Skip to content

InstaSafe Secure Access Architecture

The InstaSafe Secure Access (ISA) Architecture consists of 3 planes.

  1. Management Plane

  2. Control Plane

  3. Data Plane

Management Plane

The management plane refers to a set of functions to configure, monitor, and manage ISA. It comprises the cloud-based web console for Operations, Administration and Management (OAM) of ISA. This provides centralized management and control of access to resources, and enforces security policies. This allows dynamic updates to security policies, to make it a more flexible and adaptive security approach.

InstaSafe implements Role-Based Access Control (RBAC), also known as Role-Based Security (RBS). In this access control model, permission and access rights are assigned to users based on their role or job function within the organization. The roles are defined and assigned to users, and each role has a set of associated permissions or access rights. When a user tries to access a resource, the system checks the user's role and compares it to the permissions associated with that resource. If the user's role has permission to access the resource, access is granted, otherwise it is denied.

Control Plane

The Control Plane refers to the set of functions and processes that are responsible for the authentication and authorization. The assumption is that all incoming network traffic is untrusted until it is verified as coming from an authenticated and authorized user.

It acts as the gatekeeper for all access to the protected resources and enforces the security policies. It creates a secure perimeter around a network and only allows authorized users to access the network after they have been authenticated and authorized. It verifies the User Agent with username, password, Geo Binding, Device Binding, Device Checks, and multi-factor authentication (MFA).

Data Plane

The Data Plane refers to the set of functions and processes responsible for the actual transmission of data between the user and the protected applications.

Once a user is authenticated and authorized by the control plane, the data plane allows the user to access the protected resources by creating a secure, encrypted tunnel between the user's device and the Gateway to allow access to the protected applications. It is responsible for maintaining data integrity and data confidentiality using encryption and hashing methods.

Comments