Airlock

The Problem

Client security engineers require a synchronized solution to enforce security measures, integrating seamlessly with a frontend system designed to assess and manage risks across all organization-owned devices.

‍

User Types

• Blocked user 
  User seeking to restore internal network access for a non-compliant device.
  ‍

• Help Desk
  IT personnel assisting users in restoring network access for non-compliant devices.
  ‍‍

• ‍Admin
  ‍Security team that creates and monitors security policies to be enforced by Airlock.
  ‍

User Pain Points

• Blocked user
  Experiencing a blockage while working is frustrating. The primary goal is to get unblocked and resume work as quickly as possible. Understanding this, the design must be simple, easy to understand, and free of distractions.

• Help desk
  Blocked users often go directly to the help desk without attempting to resolve issues on their own, resulting in longer wait times. To address this, the design must prioritize a balance between user self-remediation and escalation to the help desk.

• Admin
  Accessing multiple tools to create and monitor security policies causes inefficiencies. Having the ability to manage all administrative tasks within a single application is paramount to increasing efficiency.

Environments

To mitigate risks in the event of an exploit on a non-compliant device, separate environments were established to manage different entry points effectively. At-risk devices are funneled through an isolated environment, while compliant devices can access Airlock directly through the secured internal network.

• Quarantine
  When a device fails to meet security policy and is exposed to risks, it is quarantined through a separate entry point to ensure safety. At this stage, users are presented with two options: either resolve the issue preventing their device from gaining access to the internal network or defer resolution for three days if immediate access is required. This process promotes self-remediation with a strong emphasis on resolving issues on their own with guidance, addressing a key pain point from the help desk.

‍

• Internal
  An environment for compliant devices to monitor their health status. When users with compliant devices visit Airlock, they are directed to their Airlock account view, providing them with more information and control over all their devices. Users can monitor their devices' compliance status, request long-term exemptions, track existing exemptions, and access various settings.

‍

• Admin Portal
  Admin users need a space to create, modify, and manage all security policies. Additionally, the management team requires the ability to audit the portal with quick visualizations of system health status.

‍

‍

Key Features

• Enforcement
  Taking security parameters into account, the tool rigorously enforces the properties of defined security policies across all devices. This ensures that every device adheres to the specified security standards, maintaining a consistent and secure network environment.

‍

• Deferral
  The tool allows users to temporarily bypass a failing policy that is blocking a device. Non-critical policies can be deferred for up to 3 days, with a maximum of 3 deferrals to ensure minimal disruption to work. For critical policies, deferrals can extend up to a year, but this requires approval from the risk management team to ensure that any potential risks are properly evaluated and mitigated. This flexibility helps balance security needs with user productivity.

‍

• Guided remediation
  When a user exhausts all temporary deferrals or decides to attempt remediation on their own, the tool provides a comprehensive step-by-step remediation guide. This guide walks them through each necessary action to resolve the compliance issues. Once the user completes the steps, the tool automatically checks the device's health status to verify compliance. If the device meets all security requirements, it is granted access to the internal network.

‍

• Admin portal
  Admin users rely on a centralized platform where they can efficiently create, modify, and manage all security policies across the organization. This platform serves as a robust tool for implementing and enforcing policies to uphold stringent security standards.
  
  Simultaneously, the management team benefits from easy access to audit the portal. This audit capability provides comprehensive visualizations of the system's health status, enabling proactive monitoring of compliance and identification of potential security issues. This dual functionality supports effective governance and enhances overall cybersecurity resilience.

‍

‍

Metrics

Airlock impacts every member of the organization, from individual contributors to managers and executives. Implementing a steady and gradual rollout plan is crucial to minimize unforeseen disruptions. The rollout began with 25% adoption in late 2022 and increased to 55% by mid-2023. Currently, Airlock is deployed on 95% of devices across the organization with AI capabilities planned for the near future.

Users facing blockages spend an average of 38 seconds on the tool before regaining access, highlighting the tool's efficiency in resolving issues swiftly and minimizing workflow interruptions.

Help desk reports 42% decrease in tickets regarding device security issues.

~200% decrease in security deployment time from admins.

‍

Additional Plans

Following the initial launch of Airlock, several opportunities have been identified, with one of the major initiatives being the evolution of Airlock into a platform. Known internally as Palisade, the platform will extend its capabilities to encompass additional use cases using the same backend system, thereby enhancing security protocols across various organizational assets.

A recent addition to the platform is a product called Fleethealth, designed to enforce and monitor server security protocols aimed at mitigating the risk of data loss.

‍