Nile Rolls Out Trust Service to Bring Zero Trust to Campus Network Environments

Enterprise networks have grown increasingly complex while simultaneously increasing business value. A recent ZK Research study found that 93% of organizations believe the network to be more important to business operations than two years ago. However, 80% of companies in that same timeframe state the network is more complex.

Much of that complexity is driven by trends such as the volume of devices, the diversity of applications and data types to support, and the rise of multiple device types, including the widespread adoption of IoT, which requires rethinking access control and network data security. On average, detecting and containing a threat takes more than 200 days, leaving systems vulnerable for extended periods. Many struggle with inefficiencies in their security operations, making it harder to respond to threats.

Campus Network-as-a-Service (NaaS) provider Nile has launched a new service that simplifies an enterprise network’s security architecture and tackles the vulnerabilities and complexity of traditional enterprise networks, most of which include elements such as virtual local area networks (VLANs). The Nile Trust Service isolates each device and user into a secure network segment, encrypts communications, and ensures all traffic passes through firewalls for monitoring and enforcement. This prevents the lateral movement of threats within the network.

Elements of Trust Service

The Trust Service's standout feature is its integration of zero-trust security directly into the network infrastructure. By combining single sign-on (SSO), multi-factor authentication (MFA), and device fingerprinting, it verifies identities and limits network access. Users are tightly controlled and easily managed, even during onboarding and offboarding.

The Trust Service uses a layered approach to secure devices and users. Data remains safe from the infrastructure level to each connected endpoint, while device isolation prevents potential breaches from spreading. Network administrators can define specific segments, such as printers, users, or IoT devices, and Nile automatically configures these segments.

VLANs, a decades-old technology, were also designed to segment networks and reduce threat exposure. However, they fail to reduce lateral movement and associated risks. Traditional VLANs allow threats to move within the access layer, leaving networks vulnerable. According to Suresh Katukum, Chief Product Officer and co-founder at Nile, Nile’s approach doesn’t rely on these outdated methods. Instead, it offers a streamlined and inherently secure solution from day one.

“The Trust Service, in essence, is zero trust security delivered as a service. When you go with Nile and build a network on day one, you’ll get various features at the infrastructure layer. So, nobody can walk up to your devices and plug something in or change a network device config,” said Katukam.

The Trust Service is part of the Nile Access Service, a broader Campus NaaS platform that uses artificial intelligence (AI) to provide device isolation, automated segmentation, traffic control, and real-time insights. The Access Service handles the overall wired and wireless LAN connectivity and overall network operations, as well as the built-in implementation of security features in the Trust Service.

Going Forward

The Trust Service is available in two tiers: Essentials and Advanced, with the latter designed for larger enterprise customers seeking more functionality, such as micro-segmentation, at a higher price point. Both tiers provide robust security features, including encryption enabled by default for all Nile devices and connected endpoints.

Nile offers a firewall service for customers who choose to use it, though many continue to rely on their on-prem firewalls or integrate with secure service edge (SSE) solutions. The Trust Service is designed to work seamlessly with existing setups and other providers like Zscaler without requiring changes to the current infrastructure. The flexibility makes it easier for customers to integrate Nile into their security operations centers (SOCs).

For example, Nile complements Zscaler by providing complete device isolation and managing internal traffic through secure tunnels before it’s forwarded to a firewall. Instead of placing a firewall at every potential lateral traffic crossing point within the network, a tunnel directs all traffic back to a centralized firewall or enforcement point.

“In the Nile environment, your firewalls see everything. You’re actually getting an enhanced security posture because you’re using your firewalls more efficiently or your SSE solutions more efficiently,” said Katukam.

Nile has also partnered with Palo Alto Networks to enhance campus security. Nile Access Service customers can now automatically connect and forward traffic to Palo Alto’s Prisma Access, adding an advanced protection layer. By handling outbound traffic to the Internet and private applications, Prisma Access enforces the zero-trust principle of least privileged access for every user and device - remote or on-premises.

This integration simplifies network security management by combining Nile’s device isolation and traffic segmentation with Palo Alto’s threat detection and policy enforcement. The result is a secure, efficient system that improves security for all data and users/devices - remote and on-premises. If specific devices or applications require additional security checks, the system routes their traffic to Prisma Access for analysis and enforcement.

A Final Word on Trust Service

In summary, Nile’s new Trust Service provides a modern approach to network security. It combines device isolation with automated security operations and integrates with advanced tools like Palo Alto’s Prisma Access. This enables the customer to modernize their networks and integrate security into them as opposed to running them as an overlay. 

Zeus Kerravala is the founder and principal analyst with ZK Research.

Read his other Network Computing articles here.