Challenge

As a fast-growing startup, Homebase’s success has been due in part to a culture of relentless innovation to meet their employees’ and customers’ needs. As remote work took hold in 2020, Homebase seized the opportunity to optimize their cloud security architecture and replace their existing VPN in order to provide more secure and more performant access to their global development teams.

Homebase’s platform team has evolved their infrastructure several times, starting with Heroku and eventually transitioning to a fully containerized architecture on AWS that they run today. In early 2020, Homebase used OpenVPN to provide private access to their development environments and remote networks in AWS.

As more of their development team began to work remotely, this implementation quickly fell short of the team’s needs. With engineers distributed around the world, including the United States, Kenya, Ghana, Egypt, Ukraine, and Mexico, Homebase’s OpenVPN deployment was having trouble maintaining a reliable and performant connection for all of its global users.

In addition, as the company hired new employees remotely, the team found that onboarding developers to their various AWS environments using their existing VPN was extremely burdensome and would not scale as they grew. “Setting up OpenVPN was quite complicated and annoying. We had to write up a manual with almost 15 steps with screenshots, and it took 30 minutes for a user to get set up. To make things worse, these instructions were different depending on the client platform, which became a headache to maintain,” said Jordan Brown, Platform Engineering Manager.

Beyond the issues with client setup and support overhead, the team had even greater concerns around security and risk. Running their traditional VPN required maintaining two public gateways that were at risk of being targeted online. In addition, there was no good way to restrict access to specific resources once a user gained VPN access. This meant that a successful intruder would have unlimited access to Homebase’s entire private network—an unacceptable risk to both the company and its customers.

Solution

With a small team of only 3 engineers maintaining their engineering platforms, Homebase quickly sought to find a better fully managed solution. The team undertook a thorough and detailed evaluation of several options, covering aspects such as ease of management, security, and cost effectiveness. Ultimately, the team found Twingate to be the most compelling product that provided them with a future-proofed Zero Trust solution that would be the most flexible, easiest to use, and secure by design.

“I had heard of Zero Trust before, but thought it was mostly marketing. We wanted first and foremost to solve our VPN problem and eliminate the risk of having a public gateway. With Twingate, we got a fully managed service that protects all of our resources by default. It’s so much better than what we had before, and a Zero Trust solution makes a lot more sense to me now,” commented Brown.

Results

Ease of Deployment and Management

With only 3 people on the platform team, every bit of time saved matters. With their previous VPN, it took more than a week to deploy the product, even with a pre-built image on AWS. With Twingate, the deployment process was completed in less than one day. Following that, there was very little for the administrators to do, and most routine tasks like adding new resources and assigning access permissions to them were easily automated using the Twingate API.

On the client side, it previously took a new user upwards of 30 minutes following more than a dozen distinct steps to complete setup and onboarding. With Twingate, that process has been eliminated. New employees now have the client application automatically deployed on their device and can sign on instantly using Homebase’s company-wide identity provider (IdP).

Twingate also simplified user management for Homebase, since user access is automatically synced from the IdP. This means that new employees are automatically granted access to the right resources based on their IdP group. Importantly, if the employee leaves the company, their permissions are automatically revoked when they are removed from the IdP.

“For admins, it’s just a one time setup, then Twingate completely eliminates ongoing maintenance. And all the feedback we’ve gotten from users has been ‘Wow, that was easy!’” noted Brown.

Secure by Design

Homebase is trusted by over 100,000 small businesses to deliver innovative, reliable, and secure software services to help them efficiently perform their day to day operations. As a fast-growing startup, Homebase has limited resources, so they must prioritize their efforts on the activities they believe will add the most value. In light of this, they chose Twingate to help eliminate the security risks posed by their traditional VPN.

Twingate’s remote access solution helped Homebase protect their resources and their globally distributed workforce and move towards a Zero Trust security model. Within a matter of weeks, Homebase was able to move their entire development team to Twingate, effectively eliminating the public attack surface created by their traditional VPN.

“Everything is protected by default now. Twingate is making us think about security in a new way and is offering a lot of things we had not thought about before,” said Brown.

Cost Effective

With significant savings in deployment time, support overhead, employee productivity, and risk exposure, Twingate has already proven to be a cost effective VPN alternative for Homebase.

“It was easy to show the value we would get from Twingate, and it was quick to get signoff from our CFO. We’re planning to continue to roll out Twingate to more parts of the organization as we grow this year,” noted Brown.