Zero Trust Campus

Historically, enterprise network security has been defined by a series of painful tradeoffs. Simply put, flat networks were easy to manage but gave attackers free rein to spread and cause damage once inside the network. On the other hand, the more secure and tightly controlled architectures defined by Zero Trust exponentially increased the cost, complexity, and effort required from staff. Ultimately, this forced organizations into uneasy compromises that were expensive, left technical teams overworked and fell well short of the ideals of Zero Trust. Nile introduces a new enterprise network in which security and Zero Trust principles are built in by default with no additional costs or network management required. Unlike traditional approaches that layered security on top of the enterprise infrastructure and assets, Nile allows security to be truly integrated into the infrastructure.

Nile ensures that each device can be segmented based on its needs; all traffic is encrypted; and every network connection is authenticated, authorized, and evaluated for threats based on enterprise policy. Nile’s innovative secure-by-design architecture ensures that there are no blind spots in the network where attackers may hide, and the policies can be equally applied to any traffic, whether wired or wireless, from client to cloud, or even between hosts on the same access network.

While Nile transforms the status quo in network design, it integrates smoothly into the enterprise. Nile does not try to take over an organization’s approach to security. It works with and enhances an organization’s existing policies and security tools. All of these tools behave normally, enhanced with the ability to see a far more complete view of enterprise traffic, and the option to enforce far more fine-grained controls.



There is an explosion of IoT devices on campuses and branches, many of which are unmanaged, that have visibility and access to IT devices. Furthermore, certain user groups, such as contractors and third-party vendors, should not have access to certain mission-critical applications. Shadow IT is on the rise and so is the threat of ransomware, which has graduated past local machine exploitation and can now spread payloads laterally across the corporate network. Breaches typically remain undetected for over 200 days on average, and when they are detected it is usually too late: the ransomware payload had spread and detonated exfiltrating and encrypting data. With the attack surface at campuses and branches growing exponentially, risk has become impossible to manage effectively and efficiently using traditional network security controls that require endless IP grooming and network reconfigurations on site.

The goal of the network should be to eliminate or reduce the secure attack surface, protect against ransomware attacks and limit its propagation, granular policy controls that protect data and operations, and protect data while transiting over the network.

To achieve these goals security has to be built ground up and be part of the core architecture instead of an afterthought or feature.

Nile has designed a multi-tier security architecture to ensure a robust campus network. The following are the three core pillars: