is the whole ‘Zero Trust’ concept,” explained Parras. “If you install Banyan, that means you’re a verified machine, and you’re going to do certain checks that we need. Okta will verify identity, Banyan access policy is enforced, and then you’re allowed to access the system. So together, it’s a complete Zero Trust solution.”

Customer Outcome

Moving from the VPN to Banyan

Parras immediately moved more than half of Carta’s 500 employees over to the Banyan Zero Trust solution. “The majority of our network traffic consists of the large, enterprise backend applications our employees use every day,” explained Parras. “The largest one is our ticketing system, used extensively by our HR and finance department. We’re also putting a lot more of our backend web interfaces onto Banyan, everything needed to support our employees’ essential daily activities. That’s a great use case for Banyan since it proxies web traffic. Banyan works very well in that environment, and we haven’t had any issues since we deployed it last year.”

Working Together to Expand the Banyan Solution

“Right after we deployed Banyan, the COVID-19 pandemic forced everyone to work from home,” explained Parras. “We knew we had just two options going forward. One was to shove everyone back onto our existing Pritunl VPN and hope that employees didn’t inadvertently take down the entire site by forgetting to disconnect the VPN before engaging in high-traffic activities like watching Netflix on their laptops. Or two, we could move the rest of our employees over to Banyan. We decided that Banyan was the least painful path going forward in terms of connectivity and ongoing management, and the most promising connectivity solution in the long run.”

Pushing Through the Growing Pains

Parras admitted they did have some growing pains during the Banyan implementation. “Banyan was more than ready for our initial use case, but they didn’t have solutions for our additional use cases yet,” he explained. “Duo and Okta weren’t viable alternatives since they could only cover 40% of our initial needs. Banyan was more than 60% there already, so we worked diligently with their development team and pushed the limits of what a Zero Trust solution could be.” By working closely with the Banyan team, the remaining 40% of Carta’s requested use cases were developed quickly during the pandemic. “Once Banyan completed the requested integrations, we tested them and immediately rolled them out to our users,” reported Parras. “Having access to all of the additional use cases we needed served as the final ‘nail in the coffin’ for our old Pritunl VPN.”

Carta has already moved about 90% of its traffic over to the Banyan solution. “Our team is now working with Banyan on the mobile side of the house,” said Parras. “Once that use case works natively, we’ll have the whole Zero Trust ecosystem.”

Better Performance and End User Experience on Banyan

Parras reported that network performance had increased since moving to Banyan. “Our VPN was very slow,” he admitted. “For example, when our employees in Brazil needed to do any work, they would have to go through the VPN tunnel all of the way from Rio up to Virginia. It took a very long time to connect to the applications they needed to do their jobs. Once we moved to Banyan, network performance improved significantly. Now when our developers and employees log in from anywhere in the world, everything works almost immediately.”

Better Visibility and Transparency

“The visibility and reporting capabilities of our Pritunl VPN weren’t very good on the user side, and especially poor on the device side,” explained Parras. “With Banyan, users just install the certificate, follow the instructions, and they’re immediately connected to the network. Banyan is a much more transparent system. We can easily see who and what’s connected to our network with the Banyan Zero Trust Remote Access solution.”

Easy Connectivity to Applications

Banyan is enabling Carta’s developers to easily connect to all the various infrastructure and applications they use. “With a VPN, you’re just connecting networks,” Parras explained. “And once you’re on the network, each of those systems has its own separate authentication requirements. You still have to RDP or SSH in or go to Kubernetes or a Bastion host to be authenticated with the VPN. With Banyan, access can be configured directly to the applications, meaning the developers just have to click once and they’re all the way into the applications they need. With Banyan, connecting is a now a breeze.”

Future Plans

Leveraging Telemetry Data

“Banyan provides us with a lot more telemetry data than we had with our VPN,” explained Parras. “As we grow as a company, we will need more information to feed our data lake and SIEM in order to obtain better visibility into our operations. That’s one of the projects our team is going to be working on ingesting and leveraging all of the valuable Banyan telemetry data to improve our system operations and security.”

Final Thoughts

“One of the greatest things about Banyan is that they’re always willing to work with us to develop new features,” said Parras. “We came to Banyan for one use case, quickly got that going, and immediately realized we needed more. Our demands are always increasing, but Banyan has been with us every step of the way. It’s like we asked them for a great lemonade stand, and now we have an entire barbecue food truck.”

A Great Partnership

“Another benefit for Banyan is that the solutions they’re developing for us are of great value to their other customers as well,” said Parras. “It’s always great when a partnership is a win-win scenario. To be honest, there were some struggles and growing pains along the way. We threw a lot of challenges and requests at Banyan in a very short period of time, but they stepped right up and took the solution to the next level. That’s exactly how a great partnership should work.”

Industry
Financial Services; Software Provider

Challenges

  • Wanted to find a highly scalable, secure
  • way to provide remote access to
  • corporate and field employees

Solution

  • Banyan Zero Trust Remote Access

Customer Benefits

  • Simplified remote access management
  • Enabled easy scalability
  • Provided employees with simple, fast access to all of their applications
  • Improved data security