{ "version": 3, "sources": ["ssg:https://framerusercontent.com/modules/9dBRDPjisx5K0nDrTgDZ/yrL0fCSJxvHCqZK6h1LA/eIwGKSSC3-2.js"], "sourcesContent": ["import{jsx as e,jsxs as t}from\"react/jsx-runtime\";import{Link as i}from\"framer\";import*as n from\"react\";export const richText=/*#__PURE__*/t(n.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"Defining InfoSec\u2019s role in the organization\"}),/*#__PURE__*/e(\"p\",{children:\"Shortly after joining Zappi, Hatitye Chindove joined the cloud infrastructure team to work on the platform\u2019s security features \u2014 a great fit for his prior experience in digital forensics. Soon, Zappi CTO Brendon McLean tapped Chindove to lead the company\u2019s information security and privacy efforts.\"}),/*#__PURE__*/e(\"p\",{children:\"Chindove\u2019s journey shaped his view of security\u2019s relationship with both end users and the business. For users, that means putting yourself in their shoes.\"}),/*#__PURE__*/e(\"p\",{children:\"\u201CWhat got me into software in the first place was solving problems for humans at scale,\u201D said Chindove. \u201CWith InfoSec tools, people expect a bit of a hassle to get in, but not too much. Otherwise, they start to look for ways to circumvent the process. So you want to strike this fine balance.\u201D\"}),/*#__PURE__*/e(\"p\",{children:\"\u201CSecurity is a necessary evil\u201D is the mindset Chindove instills in his team for understanding security\u2019s role in the organization. \u201CYou don\u2019t start a business to run a security department,\u201D Chindove explained. \u201CYou\u2019re in the business of selling something. We are here to add assurances to the business.\u201D\"}),/*#__PURE__*/e(\"h2\",{children:\"Zappi\u2019s test-driven security vendor selection\"}),/*#__PURE__*/e(\"p\",{children:\"When Chindove took on his security role, Zappi\u2019s growth strategy depended on larger clients that would expect vendors to have strong security controls. However, the company did not have a centralized access control system. Access to a Redshift data warehouse went through a VPN, but most of Zappi\u2019s infrastructure was a mix of public cloud and SaaS services that engineers accessed directly.\"}),/*#__PURE__*/e(\"p\",{children:\"One of the biggest challenges was developing and enforcing policies that combined rules based on users, devices, and public SaaS applications.\"}),/*#__PURE__*/e(\"p\",{children:\"\u201CYou could write a policy, but to police it without being overly invasive was quite hard,\u201D said Chindove. \u201CWe started looking for solutions that could fit, adopting test-driven development principles by writing down the expected behavior before deploying them in the field. That way we can recognize emerging outcomes like people getting frustrated with the technology.\u201D\"}),/*#__PURE__*/e(\"p\",{children:\"Ultimately, Chindove decided Zappi needed to implement a secure access solution based on Zero Trust principles. \u201COur small organization has a mobile-first, cloud-first workforce,\u201D he said. \u201CIf we can\u2019t get people behind a perimeter, what could we do? I researched Zero Trust when doing my master\u2019s, so I focused there.\u201D\"}),/*#__PURE__*/e(\"h2\",{children:\"Simplifying and unifying access with Twingate\"}),/*#__PURE__*/e(\"p\",{children:\"Twingate\u2019s Zero Trust Network Access (ZTNA) solution replaces the hub-and-spoke topology of legacy technologies with direct, encrypted peer-to-peer connections between each user\u2019s device and the specific resources they work on. This software-based approach consolidates on-premises and cloud access control within a single tool so that admins can streamline access management.\"}),/*#__PURE__*/e(\"p\",{children:\"Other vendors Chindove considered offered interesting features but would make life more difficult for his team. Some required dual access gateways and the infrastructure to support them. Others required migrating Zappi\u2019s IdP and SSO capabilities to the vendors\u2019 infrastructure. In either case, the complexity quickly mounted.\"}),/*#__PURE__*/e(\"p\",{children:\"When Chindove began evaluating Twingate, he saw something different. \u201CWith Twingate, you set up the Connector and just put it behind the gate. That\u2019s it. Within a month, we had our development pipeline covered with very low risk.\u201D\"}),/*#__PURE__*/e(\"h2\",{children:\"Flip ROI discussions from security to the business\"}),/*#__PURE__*/e(\"p\",{children:\"Quickly gathering evidence in the field made it easier for Chindove to show how Twingate was the right choice for Zappi\u2019s security infrastructure. Chindove\u2019s business-focused view of InfoSec\u2019s role shapes how he makes the case for security investments.\\xa0\"}),/*#__PURE__*/e(\"p\",{children:\"\u201CThe value of security is hard to demonstrate in a data-driven way,\u201D Chindove explained. \u201CYou don\u2019t say it\u2019s a security risk, but flip it as a business risk. We articulate clearly security\u2019s operational, legal, capital, and liquidity-related impacts. If you aren\u2019t stating the business problem, your negotiations for any investment are going to be very hard.\u201D\"}),/*#__PURE__*/e(\"p\",{children:\"For instance, the financial impact of a security breach may not be directly measurable. However, showing business owners that having an asset inaccessible to X number of people for Y amount of time puts the risk in perspective.\\xa0\"}),/*#__PURE__*/e(\"h2\",{children:\"Understanding the power of Twingate\"}),/*#__PURE__*/e(\"p\",{children:\"Easy implementation was one benefit of choosing Twingate, but Twingate\u2019s approach to secure access also aligns with Chindove\u2019s philosophy of solving human problems. The Twingate Client runs transparently on a user\u2019s device, integrates with Zappi\u2019s identity provider, and seamlessly enforces access policies. After the single sign-on, a user can access any assigned resource without juggling multiple credentials.\\xa0\\xa0\"}),/*#__PURE__*/e(\"p\",{children:\"\u201CIf you want your engineers to love you, give them something that is harder to circumvent,\u201D said Chindove. \u201CThat\u2019s what Twingate gave us \u2014 it\u2019s easier to do the right thing than the wrong thing.\u201D\"}),/*#__PURE__*/e(\"p\",{children:\"Since Zappi\u2019s infrastructure spans multiple cloud platforms and SaaS providers, Twingate\u2019s ability to protect server-to-server communication tunnels was invaluable. Previously, his InfoSec team would have to wait for Zappi\u2019s infrastructure team to set things up.\\xa0\"}),/*#__PURE__*/e(\"p\",{children:\"The Twingate experience is much different. Service accounts let DevOps teams incorporate consistent, centrally managed access controls in applications and CI/CD pipelines. Headless clients and service keys let teams automate the service\u2019s access to authorized resources so, for instance, SaaS applications can communicate with private resources.\"}),/*#__PURE__*/e(\"p\",{children:\"\u201CAn engineer said to me, \u2018Now I understand the power of Twingate.\u2019 It took him thirty minutes to connect part of our EC2 infrastructure with ClickHouse across an untrusted network. In my opinion, this quick time to value is Twingate\u2019s key differentiator.\u201D\"}),/*#__PURE__*/e(\"h2\",{children:\"Building a long term partnership\"}),/*#__PURE__*/e(\"p\",{children:\"As Twingate continues to expand its platform of Zero Trust tools, Chindove remains impressed with Twingate\u2019s commitment to bringing simplicity to customers\u2019 security stacks. \u201CSimplicity has been your mark of genius at Twingate,\u201D he said.\"}),/*#__PURE__*/t(\"p\",{children:[\"One new product area the Zappi team has begun experimenting with is \",/*#__PURE__*/e(i,{href:\"https://www.twingate.com/product/internet-security\",openInNewTab:!1,smoothScroll:!1,children:/*#__PURE__*/e(\"a\",{children:\"Twingate Internet Security\"})}),\". When the team began testing Twingate\u2019s \",/*#__PURE__*/e(i,{href:\"https://www.twingate.com/use-case/dns-filtering\",openInNewTab:!1,smoothScroll:!1,children:/*#__PURE__*/e(\"a\",{children:\"DNS-level security\"})}),\" and \",/*#__PURE__*/e(i,{href:\"https://www.twingate.com/use-case/content-filtering\",openInNewTab:!1,smoothScroll:!1,children:/*#__PURE__*/e(\"a\",{children:\"content filtering\"})}),\" capabilities, Chindove called it a \u201Cjaw dropping, near perfect solution.\u201D\\xa0\"]}),/*#__PURE__*/e(\"p\",{children:\"Request a demo to learn how quickly Twingate returns value, or sign up for Twingate\u2019s free Starter tier for individuals and small teams to test Zero Trust Network Access on your infrastructure.\"})]});export const richText1=/*#__PURE__*/t(n.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"The value of security at Jellyvision\"}),/*#__PURE__*/e(\"p\",{children:\"Handling employee information \u2014 especially financial and health information \u2014 is an enormous responsibility. Naturally, securing Jellyvision\u2019s customer data is a top priority. Eli Golden, VP of Information at Jellyvision, takes a broad view of data security\u2019s importance, which led him to consistently evaluate the state of Jellyvision\u2019s security stack.\"}),/*#__PURE__*/e(\"h2\",{children:\"Jellyvision\u2019s antiquated VPN required a modern replacement\"}),/*#__PURE__*/e(\"p\",{children:\"Jellyvision had remote working policies before the pandemic. However, they still used legacy VPN technology to provide remote access to the company\u2019s resources. \u201COne primary thing I like to tell my team is technology changes every single day, never stay comfortable,\u201D Golden said. \u201CUp until about 2018, one thing that bothered me was that our VPN was still very much an appliance in a server room. We were just masking our IP address as if it was our office. I always thought that that felt a little bit antiquated.\u201D\"}),/*#__PURE__*/e(\"p\",{children:\"As Golden learned more about Zero Trust and software-defined perimeters (SDPs), he decided this was how Jellyvision would evolve from VPN\u2019s aging technology.\"}),/*#__PURE__*/e(\"h2\",{children:\"Making the business case for Zero Trust\"}),/*#__PURE__*/e(\"p\",{children:\"Golden\u2019s team puts potential vendors through an extensive security review process. \u201CData is currency, security is everything,\u201D Golden explained. \u201CWe need to make sure everything is protected and the most secure it can be.\u201D\"}),/*#__PURE__*/e(\"p\",{children:\"Because security tools don\u2019t typically drive revenue, some teams can find it challenging to make the business case for investing in new tools. For Golden, the rigor of Jellyvision\u2019s security vendor review process is critical to ensuring new investments in security solutions are prioritized by the business.\"}),/*#__PURE__*/e(\"p\",{children:\"\u201CAt the end of the day, it\u2019s my job to explain the need from an executive level, a budgeting level, that sometimes you have to spend money to make money,\u201D said Golden. \u201CSecurity very much falls into that realm. It benefits everyone at the company.\u201D\"}),/*#__PURE__*/e(\"p\",{children:\"Jellyvision\u2019s selection criteria addresses the needs of multiple stakeholders, including:\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Security: Can vendors document their data security practices through SOC2 or similar compliance programs?\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Management: How quickly can the solution spin up in AWS, and can it migrate to other cloud platforms?\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Usability: Will the vendor\u2019s enhanced security make user access to resources more or less convenient than current systems?\"})})]}),/*#__PURE__*/e(\"p\",{children:\"Before the team found Twingate, they explored a ZTNA solution that seemed to fit their selection requirements. However, as use of the product scaled the team faced a host of new challenges.\\xa0\"}),/*#__PURE__*/e(\"p\",{children:\"Because their initial ZTNA solution did not offer split tunneling, all traffic (including traffic that did not need protection) was routed through a centralized chokepoint. This meant slow downs and connectivity issues for end users, and loads of tickets for Golden and his team.\"}),/*#__PURE__*/e(\"p\",{children:\"Golden\u2019s team also faced challenges with management and administration. Their new solution\u2019s integration with Okta was weak, leading to additional admin overhead when managing users and entitlements. They also had a lackluster support experience.\"}),/*#__PURE__*/e(\"p\",{children:\"Golden began to evaluate other vendors, and was able to quickly put Twingate to the test.\"}),/*#__PURE__*/e(\"p\",{children:\"\u201CWithin ten minutes, we were up and running with our proof of concept. That took three months with another SDP provider. I can\u2019t say enough how easy it was. That\u2019s really what impressed me with Twingate.\u201D\"}),/*#__PURE__*/e(\"h2\",{children:\"Strengthening Jellyvision\u2019s security posture\"}),/*#__PURE__*/e(\"p\",{children:\"Once the Jellyvision team was actively using Twingate, they were able to immediately leverage a number of security improvements. Twingate ZTNA eliminates the vulnerabilities of VPN\u2019s hub-and-spoke topology by establishing direct, encrypted connections between each user\u2019s device and the specific resources they need to do their work. Granular access rules give companies the control they need to protect sensitive data from constant threats.\"}),/*#__PURE__*/e(\"p\",{children:\"Twingate requires no open inbound ports, enabling organizations to immediately close off exposure to the public internet and potential malicious actors.\\xa0\"}),/*#__PURE__*/e(\"p\",{children:\"Twingate made it easy for Golden and the team at Jellyvision to apply granular access controls including user, device, and contextual data, to their private resources. \u201CThat's such an extra level of security that we never even thought about with our traditional VPN appliance in our server room,\u201D said Golden.\"}),/*#__PURE__*/e(\"p\",{children:\"Between Twingate\u2019s distributed network architecture and granular access control policies, Golden and the team at Jellyvision can significantly reduce the impact of any compromised credentials:\"}),/*#__PURE__*/e(\"p\",{children:\"\u201CA traditional VPN is like a moat around a castle,\u201D Golden explained. \u201COnce you get over the moat, you can access any room in the castle. Twingate locks every door, so even though you got over the moat, you need the key \u2014 the role you\u2019re in and the access you\u2019ve been granted \u2014 to get through the door.\u201D\"}),/*#__PURE__*/e(\"p\",{children:\"Because Twingate is split tunnel by default, the team at Jellyvision was able to leverage these security improvements while also giving end users an smoother, more performant experience.\"}),/*#__PURE__*/e(\"h2\",{children:\"Driving ROI with Twingate\"}),/*#__PURE__*/e(\"p\",{children:\"Jellyvision reduced their new hire onboarding process by over 97%, going from three hours to only a few minutes. Golden\u2019s team uses Kandji, the Apple device management software, to create zero-touch deployments on the Macs they send to new employees. The Twingate Client is already in place when the system starts, so employees can get to work right away while keeping Jellyvision\u2019s security posture stronger than before.\"}),/*#__PURE__*/e(\"p\",{children:\"Replacing Jellyvision\u2019s legacy VPN with Twingate also streamlined user support. \u201CNobody really asks questions about Twingate,\u201D said Golden. \u201CI honestly can\u2019t think of a single time a user has had an issue with Twingate that wasn\u2019t caused by us needing to build an entitlement.\u201D\"}),/*#__PURE__*/e(\"h2\",{children:\"Twingate\u2019s seamless Okta integration is really that easy\"}),/*#__PURE__*/e(\"p\",{children:\"Twingate\u2019s architecture assumes that integrations are essential to the Zero Trust security model. Integrating with enterprise-class security solutions, from device security to identity and authentication management, makes Twingate the central orchestration layer for least-privilege access practices. Twingate\u2019s native Okta integration was a particular selling point for Golden:\"}),/*#__PURE__*/e(\"p\",{children:\"\u201CWe are completely bought into Okta, so having that seamless integration between Okta and Twingate really helped us out. The one area I don\u2019t need to touch is Twingate because it\u2019s all managed through Okta groups. Anything I change in Okta will automatically update in Twingate. It\u2019s really that easy.\u201D\"}),/*#__PURE__*/e(\"p\",{children:\"Beyond simply the efficiency gains of the Twingate and Okta integration, deploying Twingate enabled Golden and the team at Jellyvision to apply an extra level of security to Okta itself. \u201CBased on the entitlement they have or where their IP address is, I can actually lock out Okta applications directly through Twingate,\u201D Golden said.\"}),/*#__PURE__*/e(\"h2\",{children:\"Refining Jellyvision\u2019s access control\"}),/*#__PURE__*/e(\"p\",{children:\"As Golden looks forward to the next stage in Jellyvision\u2019s Zero Trust journey, he is considering Twingate\u2019s enhanced security features. For example, Twingate Usage-Based Auto-Lock lets administrators set minimum usage requirements on user access. After a certain period of inactivity, the permission expires and the user must request a renewal.\"}),/*#__PURE__*/e(\"p\",{children:\"\u201CI can spend weeks and months making my network the most secure network in the world, but if I take away the wrong access from the wrong person, it looks bad on me,\u201D said Golden. \u201CBut if there\u2019s an automated rule that says, \u2018Hey, this person hasn\u2019t accessed this in sixty days, let\u2019s take it off.\u2019 That\u2019s how we get around it. That\u2019s really cool.\u201D\"}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(i,{href:\"https://www.twingate.com/demo\",openInNewTab:!0,smoothScroll:!1,children:/*#__PURE__*/e(\"a\",{children:\"Request a demo\"})}),\" to see how easy Twingate\u2019s Zero Trust Network Access solution is to integrate into your security stack, or go hands-on right now with our \",/*#__PURE__*/e(i,{href:\"https://www.twingate.com/pricing\",openInNewTab:!0,smoothScroll:!1,children:/*#__PURE__*/e(\"a\",{children:\"free Starter tier\"})}),\" for individuals and small teams.\"]})]});export const richText2=/*#__PURE__*/t(n.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"Empowering a global, remote workforce\"}),/*#__PURE__*/e(\"p\",{children:\"Criteria is a SaaS solution that helps companies make better hiring decisions through a suite of interviewing and assessment tools. Mark Calle joined the company in 2018 as Criteria was transitioning to a remote-first operating model. That process accelerated in 2020, making Criteria almost fully remote with a workforce distributed across Central Asia, Australia, and the United States.\\xa0\"}),/*#__PURE__*/e(\"p\",{children:\"\u201CFive years ago, we were an on-premises company,\u201D Calle recalled. \u201CWe had servers on-site. We had in-house infrastructure. It was just so archaic and bulky. Now, we have such a light profile. It\u2019s basically about enabling sales and marketing people to do their jobs super efficiently without downtime.\u201D\"}),/*#__PURE__*/e(\"h2\",{children:\"VPN became a single point of failure \u2014 that failed\"}),/*#__PURE__*/e(\"p\",{children:\"Remote access was a critical weakness in Criteria\u2019s physical network architecture. The VPN feature of their WatchGuard firewalls controlled access to Criteria\u2019s on-premises networks. Remote employees would connect through the firewalls to access server-based resources as well as the company\u2019s expanding cloud assets.\"}),/*#__PURE__*/e(\"p\",{children:\"Calle explained how Criteria\u2019s legacy VPN solution made onboarding and offboarding users extremely unproductive. \u201COnboarding employees required a one-on-one session of about thirty minutes to set them up in the VPN. Then they had to get their resources set up as well.\u201D\"}),/*#__PURE__*/e(\"p\",{children:\"Complicating matters further, Criteria has two identity providers. Microsoft 365 controls access to Outlook and other applications, while AWS Identity Access Management controls privileged users\u2019 access to development and production environments.\"}),/*#__PURE__*/e(\"p\",{children:\"\u201CWhen an employee was offboarded,\u201D Calle said, \u201Cyou would have to go around knocking them out of systems one by one. If they didn\u2019t get removed from AWS, they weren\u2019t truly offboarded.\u201D\"}),/*#__PURE__*/e(\"p\",{children:\"Between an employee\u2019s arrival and departure, their VPN access was a constant headache. Calle\u2019s team had to field ten to twenty support tickets monthly to fix users\u2019 VPN issues.\\xa0\"}),/*#__PURE__*/e(\"p\",{children:\"Although Criteria\u2019s VPN productivity impacts caused mounting frustration, that wasn\u2019t the final straw.\"}),/*#__PURE__*/e(\"p\",{children:\"\u201CThe firewall was a single point of failure,\u201D Calle said. \u201CIf it went down or you lost the internet connection, that\u2019s it. Employees were locked out of our intranet and AWS sites. It did go down, and the CEO was screaming bloody murder about why his two hundred-person company was down because of some rinky-dink setup.\u201D\"}),/*#__PURE__*/e(\"h2\",{children:\"Twingate was a no-brainer\"}),/*#__PURE__*/e(\"p\",{children:\"Twingate replaces VPN\u2019s brittle network access model with direct, encrypted connections between each user\u2019s device and the specific resource they need for their work. With a software-based approach, customers can implement zero trust principles and apply role-based, least-privileged access policies to make sensitive resources more secure.\"}),/*#__PURE__*/e(\"p\",{children:\"\u201CWhen we got the directive to get off of VPNs,\u201D Calle said, \u201Cmy peer in Australia described Twingate to me. I was 100% on board. Replacing VPN with Twingate is a no-brainer as far as I\u2019m concerned.\u201D\"}),/*#__PURE__*/e(\"p\",{children:\"Onboarding cycle times dropped by 83% once the team switched to Twingate from their previous solution. Twingate centralizes user setup and app-like provisioning downloads the client to user devices without requiring complex system configuration.\"}),/*#__PURE__*/e(\"p\",{children:\"\u201CThe average user has one group with limited access but the engineers have very siloed access. The minute a new hire signs into 365, the Twingate client installs automatically. They can literally work five minutes into being hired.\u201D\"}),/*#__PURE__*/e(\"p\",{children:\"Calle said that Criteria gained similar efficiencies when offboarding users. \u201CI go into Azure and block sign-in. That\u2019s it. They\u2019re out of everything in five seconds.\u201D\"}),/*#__PURE__*/e(\"p\",{children:\"Introducing Twingate slashed the volume of access-related support tickets by an estimated 95%, going from as many as twenty a month to a single monthly call. \u201CIt\u2019s very easy to troubleshoot \u2014 either they\u2019re not connected to Twingate, or they have a password issue.\u201D\\xa0\"}),/*#__PURE__*/e(\"p\",{children:\"Calle expended little effort convincing Criteria\u2019s leadership that switching from the firewall\u2019s \u201Cfree\u201D VPN to Twingate\u2019s solution made sense.\"}),/*#__PURE__*/e(\"p\",{children:\"\u201CObviously, we spent more money on Twingate. But the overall ease of training and use, deployment simplicity, and reduced employee downtime more than pays for itself. What we spend with Twingate is money well spent.\u201D\"}),/*#__PURE__*/e(\"h2\",{children:\"Twingate enhances Criteria\u2019s compliance programs\"}),/*#__PURE__*/e(\"p\",{children:\"Calle soon discovered that Twingate\u2019s benefits extend beyond access management and productivity. \u201CThe biggest pain point in the company right now is compliance. We need ways to show our security to customers, and Twingate enables that.\u201D\"}),/*#__PURE__*/e(\"p\",{children:\"Criteria customers collect personally identifiable information from prospective, current, and former employees. Controlling who has access to that data and where is among the most critical factors in compliance with data privacy regulations in California, Europe, and Australia\\xa0 no.\\xa0\"}),/*#__PURE__*/e(\"p\",{children:\"Even that isn\u2019t enough. Although Criteria maintains ISO 27001 certification, the strict compliance standards in industries like finance and defense make it impossible for the company to land new business without documenting its security controls.\\xa0\"}),/*#__PURE__*/e(\"p\",{children:\"\u201COur salespeople come to us because they cannot close deals without these requests in place,\u201D Calle said. \u201CThe problem is, there\u2019s no standardization around how companies ask for this information. We\u2019re constantly inundated with security questionnaires. It\u2019s turned into a full-time role.\u201D\"}),/*#__PURE__*/e(\"p\",{children:\"Calle sees our Ephemeral Access feature as a promising way to manage Criteria\u2019s third-party relationships by granting contractors limited-duration access to specific resources. Other ways Twingate streamlines security compliance include:\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Controlling access to resources rather than networks to eliminate public-facing VPN gateways and hide resources from the public internet.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Protecting each resource with granular, least-privileged access rules that combine user roles, device posture checks, time-limited access, and other policies.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Audit logs of user and network activity to help meet compliance obligations\\xa0\"})})]}),/*#__PURE__*/e(\"p\",{children:\"\u201CThe easier any application is to use and document compliance, that\u2019s a big win,\u201D Calle said. \u201CTwingate makes audits much easier. We can find out who\u2019s in there, for how long, and then manage the entire thing with SSO groups from Azure.\u201D\"}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(i,{href:\"https://www.twingate.com/demo\",openInNewTab:!1,smoothScroll:!1,children:/*#__PURE__*/e(\"a\",{children:\"Request a demo\"})}),\" to learn more about Twingate\u2019s compliance benefits and how to protect resources with our streamlined Zero Trust Network Access solution. Try it yourself with our \",/*#__PURE__*/e(i,{href:\"https://www.twingate.com/pricing\",openInNewTab:!1,smoothScroll:!1,children:/*#__PURE__*/e(\"a\",{children:\"free Starter tier\"})}),\" for individuals and small teams.\"]})]});export const richText3=/*#__PURE__*/t(n.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"Implementing network access controls at a remote-first startup\"}),/*#__PURE__*/e(\"p\",{children:\"Kapiche is a feedback analytics platform that helps CX decision-makers better understand their customers at scale, delivering the confidence and insights to power better business decisions. Headquartered in Brisbane, Australia, Kapiche is a remote-first startup, so its two dozen employees need secure, remote access from anywhere in the world.\"}),/*#__PURE__*/e(\"p\",{children:\"Cam Parry held various DevOps and security positions in the Australian financial and cloud services industries before joining Kapiche in 2021 at a critical moment in the startup\u2019s journey. Within a month, the company would face its first SOC-2 audit. The responsibility for getting many of the technical controls in place fell on Parry\u2019s shoulders. \u201CThough my official title is Staff SRE, I look after the platform and security day to day,\u201D Parry said. \u201COur audit was starting in March, and we needed a VPN or Zero Trust network access solution.\u201D\"}),/*#__PURE__*/e(\"h2\",{children:\"Twingate\u2019s magic just worked\"}),/*#__PURE__*/e(\"p\",{children:\"Twingate combines enterprise-grade secure access services with consumer-grade usability to create Zero Trust security solutions that scale from the smallest startup to global enterprises. Unlike the hub-and-spoke architecture imposed by VPN gateways, Twingate\u2019s software-based ZTNA solution creates direct, encrypted peer-to-peer connections between user devices and protected resources.\"}),/*#__PURE__*/e(\"p\",{children:\"Parry considered multiple enterprise solutions like Tailscale and Google Identity-Aware Proxy, but they either lacked a suitable feature set or imposed other constraints. He also considered open source, \u201Cbut things like Nebula were too low-level, and we didn\u2019t want to run our own.\u201D\"}),/*#__PURE__*/e(\"p\",{children:\"Twingate\u2019s free Starter tier lets individuals and small teams deploy a secure remote access solution in just minutes. Parry took advantage of this no-commitment option to see how Twingate would work with Kapiche\u2019s architecture. While building out the proof of concept, Parry set the Twingate system a tough challenge: deploying to the unique Linux build Kapiche\u2019s Chief Product Officer uses.\\xa0\"}),/*#__PURE__*/e(\"p\",{children:\"\u201CIt just worked for him. I was waiting for the ball to drop, it was almost too easy. Twingate just worked like magic.\u201D\"}),/*#__PURE__*/e(\"h2\",{children:\"Fast deployment and time savings drive returns\"}),/*#__PURE__*/e(\"p\",{children:\"Kapiche saw further returns on its Twingate investment thanks to the lower administrative overhead relative to legacy VPN technology. Deployment times were faster and help desk tickets dropped dramatically. This level of savings is particularly important at a fast-moving twenty-person startup like Kapiche, where everybody\u2019s time is overbooked.\"}),/*#__PURE__*/e(\"p\",{children:\"\u201CWhat is better peace of mind and better sleep worth to you?\u201D Parry asked. \u201CIt\u2019s like months of savings over about three years. A bigger thing for the founders is the opportunity cost. They get my time back. If there\u2019s something that saves my time, they\u2019ll usually go for it.\u201D\"}),/*#__PURE__*/e(\"p\",{children:\"Twingate\u2019s focus on the customer journey improves the user experience for administrators and users alike. A unified interface and consumer-like deployment processes let organizations implement Twingate quickly. From a single pane of glass, administrators can manage access to protected resources by remote and in-office users alike.\\xa0\"}),/*#__PURE__*/e(\"p\",{children:\"\u201CWhen I was doing the proof of concept,\u201D Parry explained, \u201CI probably took half an hour to set it up. Across all other environments, it took a couple of days. Other solutions would have taken weeks going on months\u2026. Being able to just try Twingate on our dev environments and validate the use case was one of the things that got us over the line.\u201D\"}),/*#__PURE__*/e(\"h2\",{children:\"Kapiche leverages Twingate security enhancements\"}),/*#__PURE__*/e(\"p\",{children:\"Twingate is more than a VPN replacement, offering a frictionless path towards implementing a Zero Trust security model. Over the three years since Kapiche deployed Twingate, the company has leveraged Twingate\u2019s ongoing investments in internet security and analytics capabilities.\"}),/*#__PURE__*/e(\"p\",{children:\"\u201CYou think of VPN as this highly restrictive environment that can\u2019t be used for everything,\u201D Parry said. \u201CI want to get Twingate where it\u2019s used for everything in our organization.\u201D\"}),/*#__PURE__*/t(\"p\",{children:[\"Kapiche quickly adopted \",/*#__PURE__*/e(i,{href:\"https://www.twingate.com/blog/internet-security-announcement\",openInNewTab:!1,smoothScroll:!1,children:/*#__PURE__*/e(\"a\",{children:\"Twingate Internet Security\"})}),\" after its release last year. Combining DNS encryption with DNS and content filtering, this new capability continuously protects users against threats on the public internet. Rich DNS log data generates analytics to help organizations reduce risks and protect end users.\\xa0\"]}),/*#__PURE__*/t(\"p\",{children:[\"\u201C\",/*#__PURE__*/e(i,{href:\"https://www.twingate.com/product/internet-security\",openInNewTab:!1,smoothScroll:!1,children:/*#__PURE__*/e(\"a\",{children:\"Twingate Internet Security\"})}),\" was exactly the kind of feature that you\u2019re surprised gets built, but you think, \u2018That\u2019s definitely what I want.\u2019\u201D\\xa0\"]}),/*#__PURE__*/e(\"p\",{children:\"Twingate\u2019s analytics capabilities gave Parry better visibility into how Kapiche employees used resources, including engineers whose Linux builds didn\u2019t align with the company\u2019s new access control policies.\"}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(i,{href:\"https://www.twingate.com/blog/ephemeral-access-launch\",openInNewTab:!1,smoothScroll:!1,children:/*#__PURE__*/e(\"a\",{children:\"Ephemeral Access\"})}),\" is another recent release that Parry plans to adopt. Twingate customers can specify expiration times for resource access. By default, Ephemeral Access offers a choice of thirty, sixty, or ninety-day windows, but administrators can set the timer to go off much sooner or later.\"]}),/*#__PURE__*/e(\"p\",{children:\"\u201CThe expiring policies move things towards the least privilege model,\u201D Parry said. \u201CWith those kinds of features, I can go off and do something else because I know Twingate\u2019s going to help me trust the ecosystem.\u201D\"}),/*#__PURE__*/t(\"p\",{children:[\"Learn more about how Twingate\u2019s secure access solution can enhance your security ecosystem, or try it yourself by joining our \",/*#__PURE__*/e(i,{href:\"https://www.twingate.com/pricing\",openInNewTab:!1,smoothScroll:!1,children:/*#__PURE__*/e(\"a\",{children:\"free Starter tier\"})}),\" for individuals and small teams.\"]})]});export const richText4=/*#__PURE__*/t(n.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"Security\u2019s role at ConsumerAffairs\"}),/*#__PURE__*/e(\"p\",{children:\"ConsumerAffairs offers a \u201Cmarketplace for life\u2019s hardest purchases\u201D where consumers can find news, curated reviews, and guides for making major buying decisions across a wide range of industries including automotive, home, finance, and more. The company is headquartered in Tulsa, Oklahoma and has offices in Texas, North Carolina and Argentina, plus remote employees across the United States and around the world.\"}),/*#__PURE__*/e(\"p\",{children:\"Diana\u2019s \u201Csmall but strong\u201D security team\u2019s primary responsibility is protecting ConsumerAffairs\u2019 sensitive data. At the same time, the team has to support users\u2019 needs.\"}),/*#__PURE__*/e(\"p\",{children:\"\u201CSecurity is a lot about compromise,\u201D Diana said. \u201CWhen I think about security, I don\u2019t want to be the roadblock. I want to make sure everybody is working towards the same goal. You have to understand what the teams are trying to accomplish. If it is a security risk, you find the pros and cons and then let the requester understand. Are you willing to take that risk?\u201D\"}),/*#__PURE__*/e(\"h2\",{children:\"Remote access challenges\"}),/*#__PURE__*/e(\"p\",{children:\"Remote access frustrated everyone from the security team to TechOps and end users. ConsumerAffairs\u2019 infrastructure consisted of eight environments, each with an OpenVPN gateway and Two-Factor Authentication. This cumbersome structure controlled user access to sensitive data, but at a significant cost.\"}),/*#__PURE__*/e(\"p\",{children:\"The burden fell on users to know which VPN account and 2FA to use at any given time. Engineers needing access to every environment juggled eight different accounts. The administrative side was just as tedious. TechOps used manual processes to create accounts, provide support, and off-board departing employees.\"}),/*#__PURE__*/e(\"p\",{children:\"\u201CWe were having a lot of pain points in terms of our VPN solution at that time,\u201D Diana explained. \u201CI would have to say that it was the right place, right time to come across Twingate.\u201D\"}),/*#__PURE__*/e(\"h2\",{children:\"Twingate\u2019s easy remote access solution\"}),/*#__PURE__*/e(\"p\",{children:\"VPN technologies grant authenticated users full access to whatever network and resources lie behind their perimeter. While this provides some protection, it also leaves organizations vulnerable: if a malicious actor breaches that perimeter, they can move laterally across the network to access an organization\u2019s most sensitive resources.\"}),/*#__PURE__*/e(\"p\",{children:\"By contrast, Twingate establishes direct, peer-to-peer connections between user devices and protected resources. This significantly limits the potential blast radius of a compromised credential.\"}),/*#__PURE__*/e(\"p\",{children:\"The lightweight Twingate Client application handles all authentication and authorization, pushing access decisions to the edge. A central Admin Console manages user accounts, protected resources, and security policies.\"}),/*#__PURE__*/e(\"p\",{children:\"\u201CThe user maintenance of what we were using was just so high,\u201D Diana said. \u201CTwingate sounded like a great tool to help us maintain the product. Twingate was so easy. You set up the Connector, you create the users, assign the various Connectors, and then you\u2019re good to go.\u201D\"}),/*#__PURE__*/e(\"p\",{children:\"ConsumerAffairs went from having to touch multiple OpenVPN systems for any change request to having everything at their fingertips in Twingate. For example, deprovisioning a user went from a tedious eight-system process to simply deactivating the user\u2019s Twingate account. TechOps saw their VPN-related workload fall from two to three tickets a month to \u201Cpractically zero.\u201D\"}),/*#__PURE__*/e(\"p\",{children:\"It wasn\u2019t just TechOps that noticed the change. Diana recalled that \u201Cthe user community was like, \u2018Can we switch over right now?\u2019 Users were so thrilled they did not have to look up what VPN credentials and two-factor auth they needed to log in. That all went away.\u201D\"}),/*#__PURE__*/e(\"h2\",{children:\"Going beyond remote access\"}),/*#__PURE__*/e(\"p\",{children:\"Twingate is a solution for the challenges of VPN-based remote access, but more than that, it provides a framework for adopting a Zero Trust security model. By focusing on security and usability, Twingate gives the fastest-growing companies enterprise-grade security with consumer-grade user experiences.\"}),/*#__PURE__*/e(\"p\",{children:\"\u201CTwingate\u2019s got these extra security features and functionality that I think are valuable to protect the information within our infrastructure. I could definitely go into my finance team and say, no, this is key. We need to have this in place.\u201D\"}),/*#__PURE__*/e(\"h2\",{children:\"Role-based access controls\"}),/*#__PURE__*/e(\"p\",{children:\"The principle of least privilege is a core tenant of Zero Trust. People should only have access to the protected resources they need for their work. Overprovisioning significantly increases organization-wide risk and magnifies the impact of compromised credentials, giving hackers more opportunities to traverse a network.\"}),/*#__PURE__*/e(\"p\",{children:\"\u201CWe do have a few folks that don\u2019t need to be able to access an entire network. They just need to access one system, right? So it\u2019s nice to be able to create connections that way. Role-based access control is pretty important to us, and I think Twingate does it really well.\u201D\"}),/*#__PURE__*/e(\"p\",{children:\"Twingate lets administrators define user groups, the resources that group may access, and the security policies that govern connections to those resources. Administrators can set resource and minimum authentication policies to create granular role-based access rules.\"}),/*#__PURE__*/e(\"h2\",{children:\"Endpoint security\"}),/*#__PURE__*/e(\"p\",{children:\"Whenever a user tries connecting to a protected resource, the context of their connection requests is just as important as their identity. As remote work and BYOD policies become more common, implementing device-based access controls is critical to maintaining a robust security posture.\"}),/*#__PURE__*/e(\"p\",{children:\"\u201CBring your own device is a big pain point,\u201D said Diana. \u201CHow do I secure a system that is not mine? I can\u2019t just put an MDM on it. Twingate has features and functions that do the security device posture checks before it will let you make the connection.\u201D\"}),/*#__PURE__*/e(\"p\",{children:\"Twingate\u2019s Client app automatically evaluates the status of device security features like hard drive encryption and firewalls. In addition, administrators can create Trusted Profiles that leverage MDM and EDR tools CrowdStrike, Jamf, and Kandji to assess additional device posture requirements. The Twingate Client will block connection attempts to resources if the device does not comply with resource or group security policies.\"})]});export const richText5=/*#__PURE__*/t(n.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"Challenge\"}),/*#__PURE__*/e(\"p\",{children:\"Hi-Rez Ventures (formerly Hi-Rez Studios) is an industry-leading video game developer at the forefront of the free-to-play, games-as-a-service model. Hi-Rez\u2019s games have been played by a global community of more than 70 million gamers on PC, mobile, and console devices.\\xa0\"}),/*#__PURE__*/e(\"p\",{children:\"Originally centered around their Atlanta, GA headquarters, Hi-Rez\u2019s approximately 500-strong workforce is now distributed throughout the United States with teams from coast-to-coast. Bob Bousquet, CIO at Hi-Rez, and his team are responsible for supporting not only their own employees, but also contractors, partners and collaborators throughout the world.\"}),/*#__PURE__*/e(\"p\",{children:\"As Hi-Rez\u2019s workforce became increasingly distributed and the pandemic saw the company transition into a hybrid model of in-person and remote work, the need for remote access tools that could adapt to this change suddenly took on a new importance.\"}),/*#__PURE__*/e(\"p\",{children:\"Hi-Rez\u2019s team operates in a bandwidth-intensive environment. Like many gaming studios, Hi-Rez uses a software called Perforce to host anything from source code to large 3D artwork files and binaries. Users sync their devices with Perforce on a daily basis, and this can often entail large data transfers. According to Bousquet, \u201CSpeed is a big factor with our users.\u201D About three-quarters of Hi-Rez\u2019s VPN users are heavy users of the bandwidth-intensive Perforce, while others use the VPN for SSH and RDP to remotely access servers in development and production environments.\"}),/*#__PURE__*/e(\"p\",{children:\"As their team scaled and moved remote, the Hi-Rez team quickly ran into product limitations and poor performance with their VPN from a commercial firewall provider. In short: their VPN couldn\u2019t keep up with the pace of work. Because a significant portion of the Hi-Rez\u2019s team relied on the VPN to get work done, any slow down meant hours of lost productivity each week per person.\\xa0\"}),/*#__PURE__*/e(\"p\",{children:\"Bousquet and his team knew their current VPN wouldn\u2019t cut it, and started to look for a better solution.\"}),/*#__PURE__*/e(\"h2\",{children:\"Solution\"}),/*#__PURE__*/e(\"p\",{children:\"After reviewing legacy VPN products like OpenVPN, Hi-Rez determined that traditional approaches to network architecture wouldn\u2019t solve their performance and speed issues. They started looking beyond VPN solutions and began to seriously research Zero Trust Network Access (ZTNA) products.\"}),/*#__PURE__*/t(\"p\",{children:[\"While performance was important to Hi-Rez, it couldn\u2019t come at the expense of security. Any new solution they implemented needed to be not just faster, but also more secure than their existing solution. Hi-Rez recognized that one \",/*#__PURE__*/e(i,{href:\"https://www.twingate.com/blog/ztna/\",openInNewTab:!1,smoothScroll:!1,children:/*#__PURE__*/e(\"a\",{children:\"key benefit of ZTNA\"})}),\" is that it improves an organization's security posture. A true ZTNA solution needed to prevent lateral traffic across their network and limit their attack surface, while keeping pace with the speed of the Hi-Rez team.\"]}),/*#__PURE__*/e(\"p\",{children:\"In addition to both performance and security improvements, ease of use and deployment speed were important considerations for the Hi-Rez team.\"}),/*#__PURE__*/e(\"p\",{children:\"After reviewing a number of both legacy VPN and ZTNA solutions, the team at Hi-Rez decided to go with Twingate.\"}),/*#__PURE__*/e(\"h2\",{children:\"Results\"}),/*#__PURE__*/t(\"p\",{children:[\"Twingate\u2019s \",/*#__PURE__*/e(i,{href:\"https://www.twingate.com/resources/architecture-diagram\",openInNewTab:!1,smoothScroll:!1,children:/*#__PURE__*/e(\"a\",{children:\"unique architecture\"})}),\" enabled the team at Hi-Rez to trim unnecessary access by over 73% compared to a monolithic VPN. This means significantly reduced risk for the org thanks to right-sized access and a significantly smaller attack surface for malicious actors to target.\"]}),/*#__PURE__*/e(\"p\",{children:\"Beyond security benefits, Twingate\u2019s unique approach to network security delivered a significantly more performant remote access solution for the team at Hi-Rez. Combine this with Twingate\u2019s best-in-class user experience, and end users were suddenly spending significantly less time waiting for data to be transferred, which in turn translated into better productivity for end users, and better productivity for administrators who historically had to field user complaints. \u201CTwingate had faster speeds than any other solution we evaluated,\u201D said Bousquet. \u201CThey make Zero Trust easy and our users love the experience.\u201D\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"Performance & User Experience\"})}),/*#__PURE__*/e(\"p\",{children:\"Performance is one area where Twingate \u201Creally shined compared to other products we evaluated,\u201D said Sean Everett, Senior Network Engineer. Hi-Rez\u2019s VPN had a bandwidth limitation that capped out transfers at 300Mbps, and Twingate eliminated that bottleneck. In benchmarking tests conducted by Hi-Rez, Twingate outperformed all other solutions they evaluated.\"}),/*#__PURE__*/e(\"p\",{children:\"While Perforce was the most prominent use case, a significant fraction of Hi-Rez\u2019s users also used RDP to access machines in development and production environments. The nature of RDP means that the lower latency enabled by Twingate helps to ensure that user interactions with remote desktops are snappy and responsive.\"}),/*#__PURE__*/e(\"p\",{children:\"\u201CWe had the goal of providing a better remote access experience to our users, and it turned out that Twingate really fit that bill,\u201D said Bousquet.\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"Deployment & Admin Experience\"})}),/*#__PURE__*/e(\"p\",{children:\"Twingate is focused not only on ensuring that the end user experience is seamless, but that the experience of the administrators who do the work of deploying and maintaining Twingate each day is second-to-none.\"}),/*#__PURE__*/t(\"p\",{children:[\"Twingate\u2019s simple deployment process led to a quick, phased rollout, especially when compared to the other ZTNA solutions Hi-Rez tested. Bousquet praised Twingate\u2019s clean UI and remarked that \u201Cit was very simple to put \",/*#__PURE__*/e(i,{href:\"https://www.twingate.com/docs/connectors\",openInNewTab:!1,smoothScroll:!1,children:/*#__PURE__*/e(\"a\",{children:\"Connectors\"})}),\" where we wanted them in our network, and to put users into groups and assign them the appropriate permissions and \",/*#__PURE__*/e(i,{href:\"https://www.twingate.com/docs/security-policies\",openInNewTab:!1,smoothScroll:!1,children:/*#__PURE__*/e(\"a\",{children:\"security policies\"})}),\".\u201D\"]}),/*#__PURE__*/e(\"p\",{children:\"From a security perspective, Hi-Rez appreciated how adopting Twingate allowed them to provision access permissions from a starting point of \u201Cdeny all\u201D and then to open up access for people on an as-needed basis. This was in contrast to the VPN approach of starting with everything open and then locking down access to resources that people didn\u2019t need \u2013 an imposing task which can leave unwanted security holes and additional risk.\"}),/*#__PURE__*/e(\"p\",{children:\"The Hi-Rez team was also impressed with Twingate support both during and post-deployment. \u201CThe Twingate team has been very responsive to our needs and helping us to resolve any support issues that arose,\u201D said Everett.\"})]});export const richText6=/*#__PURE__*/t(n.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"Challenge\"}),/*#__PURE__*/e(\"p\",{children:\"As a managed services provider, Delaware-based TechSolutions is the backbone of a wide range of companies\u2019 cybersecurity strategy and management. That also means they\u2019re on the line for those companies\u2019 unique needs and risks.\\xa0\"}),/*#__PURE__*/e(\"p\",{children:\"\u201CWe\u2019ve been providing remote access solutions for over 20 years,\u201D said Chris Scerbo, Systems Engineer at TechSolutions. \u201CWe\u2019ve seen a lot of different iterations of what remote access looks like, and we came to the decision that hardware VPNs just aren\u2019t secure enough anymore.\u201D\"}),/*#__PURE__*/e(\"p\",{children:\"One of the key security concerns for Scerbo and his team was the exposure risk of having open ports on a customer\u2019s network. Traditional VPNs and even certain ZTNA solutions often required open ports, and though TechSolutions found workarounds to secure them, it was often manual, time-intensive, and a general headache.\"}),/*#__PURE__*/e(\"p\",{children:\"\u201CIf you\u2019ve got an expensive VPN system, you don\u2019t want to see those open ports, we just don\u2019t consider that secure,\u201D said Scerbo. \u201CYou definitely don\u2019t want to see a provider on a breach list. But that\u2019s what we saw on the market.\u201D\\xa0\\xa0\"}),/*#__PURE__*/e(\"p\",{children:\"TechSolutions was also dissatisfied with the general usability of traditional VPNs. \u201CHardware VPN solutions are cumbersome,\u201D said Scerbo. \u201CThe client applications are a problem for people to use.\u201D\\xa0\"}),/*#__PURE__*/e(\"p\",{children:\"Usability is critical for the solutions provided by MSPs, in particular, because they handle support in addition to general management and maintenance. Connectivity issues, speed complaints, confusions around authentication - all of those ended up as tickets in TechSolutions\u2019 inbox.\\xa0\"}),/*#__PURE__*/e(\"p\",{children:\"Between the security and usability concerns, the team at TechSolutions decided it was time to move away from a traditional VPN solution for remote access.\"}),/*#__PURE__*/e(\"h2\",{children:\"Solution\"}),/*#__PURE__*/e(\"p\",{children:\"The team began to evaluate a number of different solutions to replace their VPN.\\xa0\"}),/*#__PURE__*/e(\"p\",{children:\"After several months of working with one vendor to establish a deployment map, the TechSolutions team finally got to dig into the details. When it was finally time to start diving into the technical specs, the team found the very thing they were looking to eliminate: open inbound ports.\"}),/*#__PURE__*/e(\"p\",{children:\"Understandably frustrated, the TechSolutions team went back to researching solutions that same day. \u201CAt that point, my colleague and I started furiously Googling,\u201D said Scerbo. That\u2019s when they found Twingate.\"}),/*#__PURE__*/e(\"p\",{children:\"Twingate\u2019s robust documentation was a breath of fresh air for the TechSolutions team. \u201CAs an MSP, we get an onslaught of salespeople,\u201D said Scerbo. \u201CTo get to dig into the technical stuff right away, it means a lot.\u201D\"}),/*#__PURE__*/e(\"p\",{children:'After a disappointing start to the day, Scerbo and team quickly turned things around. That same day, they found Twingate, reviewed documentation, and deployed a test. \u201CI could see exactly what Twingate was because all of your documentation is right there on your website,\u201D said Scerbo. \"I could see how the system worked, a network map, what deployment looked like. Within about an hour and a half of finding Twingate I had a test deployed and was trialing Twingate for remote access.\u201D'}),/*#__PURE__*/e(\"p\",{children:\"After a successful initial test, TechSolutions deployed Twingate for their own internal network and began to offer it as a ZTNA solution to their customers.\"}),/*#__PURE__*/e(\"h2\",{children:\"Results\"}),/*#__PURE__*/e(\"h3\",{children:\"Strengthened security posture\"}),/*#__PURE__*/e(\"p\",{children:\"Once Twingate was deployed on their own network, the TechSolutions team finally achieved what they\u2019d set out to do: eliminate outward facing ports.\"}),/*#__PURE__*/e(\"p\",{children:\"Unlike traditional VPNs, with Twingate there is no concept of a public gateway and no requirement to have inbound ports open. In eliminating open ports, the TechSolutions team reduced their own cyberattack surface \u2013 critical for the protection of their customers\u2019 data \u2013 and were able to extend those benefits onto their customers who also select Twingate for remote access.\"}),/*#__PURE__*/e(\"p\",{children:\"Twingate\u2019s direct peer-to-peer connections eliminate the ability for malicious actors to travel laterally across a compromised network, further protecting TechSolutions and their customers. Easy-to-configure granular access controls provide additional layers of security, with TechSolutions able to customize boundaries around the applications and resources their customers\u2019 employees can access.\"}),/*#__PURE__*/e(\"h3\",{children:\"Improved customer experience\"}),/*#__PURE__*/e(\"p\",{children:\"Before Twingate, TechSolutions fielded constant customer complaints ranging from connection drops, to speed issues, to general confusion around the VPN client application.\"}),/*#__PURE__*/e(\"p\",{children:\"\u201CWe used to have tickets for customers calling in not understanding how to type in credentials, not understanding where the icon for the VPN is, lots of general confusion around traditional VPNs because the interfaces are very technical,\u201D said Scerbo. \u201CWe deal with so many fewer issues with Twingate than we did with other systems.\u201D\"}),/*#__PURE__*/t(\"p\",{children:[\"Scerbo and team were also able to leverage Twingate\u2019s out-of-the-box \",/*#__PURE__*/e(i,{href:\"https://www.twingate.com/integrations\",openInNewTab:!1,smoothScroll:!1,children:/*#__PURE__*/e(\"a\",{children:\"integration\"})}),\" with Microsoft Azure Active Directory, which eliminated confusion and streamlined the authentication experience for end users.\"]}),/*#__PURE__*/e(\"p\",{children:\"\u201CBecause of Twingate\u2019s integration with Azure AD, our clients were able to log into Twingate using a workflow they already knew,\u201D said Scerbo. \u201CHaving that convenience for our clients, where they don\u2019t have to go through the headache of traditional VPNs, that was huge.\u201D\"}),/*#__PURE__*/e(\"h3\",{children:\"Centralized network management\"}),/*#__PURE__*/e(\"p\",{children:\"At the time of TechSolutions\u2019 initial deployment, Twingate did not offer a centralized view for MSP admins to manage multiple customer networks. This was not a deal breaker for the TechSolutions team, partly because they believed the core offering was strong enough, and partly because they were actively interested in building a partnership with Twingate to help shape future products.\"}),/*#__PURE__*/t(\"p\",{children:[\"That partnership came to fruition with the launch of the \",/*#__PURE__*/e(i,{href:\"https://www.twingate.com/msp\",openInNewTab:!0,smoothScroll:!1,children:/*#__PURE__*/e(\"a\",{children:\"Twingate MSP Portal\"})}),\", a specialized multi-tenant console for MSPs to manage and monitor all of their customers\u2019 networks and protected resources.\\xa0\"]}),/*#__PURE__*/t(\"p\",{children:[\"From the \",/*#__PURE__*/e(i,{href:\"https://www.twingate.com/msp\",openInNewTab:!0,smoothScroll:!1,children:/*#__PURE__*/e(\"a\",{children:\"Twingate MSP Portal\"})}),\", TechSolutions can easily add customer tenants, update license counts, deploy proof of concept environments, and manage all of their customers from a central console. Twingate\u2019s preferred partner pricing and flexible billing make it easy for them to drive higher margins and keep their tools aligned with the way they do business.\"]}),/*#__PURE__*/e(\"p\",{children:\"Feedback from MSPs like TechSolutions was critical in shaping the product and ensuring the Twingate MSP Portal meets the unique needs of MSPs. They\u2019re excited to continue strengthening their partnership with Twingate and shaping the future of ZTNA for MSPs.\"})]});export const richText7=/*#__PURE__*/t(n.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"Challenge\"}),/*#__PURE__*/e(\"p\",{children:\"With core team members all over the globe, Klever Exchange has a truly modern workforce that\u2019s 100% remote and cloud-native. This created unique challenges around providing employees with a stable, reliable option to access the resources necessary to do their jobs. Because Klever is also entirely BYOD, they needed to be able to secure these resources whether a developer was connecting to the cloud from their home or a new location.\\xa0\"}),/*#__PURE__*/e(\"p\",{children:\"However, improving the developer experience was only part of the puzzle. Because Klever is a cloud-based cryptocurrency trading platform, they also had to consider the security of the blockchain itself and any risks it could pose to Klever when enhancing its security stack. \u201CThere\u2019s security, and then there\u2019s security in the blockchain industry,\u201D said Vinicius Lima de Oliveira, Cyber Security Consultant at Klever. \u201CSecurity here is above everything.\u201D\\xa0\"}),/*#__PURE__*/e(\"p\",{children:\"The team at Klever knew that legacy approaches to network security would not provide the performance and security they needed. \u201CVPNs were created for on-premise infrastructure,\u201D said Lima de Oliviera. \u201CMost of the solutions in the market nowadays are on-premise-based solutions.\u201D Instead, they decided to move to a Zero Trust security model.\"}),/*#__PURE__*/e(\"h2\",{children:\"Solution\"}),/*#__PURE__*/e(\"p\",{children:\"For Klever, the appeal of a Zero Trust model was that the strictest security standards are applied to all company layers rather than just a perimeter, and granular access controls limit employees to just the resources needed to do their jobs. \u201CThe Zero Trust model is something that everyone should follow,\u201D said Lima de Oliviera.\"}),/*#__PURE__*/e(\"p\",{children:\"The solution they chose also needed to be performant. It was critical that Klever\u2019s new remote access product would not hinder the work of their globally distributed DevOps and Ops teams. The ideal solution would be extremely secure, easy to deploy, and performant for end users, allowing developers the freedom to do their work more securely without being bogged down by latency, slow speeds, or connection issues.\"}),/*#__PURE__*/e(\"p\",{children:\"Klever evaluated a variety of Zero Trust and SASE solutions, but they found a mix of things that didn\u2019t quite work for them:\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Expensive solutions with overly complex functionality\\xa0\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Hidden costs in the management console of the solution\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Heavy configuration and administrative overhead\"})})]}),/*#__PURE__*/e(\"h2\",{children:\"Results\"}),/*#__PURE__*/e(\"p\",{children:\"After evaluating a number of solutions, the team at Klever decided on Twingate\u2019s Zero Trust Network Access solution. Twingate\u2019s unique approach to network architecture establishes direct peer-to-peer connections to protected resources, with each request verified before it ever leaves the device.\\xa0\"}),/*#__PURE__*/e(\"p\",{children:\"These peer-to-peer connections make remote access lightning fast for end users, keeping pace with the speed of Klever\u2019s developers without sacrificing security. In fact, unlike perimeter-based network security models, Twingate prevents lateral network traffic and reduces Klever\u2019s cyberattack surface by sitting behind their firewall, no exposed or open ports needed.\"}),/*#__PURE__*/e(\"p\",{children:\"With Twingate\u2019s fine-grained access policies based on user, location, and device, the team at Klever was easily able to implement least privilege access while improving productivity for admins. Before Twingate, it took five-to-six manual steps to provision or deprovision access for each individual user. Because of Twingate\u2019s out-of-the-box integrations with all major identity providers, the Klever team was able to reduce time spent provisioning users by over 90 percent.\"}),/*#__PURE__*/e(\"p\",{children:\"Lima de Oliviera and the team at Klever also found more than just a performant product with Twingate. \u201CSome people say, \u2018You bought the product, we made our profit, you\u2019re on your own now.\u2019\u201D said Lima de Oliviera. \u201CAnd Twingate does exactly the opposite.\u201D Fast support, open and direct channels for communication, and extensive opportunities for his team to provide feedback made Klever\u2019s post-sale experience with Twingate stand out. \u201CYou guys are always engaged,\u201D said Lima de Oliviera. \u201CThis is what makes a partnership last.\u201D\"})]});export const richText8=/*#__PURE__*/t(n.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"Challenge\"}),/*#__PURE__*/e(\"p\",{children:\"The Modern Health team is complex, with a fully remote global workforce of over 400 employees that ranges from DevOps and IT to certified coaches and mental health professionals. As a leader in the healthcare space, the team at Modern Health wanted to put security into their design process, ensuring their employees are able to access critical resources, including sensitive personal data, without the hurdles and additional risk posed by traditional VPNs.\"}),/*#__PURE__*/t(\"p\",{children:[\"The team was especially concerned about the east-west traffic made accessible through the flat network structure typically required by VPNs. \u201CWhen someone\u2019s foot is in the door with a VPN, they can kind of go everywhere within the network,\u201D said Nate Norton, the Senior Staff Security Engineer. \u201CWe were facing the challenge of being able to scale up the number of systems that we were managing while also making safe connections for our internal users to those systems.\u201D\",/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),\"Managing secure access for their remote workforce was a growing challenge. The team had to spend hours manually provisioning and removing access for users, a process that was time consuming and had the potential to expose them to unwanted risk. \u201CIt was always an incredibly lengthy process that had a lot of risk associated,\u201D said Norton. \u201CWe had to provision accounts in a specific way, and the systems that we were using did not really offer more secure methods allowing people to get access.\u201D\"]}),/*#__PURE__*/e(\"h2\",{children:\"Solution\"}),/*#__PURE__*/t(\"p\",{children:[\"As the company continued to grow, the team at Modern Health identified the need to replace their VPN in order to meet their strident security standards, keep pace with their scaling workforce and tech stack, and reduce the strain on the IT and security teams.\",/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),\"Understanding that the best security framework is one focused on risk mitigation, Norton placed a \u201Chuge focus on defense-in-depth. We have to assume one layer will fail, so how can we reduce the blast radius?\u201D\\xa0\"]}),/*#__PURE__*/t(\"p\",{children:[\"The Modern Health team was looking to apply the principle of least privilege to their network and resources. \u201CEspecially since we work with highly regulated data and systems that are incredibly sensitive, we didn\u2019t want anybody with access to the network to even be able to get a network connection to some of those network resources,\u201D said Norton.\",/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),\"After evaluating a number of vendors, Norton and the Modern Health team decided to replace their traditional VPN with Twingate\u2019s Zero Trust remote access solution.\\xa0\"]}),/*#__PURE__*/e(\"h2\",{children:\"Results\"}),/*#__PURE__*/e(\"h3\",{children:\"Reduced cyberattack surface\"}),/*#__PURE__*/t(\"p\",{children:[\"Unlike a traditional VPN solution, with Twingate there is no concept of a public gateway and no requirement to have inbound ports open, enabling the Modern Health team to reduce their cyberattack surface.\",/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),\"Since deploying Twingate, Nate and the infrastructure team have further improved security by setting tighter boundaries around the services and resources employees need to access. \u201CWith Twingate we\u2019re able to apply the principle of least privilege right out the gate,\u201D said Norton. \u201CUsers are only able to get access to the things they\u2019re supposed to, and they don\u2019t get access to anything unless we specifically approve it.\u201D\",/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{className:\"trailing-break\"})]}),/*#__PURE__*/e(\"h3\",{children:\"Seamless integrations, lightning fast IaC deployment\"}),/*#__PURE__*/e(\"p\",{children:\"\u201COne of the things that stood out was the integration with our identity provider Okta,\u201D said Norton. \u201CWe were able to provision resources quickly using the infrastructure-as-code modules via Terraform.\u201D\"}),/*#__PURE__*/e(\"p\",{children:\"Modern Health\u2019s wide range of employee roles meant that ease of use was critical. Because of Twingate\u2019s user-friendly, lightweight end client, Modern Health was able to quickly roll out Twingate to end users.\"}),/*#__PURE__*/e(\"p\",{children:\"\u201C\u200B\u200BWe wanted to get all of our users on board as quickly as possible,\u201D said Norton. \u201CWe were able to motivate people to self-service.\u201D Users were \u201Cexcited to use Twingate\u201D because it meant they could eliminate the clunky, unstable login system provided by their previous solution.\"}),/*#__PURE__*/e(\"p\",{children:\"The Modern Health team had never seen this sort of engagement with end users for a security platform. \u201CThe reason for that is because there\u2019s very few of these security tools that integrate so well with our identity provider,\u201D Norton said.\"}),/*#__PURE__*/e(\"h3\",{children:\"Increased IT productivity\"}),/*#__PURE__*/e(\"p\",{children:\"Between the ease of use, speed of deployment, and seamless integrations, the IT team saw productivity gains across the board.\"}),/*#__PURE__*/e(\"p\",{children:\"Since users were able to leverage existing Okta login workflows, Norton and his team didn\u2019t have to dedicate additional IT resources to training end users on a new process.\\xa0\"}),/*#__PURE__*/e(\"p\",{children:\"Between the Okta integration and improved access provisioning process, Norton\u2019s team was able to save one hour per employee, saving the IT department an estimated 250 hours thanks to Twingate. \u201CThis has been a huge huge lift on our IT department,\u201D Norton said.\"}),/*#__PURE__*/e(\"h3\",{children:\"Continuous Innovation\"}),/*#__PURE__*/e(\"p\",{children:\"Norton described the support his team receives as \u201Cphenomenal,\u201D and the Modern Health team plans to leverage their partnership with Twingate as a foundation for the future of their security strategy.\"}),/*#__PURE__*/e(\"p\",{children:\"With Twingate\u2019s Zero Trust Network Access solution in place, Norton and his team are looking to implement additional concepts of the Zero Trust model. \u201CWe\u2019re going to lean more into device trust and the integration with our Mobile Device Management,\u201D said Norton. Twingate will also allow his team to safely connect their external CI pipelines with specific internal resources to further simplify the topology required for certain Modern Health projects.\"})]});export const richText9=/*#__PURE__*/t(n.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"Challenge\"}),/*#__PURE__*/e(\"p\",{children:\"Kooapps maintains an on-premises environment featuring an array of systems including source code repositories and powerful on-site servers that are used to render or compile code. As a software developer and publisher, protecting the security and confidentiality of the intellectual property housed on this infrastructure is essential to Kooapps.\"}),/*#__PURE__*/e(\"p\",{children:\"The onset of the pandemic in early 2020 made access to on-premises resources less easy after employees could no longer access Kooapps\u2019 offices in the wake of public health measures. The pandemic made remote access technology a critical part of the company\u2019s IT infrastructure almost overnight: the company\u2019s continued productivity was now dependent on it. Without remote access, the developers who needed to pull and push code to private repositories multiple times a day would not be able to work, and the product managers who needed to remote desktop into on-site servers to tap into computing power their laptops couldn\u2019t provide would be hamstrung.\"}),/*#__PURE__*/e(\"p\",{children:\"Kooapps turned to multiple self-hosted VPN products to provide its team with remote access to their private systems, with VPN gateways in each office being hosted on a variety of hardware routers and macOS servers. However, for a technology that people relied on every day to do their work, Kooapps faced friction in the form of cumbersome configuration and administrative tasks, overhead from maintaining multiple VPN technologies, slower internet connectivity, and inconsistent user experiences \u2013 all of which created a drag on overall productivity.\"}),/*#__PURE__*/e(\"h2\",{children:\"Solution\"}),/*#__PURE__*/e(\"p\",{children:\"Kooapps was well-experienced with VPN technology and was not actively looking for a Zero Trust-based solution before it decided to evaluate Twingate. However, while their existing VPN solution was serviceable, they were interested in anything that would improve security, user experience, and administrative workloads \u2013 but only if the improvements were substantial enough to warrant the effort required to deploy a new technology.\"}),/*#__PURE__*/e(\"p\",{children:\"Understandably cautious about rolling out a new system that would impact many users on a daily basis, a quick, smooth deployment process was another pre-requisite of Kooapps for making any shift away from their incumbent solution.\"}),/*#__PURE__*/e(\"p\",{children:\"Additionally, as a mobile app developer, being able to use Twingate (whether as an administrator or end user) on a variety of mobile platforms, in addition to the usual desktop operating systems, was key.\"}),/*#__PURE__*/e(\"p\",{children:\"After conducting a proof of concept test, Kooapps decided to move to Twingate. Kooapps identified two primary reasons for making the transition. Firstly, the simplicity of deployment, setup, and maintenance for administrators would save them a significant amount of time going forward. Secondly, a much improved experience for end users over their existing remote access solution was seen to result in greater productivity and satisfaction across the board.\"}),/*#__PURE__*/e(\"h2\",{children:\"Results\"}),/*#__PURE__*/e(\"h3\",{children:\"Simplifying the Administrative Experience\"}),/*#__PURE__*/e(\"p\",{children:\"One of Twingate\u2019s hallmarks is how it simplifies life for administrators \u2013 both in terms of deployment and ongoing maintenance. Solon Chen, Co-Founder & Studio Manager, remarked that his immediate impression of Twingate was that it was \u201Cextremely straightforward\u201D and that he \u201Cwas surprised at how much easier it was to set up than a traditional VPN where you have to go through a process involving creating VPN tunnels, assigning IP addresses, and setting up routes for everyone. Also, different people need access to different things, which is complicated to set up securely with a VPN. That wasn\u2019t the case with Twingate.\u201D\"}),/*#__PURE__*/e(\"p\",{children:\"Twingate does not require networking expertise to successfully deploy and, although Kooapps did have in-house IT expertise, Chen observed that Twingate\u2019s simplicity meant that it was also a good fit for smaller businesses who did not have dedicated IT departments: \u201CYou don\u2019t need to have someone who knows how to program a router.\u201D\"}),/*#__PURE__*/e(\"p\",{children:\"Compared to VPNs, ongoing maintenance is easier with Twingate. Changes in infrastructure and user permissions are easily handled in Twingate\u2019s intuitive admin console. \u201CThis is valuable for businesses because it\u2019s normally a headache when resources need to be added or removed,\u201D Chen said. \u201CEven though we\u2019re fortunate to have experienced IT people in our team, everyone still prefers to do things the easy way to save time and effort. Why would you do things the hard way when you can do them the easy way?\u201D\"}),/*#__PURE__*/e(\"p\",{children:\"Kooapps also appreciated the fact that deploying Twingate did not require them to completely remove their existing VPNs. Not only did this streamline the deployment process, but it also allowed Kooaps to keep their existing VPNs on standby for redundancy and backup purposes.\"}),/*#__PURE__*/e(\"h3\",{children:\"Improving the End User Experience\"}),/*#__PURE__*/e(\"p\",{children:\"For a company whose mission is to \u201Cconnect the world through amazing daily experiences,\u201D Kooapps has high standards when it comes to the experience of end users and a mission to which Twingate can relate.\"}),/*#__PURE__*/e(\"p\",{children:\"With Twingate, Kooapps was able to offer a consistent user experience across their workforce\u2019s diverse range of operating systems and devices, both mobile and desktop. Twingate\u2019s mobile experience is not a second-class citizen to its desktop experience, which is particularly salient for a mobile app developer like Kooapps. As a result, Kooapps\u2019 employees noted that they liked how the procedure for installing and using the Twingate client app is the same whether they were using it on a phone or laptop. \u201CThey just need to download the app, enter their credentials, and then they\u2019re done. There are no special setup processes that are platform-specific for users to follow,\u201D noted Chen. In contrast, the experience prior to Twingate was beset by inconsistency. \u201CDifferent devices needed to use different setup processes and different tools. Settings and buttons were in different places for different clients, which made it confusing to users.\u201D\"}),/*#__PURE__*/e(\"p\",{children:\"Unlike a VPN, which routes all traffic through a VPN gateway, whether it needs to go there or not, Twingate provides split tunnel functionality out-of-the-box, allowing Twingate\u2019s client to be \u201Calways on\u201D in the background without degrading internet connectivity. With Twingate, users don\u2019t have to consciously worry about remembering when they need to turn on the client to access a protected resource, or when to turn it off to speed up their internet connection for activities like video calls or personal web browsing.\"}),/*#__PURE__*/e(\"p\",{children:\"\u201CWith our VPN, we constantly had to think about whether the VPN was on or off. There was a lot of unnecessary traffic going through our VPN servers before, particularly when people started working from home. That\u2019s not the case with Twingate \u2013 users just log in and forget about it. Everything just works and they don\u2019t have to consciously think about whether they are connected, which is one less thing they have to deal with each day.\u201D\"}),/*#__PURE__*/e(\"h3\",{children:\"Strengthening Security\"}),/*#__PURE__*/e(\"p\",{children:\"The Zero Trust model of network access that Twingate enables is fundamentally more secure than VPN technology. Transitioning to Twingate allowed Kooapps to establish a stronger, more modern security foundation for its network access infrastructure by making it possible for Kooapps to:\"}),/*#__PURE__*/t(\"ul\",{style:{\"--framer-font-size\":\"20px\",\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(18, 19, 21)\",\"--framer-text-transform\":\"none\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"implement least privilege access through software alone and no infrastructure changes;\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"impose two-factor authentication requirements on all access attempts via Twingate\u2019s identity provider integration (something not available with Kooapps\u2019 VPN implementations);\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"keep its networks hidden from the internet (unlike VPN gateways, Twingate enables remote access without requiring any network component to be publicly exposed);\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"mitigate the scope of any network incursions by limiting the ability for an attacker to move laterally within their network; and\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"gain visibility into network activity on a very granular level (logs are indexed based on user and device identities, allowing easy analysis of what\u2019s happening on their network).\"})})]})]});export const richText10=/*#__PURE__*/t(n.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"Challenge\"}),/*#__PURE__*/e(\"p\",{children:\"In mid-2020, MHC Software acquired Ecrion Software to form the leader in content automation. With the acquisition also came the need to merge two distinct remote workforces, distributed across the globe. With teams in the United States, Romania, the United Kingdom, and other international locations, MHC needed a solution to enable their distributed teams to access critical company resources, no matter where they were located.\"}),/*#__PURE__*/e(\"p\",{children:\"MHC and Ecrion each used a number of different remote access solutions, making the process of fully unifying their respective networks very challenging and time-consuming. Their primary solution at the time, Cisco AnyConnect, was unable to fully meet their needs due to the complex and time-consuming process of configuring different resource access policies for their various groups.\"}),/*#__PURE__*/e(\"p\",{children:\"\u201CIt would have been a nightmare to support the multiple networks we inherited. It would have been very difficult for our support teams to troubleshoot the 3 or 4 different systems required for each set of users in our company,\u201D explained Eddie Weyrick and James Straub, Director of IT and Director of Information Security, respectively.\"}),/*#__PURE__*/e(\"p\",{children:\"The combined company had resources deployed across multiple cloud providers and on-premises, used multiple identity providers for authentication, and ran a combination of fully-managed SaaS products and on-premises legacy software. This led the team to seek out a unified remote access solution that was secure, cost-effective, and could be deployed quickly.\"}),/*#__PURE__*/e(\"h2\",{children:\"Summary:\"}),/*#__PURE__*/t(\"ul\",{style:{\"--framer-font-size\":\"20px\",\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(18, 19, 21)\",\"--framer-text-transform\":\"none\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Acquisition of Ecrion led to having two complex networks and systems\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Limited capacity to provide ongoing support for multiple disparate systems\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Support for multi-cloud and hybrid cloud environments\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Support for both SaaS and legacy on-premises resources\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Needed to provide secure remote access to a 200+ employee workforce\"})})]}),/*#__PURE__*/e(\"h2\",{children:\"Solution\"}),/*#__PURE__*/e(\"p\",{children:\"After evaluating ways to build the required network integration and remote access systems themselves, the team quickly realized that they needed to explore alternatives to the traditional VPN approach of having a single VPN access point.\"}),/*#__PURE__*/e(\"p\",{children:\"Although the MHC team was aware of the significant benefits of moving to a Zero Trust model in this situation, the common perception was that such a model would have been extremely complex and time-consuming to implement. However, the value and ease of deployment that Twingate offered made it a compelling choice. \u201CWe thought redesigning the network for Zero Trust was out of reach at the time, but once we heard about Twingate, it became the obvious choice, and we stopped considering other alternatives,\u201D Straub noted.\"}),/*#__PURE__*/e(\"p\",{children:\"This drove MHC to obtain the security benefits offered by a zero trust solution over a traditional VPN, while also spending significantly less time in deployment.\"}),/*#__PURE__*/e(\"h2\",{children:\"Results\"}),/*#__PURE__*/e(\"h3\",{children:\"Simplicity and Agility\"}),/*#__PURE__*/e(\"p\",{children:\"The MHC team estimated that it would have taken upwards of 1 year to fully implement a VPN-based solution to support the combined business. Standing up a firewall and VPN itself would have taken 10-12 weeks, and the long-term migration of resources to a consolidated network would have taken many months longer. In addition, there is the upfront cost of the hardware appliances as well as the ongoing cost of lost productivity during these cumbersome migrations.\"}),/*#__PURE__*/e(\"p\",{children:\"With Twingate, the team was able to get fully up and running in a matter of days. After 2 weeks of testing, Twingate was rolled out to the MHC employee base to seamlessly access the resources they needed to be productive.\"}),/*#__PURE__*/e(\"h3\",{children:\"Cloud-native Deployment and Elasticity\"}),/*#__PURE__*/e(\"p\",{children:\"One significant hurdle to building a self-managed VPN solution is the unpredictability of network traffic over time. As MHC\u2019s products and deployments span multiple cloud environments and on-premises data centers, it would have been challenging to accurately estimate the network capacity needed for each resource, which could lead to either underperformance or overprovisioning of resources.\"}),/*#__PURE__*/e(\"p\",{children:\"Twingate allowed MHC to deploy connectors instantly across all desired resources with no capacity planning required and no cost penalty for over- or underutilization.\"}),/*#__PURE__*/e(\"p\",{children:\"\u201CFrom a cost standpoint, it would have been very difficult to estimate the unpredictable network traffic across resources we need. Twingate allows users to seamless access secure resources while we take on the migration in the background,\u201D Straub said.\"}),/*#__PURE__*/e(\"h3\",{children:\"Journey to Zero Trust\"}),/*#__PURE__*/e(\"p\",{children:\"Exposing public VPN gateways is a risk for any organization. For MHC, supporting their globally distributed workforce and multi-cloud infrastructure introduced additional risks that would leave traditional VPNs vulnerable to attack and difficult to maintain.\"}),/*#__PURE__*/e(\"p\",{children:\"Twingate enabled MHC to move to a Zero Trust security model with minimal effort. In a matter of weeks, the MHC team was able to protect their company-critical resources while providing employees with remote access to the information they need.\"}),/*#__PURE__*/e(\"p\",{children:\"\u201CUntil Twingate, Zero Trust was always viewed as too hard to implement. The speed of implementation was a huge benefit and it\u2019s great to have a unified access solution for the entire company,\u201D Weyrick said.\"})]});export const richText11=/*#__PURE__*/t(n.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"Challenge\"}),/*#__PURE__*/e(\"p\",{children:\"As a fast-growing startup, Homebase\u2019s success has been due in part to a culture of relentless innovation to meet their employees\u2019 and customers\u2019 needs. As remote work took hold in 2020, Homebase seized the opportunity to optimize their cloud security architecture and replace their existing VPN in order to provide more secure and more performant access to their global development teams.\"}),/*#__PURE__*/e(\"p\",{children:\"Homebase\u2019s platform team has evolved their infrastructure several times, starting with Heroku and eventually transitioning to a fully containerized architecture on AWS that they run today. In early 2020, Homebase used OpenVPN to provide private access to their development environments and remote networks in AWS.\"}),/*#__PURE__*/e(\"p\",{children:\"As more of their development team began to work remotely, this implementation quickly fell short of the team\u2019s needs. With engineers distributed around the world, including the United States, Kenya, Ghana, Egypt, Ukraine, and Mexico, Homebase\u2019s OpenVPN deployment was having trouble maintaining a reliable and performant connection for all of its global users.\"}),/*#__PURE__*/e(\"p\",{children:\"In addition, as the company hired new employees remotely, the team found that onboarding developers to their various AWS environments using their existing VPN was extremely burdensome and would not scale as they grew. \u201CSetting up OpenVPN was quite complicated and annoying. We had to write up a manual with almost 15 steps with screenshots, and it took 30 minutes for a user to get set up. To make things worse, these instructions were different depending on the client platform, which became a headache to maintain,\u201D said Jordan Brown, Platform Engineering Manager.\"}),/*#__PURE__*/e(\"p\",{children:\"Beyond the issues with client setup and support overhead, the team had even greater concerns around security and risk. Running their traditional VPN required maintaining two public gateways that were at risk of being targeted online. In addition, there was no good way to restrict access to specific resources once a user gained VPN access. This meant that a successful intruder would have unlimited access to Homebase\u2019s entire private network\u2014an unacceptable risk to both the company and its customers.\"}),/*#__PURE__*/e(\"h2\",{children:\"Solution\"}),/*#__PURE__*/e(\"p\",{children:\"With a small team of only 3 engineers maintaining their engineering platforms, Homebase quickly sought to find a better fully managed solution. The team undertook a thorough and detailed evaluation of several options, covering aspects such as ease of management, security, and cost effectiveness. Ultimately, the team found Twingate to be the most compelling product that provided them with a future-proofed Zero Trust solution that would be the most flexible, easiest to use, and secure by design.\"}),/*#__PURE__*/e(\"p\",{children:\"\u201CI had heard of Zero Trust before, but thought it was mostly marketing. We wanted first and foremost to solve our VPN problem and eliminate the risk of having a public gateway. With Twingate, we got a fully managed service that protects all of our resources by default. It\u2019s so much better than what we had before, and a Zero Trust solution makes a lot more sense to me now,\u201D commented Brown.\"}),/*#__PURE__*/e(\"h2\",{children:\"Results\"}),/*#__PURE__*/e(\"h3\",{children:\"Ease of Deployment and Management\"}),/*#__PURE__*/e(\"p\",{children:\"With only 3 people on the platform team, every bit of time saved matters. With their previous VPN, it took more than a week to deploy the product, even with a pre-built image on AWS. With Twingate, the deployment process was completed in less than one day. Following that, there was very little for the administrators to do, and most routine tasks like adding new resources and assigning access permissions to them were easily automated using the Twingate API.\"}),/*#__PURE__*/e(\"p\",{children:\"On the client side, it previously took a new user upwards of 30 minutes following more than a dozen distinct steps to complete setup and onboarding. With Twingate, that process has been eliminated. New employees now have the client application automatically deployed on their device and can sign on instantly using Homebase\u2019s company-wide identity provider (IdP).\"}),/*#__PURE__*/e(\"p\",{children:\"Twingate also simplified user management for Homebase, since user access is automatically synced from the IdP. This means that new employees are automatically granted access to the right resources based on their IdP group. Importantly, if the employee leaves the company, their permissions are automatically revoked when they are removed from the IdP.\"}),/*#__PURE__*/e(\"p\",{children:\"\u201CFor admins, it\u2019s just a one time setup, then Twingate completely eliminates ongoing maintenance. And all the feedback we\u2019ve gotten from users has been \u2018Wow, that was easy!\u2019\u201D noted Brown.\"}),/*#__PURE__*/e(\"h3\",{children:\"Secure by Design\"}),/*#__PURE__*/e(\"p\",{children:\"Homebase is trusted by over 100,000 small businesses to deliver innovative, reliable, and secure software services to help them efficiently perform their day to day operations. As a fast-growing startup, Homebase has limited resources, so they must prioritize their efforts on the activities they believe will add the most value. In light of this, they chose Twingate to help eliminate the security risks posed by their traditional VPN.\"}),/*#__PURE__*/e(\"p\",{children:\"Twingate\u2019s remote access solution helped Homebase protect their resources and their globally distributed workforce and move towards a Zero Trust security model. Within a matter of weeks, Homebase was able to move their entire development team to Twingate, effectively eliminating the public attack surface created by their traditional VPN.\"}),/*#__PURE__*/e(\"p\",{children:\"\u201CEverything is protected by default now. Twingate is making us think about security in a new way and is offering a lot of things we had not thought about before,\u201D said Brown.\"}),/*#__PURE__*/e(\"h3\",{children:\"Cost Effective\"}),/*#__PURE__*/e(\"p\",{children:\"With significant savings in deployment time, support overhead, employee productivity, and risk exposure, Twingate has already proven to be a cost effective VPN alternative for Homebase.\"}),/*#__PURE__*/e(\"p\",{children:\"\u201CIt was easy to show the value we would get from Twingate, and it was quick to get signoff from our CFO. We\u2019re planning to continue to roll out Twingate to more parts of the organization as we grow this year,\u201D noted Brown.\"})]});export const richText12=/*#__PURE__*/t(n.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"Challenge\"}),/*#__PURE__*/e(\"p\",{children:\"When Matthew Jackson, Security Operations and Architecture Manager, first joined Blend, there were about 100 employees. At that time, the Blend security team knew everyone at the company. However, as the company grew, both Blend\u2019s headcount and number of applications scaled considerably. The security team increasingly ran into requests from new Blend employees seeking access or existing employees requesting applications the security team was not familiar with. It soon became extremely time-consuming for the security team to make well-informed decisions around access.\"}),/*#__PURE__*/e(\"p\",{children:\"In response, Paul Guthrie, Information Security Officer, and Matthew Jackson implemented a bold and strategic vision to re-imagine employee access at Blend. From their experience, they knew that:\"}),/*#__PURE__*/t(\"ol\",{style:{\"--framer-font-size\":\"20px\",\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(18, 19, 21)\",\"--framer-text-transform\":\"none\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Management needed to be delegated away from centralized security to teams who had more context\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Security teams needed to set automated guardrails\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Access needed to be self-service and easy to request\"})})]}),/*#__PURE__*/e(\"p\",{children:\"The goal was to improve security while reducing user friction. Using a metaphor, Blend was looking to build guardrails on a coastal highway: safety measures that don\u2019t block the view, but instead protect users and enable teams to go faster than they would otherwise. From their perspective, the best security programs are the ones no one even knows are in place. Security is enforced behind the scenes, gently nudging users in the right direction without introducing friction.\"}),/*#__PURE__*/e(\"p\",{children:\"One of the core problems that they faced was that provisioning access was a manual and expensive process. There was a lot of coordination required between centralized IT support teams and a host of different application owners and managers. This slowed down employees from getting access to the systems they needed.\"}),/*#__PURE__*/e(\"h2\",{children:\"Why did Blend adopt Opal\"}),/*#__PURE__*/e(\"p\",{children:\"To solve this problem, Blend had initially built an internal tool so that end users could make access requests for SSH servers, databases, and IAM roles using Slack. This worked well but required constant attention and maintenance. Blend had an excellent group of security engineers who built amazing tools, but they needed to be focused on their own applications and intellectual properties.\"}),/*#__PURE__*/e(\"p\",{children:\"By adopting Opal and deprecating their internal tool, Blend was able to shift their talented security engineers towards Blend\u2019s product and trust Opal to build an industry-leading access management solution. With Opal, Blend employees can use a self-service app catalog to make requests. Admins can scale approvals and management through decentralization of system owners and managers. Lastly, the security team can configure resource-specific access policies based on the sensitivity of the resource.\"}),/*#__PURE__*/e(\"h2\",{children:\"Why did Blend adopt Twingate\"}),/*#__PURE__*/e(\"p\",{children:\"Ahead of adopting Twingate, the Blend team was managing multiple VPN solutions with inconsistent rules around who had access to what cloud resources. This meant that there was a lack of transparency and consistency around employee access controls which led to an increased workload on support and IT as their company scaled in size.\"}),/*#__PURE__*/e(\"p\",{children:\"Given these pain points Paul and Matthew spun up efforts to simplify network access controls for users while also making the deployment process easier for their security team. They found both outcomes with Twingate and were drawn to the platform\u2019s ability to seamlessly integrate with Okta and infrastructure orchestration platforms like Terraform and Opal.\"}),/*#__PURE__*/e(\"h2\",{children:\"How did Opal and Twingate Provide Value to Blend\"}),/*#__PURE__*/e(\"p\",{children:\"With Twingate and Opal together, Blend is able to implement a zero trust architecture both inside its network and across its applications and infrastructure. Zero trust is a powerful concept in network security where, by default, no access is given and no source is trusted. Implementing zero trust is challenging but when done correctly, it fortifies organizations against attack by limiting their attack surface.\"}),/*#__PURE__*/e(\"p\",{children:\"Both Twingate and Opal empower Blend to manage access granularly. With Twingate, Blend is able to grant very specific and short-lived network access. Once users receive network access, they can use Opal to request very specific infrastructure and cloud IAM access. Security can implement guardrails by configuring resource-specific access policies based on the sensitivity of the resource.\"}),/*#__PURE__*/e(\"p\",{children:\"In addition, both Twingate and Opal reduce operational friction. In order for a security program to be successful, it must be easily and widely adopted. Employees should be able to use workflows for getting access without in-depth technical knowledge. With Twingate\u2019s desktop application, application owners and users can deploy the solution without diving into the nitty-gritty of VPN workflows. In fact, end users barely know that Twingate is running, but it\u2019s actually powering a lot of the background interactions. Similarly, with Opal, end users can leverage a simple, self-service app catalog to search and filter for the access they need. Opal also enables users to make and approve requests directly out of Slack or start sessions for RDS and SSH access using the command line interface.\"}),/*#__PURE__*/e(\"p\",{children:\"By implementing zero trust across its network, applications and infrastructure, Twingate and Opal have helped Blend become secure by default. By leveraging the infrastructure that the security team has put in place, whether its defining Twingate resources or using Opal workflows, users are able to access the tools and systems they need in a secure manner.\"})]});export const richText13=/*#__PURE__*/t(n.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"Context / Situation\"}),/*#__PURE__*/e(\"p\",{children:\"In the past decade, pensions in the UK have witnessed a major shift. Previously, UK taxpayers used to work for a single company for 20+ years and get entered into a pension scheme and then in a defined benefits scheme; companies would look after their loyal staff. As people started working for multiple companies, companies moved away from this model. The UK government stepped in and launched a new scheme where taxpayers make defined contributions and build up as they go from company to company.\"}),/*#__PURE__*/e(\"h3\",{children:\"Founding story\"}),/*#__PURE__*/e(\"p\",{children:\"Penfold founders saw a lack of knowledge among the workforce about how much to contribute toward retirement and how defined contributions work; they also saw the self-employed market left out from this government scheme to start their own retirement funds. It was all leading to a savings crisis - leaving people without enough to enjoy their retirement. Penfold decided to first serve the self-employed market where it was easy to go direct to consumer, and after succeeding in that, expanded to the workplace market.\"}),/*#__PURE__*/e(\"h3\",{children:\"Network and compute topology\"}),/*#__PURE__*/e(\"p\",{children:\"Penfold\u2019s infrastructure is cloud-heavy, using a combination of public and private cloud services and APIs. Initially they had used third parties to enter the market and obtain regulatory approval. Today, their architecture consists mostly of solutions they\u2019ve built in-house. Some of their infrastructure is hosted in their provider\u2019s cloud while their own stack is deployed in AWS. They built a self-scaling cloud-native environment that adjusts to fluctuating customer demand, providing cost-effectiveness in a pensions industry with limited product margins.\"}),/*#__PURE__*/t(\"ul\",{style:{\"--framer-font-size\":\"20px\",\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(18, 19, 21)\",\"--framer-text-transform\":\"none\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"On the investment side, they use an API-based custodian that provides them with access to the specific funds that they use in their products. Penfold passes its customers\u2019 instructions, on where they\u2019d like to be invested, onto the custodian.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"On the banking side, Penfold does direct communication via open banking. In the UK, where banking is increasingly digital, banks offer an API-based integration, transforming the way customers can make payments into their pensions plan.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"On the networking side, adopting the latest technology was an interesting challenge. \u201CBut I think we\u2019ve all got to a place where we\u2019re quite comfortable. Obviously, Twingate has been a big part of that,\u201D says Robinson.\"})})]}),/*#__PURE__*/e(\"h2\",{children:\"Problem\"}),/*#__PURE__*/e(\"p\",{children:\"Several challenges drove Penfold to look for a Zero Trust solution:\"}),/*#__PURE__*/t(\"ol\",{style:{\"--framer-font-size\":\"20px\",\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(18, 19, 21)\",\"--framer-text-transform\":\"none\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Cumbersome access provisioning process for developers - Penfold operates services that it has built in-house, running under a serverless architecture, and also operates persistent storage devices and machines running some of their system services. Their devs need to connect to these services directly to diagnose issues and apply upgrades. Their traditional setup involved a bastion host within AWS, with their dev team using that as a jumpbox to access these services. As the team grew, this became painful to maintain as it required verifying keys and following a cumbersome provisioning and de-provisioning process as people joined and left.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Need for more secure access - Penfold\u2019s teams need access to regulatory systems and third-party providers. Because Penfold also has a shared office, they don\u2019t own the network and don\u2019t have a fixed IP; there is more than just their office on that IP range. Twingate helped them to secure legacy services that have a more traditional networking approach of whitelisting IP ranges. Additionally, Penfold\u2019s bastion host constituted another attack point exposed to the public internet.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Contractors creating access churn - Penfold has short-term contractors that create a lot of access churn. The network setup process involved with onboarding these contractors did not scale with Penfold\u2019s growth and became increasingly painful to manage.\"})})]}),/*#__PURE__*/e(\"h2\",{children:\"Solution\"}),/*#__PURE__*/e(\"p\",{children:\"After trying traditional VPN solutions, Penfold decided to look elsewhere due to the painful setup, manual configuration, and prohibitive cost involved with VPNs. They looked at Zero Trust networking solutions and found Twingate. After completing a Proof of Concept with Twingate and Tailscale, Penfold chose Twingate because it best addressed their pain points:\"}),/*#__PURE__*/t(\"ul\",{style:{\"--framer-font-size\":\"20px\",\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(18, 19, 21)\",\"--framer-text-transform\":\"none\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Integration with their identity provider (Google Workspace), allowing centralized user access management\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Ease of use, as they needed their remote team to be able to install and set up Twingate themselves on their machines\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Pricing that works with their business model\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Ease of hosting, operation, and maintenance\"})})]}),/*#__PURE__*/e(\"h2\",{children:\"Results\"}),/*#__PURE__*/e(\"p\",{children:\"When Penfold completed the initial deployment of Twingate, they considered the project a huge win. The standout benefits they identified included:\"}),/*#__PURE__*/t(\"ul\",{style:{\"--framer-font-size\":\"20px\",\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(18, 19, 21)\",\"--framer-text-transform\":\"none\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Twingate\u2019s ease of customization and flexibility let them set up granular access controls that improved security, and ensured that individual network requests were authorized only in appropriate contexts.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"The end user experience was noticeably improved. End users can now self-enroll for remote access with a few clicks. Once installed, the Twingate client did not interfere with daily work.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"The deployment process was straightforward, with support for their existing identity provider and compatibility with their existing technology stack.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Twingate\u2019s web-based admin console for configuring and managing enterprise-wide access controls gave Penfold centralized visibility over their entire network, coupled with extensive logging capabilities that support auditability.\"})})]}),/*#__PURE__*/e(\"p\",{children:\"\u201CWe don\u2019t notice using Twingate because it just works. This is in contrast to VPNs, which you definitely notice when they don\u2019t work. Twingate is super simple from a maintenance perspective, and it\u2019s been very smooth sailing,\u201D said Stuart Robinson, Penfold\u2019s CTO and Co-founder.\"})]});export const richText14=/*#__PURE__*/t(n.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"Challenge\"}),/*#__PURE__*/e(\"p\",{children:\"When the COVID-19 pandemic emerged, Human Interest\u2019s IT team was already busy maintaining the technology infrastructure for a rapidly scaling business. The company was growing quickly in size, and its platform, IT, and security teams were focused on innovating their technology stack to meet the needs of their employees, customers, and partners.\"}),/*#__PURE__*/e(\"p\",{children:\"Then, with the sudden shift to remote work, the team immediately felt the strain on their existing network infrastructure. Human Interest\u2019s hardware-based VPN was previously used by only a handful of people, but was now \u201Cbursting at the seams,\u201D as described by Human Interest CTO, Paul Mason.\"}),/*#__PURE__*/e(\"p\",{children:\"Onboarding hundreds of employees onto their existing VPN was an extremely time consuming process. Most of Human Interest\u2019s resources resided on AWS or elsewhere in the cloud and were secured with IP-based restrictions enforced by a bastion host. The move to a fully remote workforce meant that employee home IP addresses frequently needed to be manually added and updated on the bastion host.\"}),/*#__PURE__*/e(\"p\",{children:\"The employee experience was similarly burdensome. VPN setup and onboarding required each of Human Interest\u2019s 200+ employees to follow several pages of instructions, and it was common for the IT team to continually field support calls during this process, leading to hours of lost productivity.\"}),/*#__PURE__*/e(\"p\",{children:\"To make things worse, the VPN was full tunnel by default\u2014all internet traffic from connected users was routed through Human Interest\u2019s corporate network. With employees joining video calls and consuming streaming media from home, Human Interest\u2019s network became congested, leading to choppy Zoom meetings and an increasingly frustrated workforce. \u201CIn order to fix the performance issues, we would have needed to reconfigure the VPN for a split tunnel setup, which would have been a nightmare, requiring configuration changes at both the server and client end,\u201D noted Mason.\"}),/*#__PURE__*/e(\"p\",{children:\"As Human Interest\u2019s business continued to grow during the pandemic, the issues they experienced with their traditional VPN became an unbearable burden to their IT teams, and they needed to find a solution.\"}),/*#__PURE__*/e(\"h2\",{children:\"Solution\"}),/*#__PURE__*/e(\"p\",{children:\"As a provider of retirement plan solutions, Human Interest knows the importance of planning for the long term. Once Mason and his team identified that the VPN was not going to offer a sustainable, scalable solution for them, they set out to look for a better option that would support them in the years ahead.\"}),/*#__PURE__*/e(\"p\",{children:\"\u201CWe were trying to manage the overall needs as our company was growing while trying to stay on top of the ongoing VPN issues all at once, and it was just too much,\u201D said Mason. \u201CIt quickly became clear that we needed to replace our VPN with a better longer-term alternative.\u201D\"}),/*#__PURE__*/e(\"p\",{children:\"In addition to in-depth evaluations of security and reliability, another key requirement for Human Interest was efficiency: reducing the overall administrative burden on the IT team, and improving the setup and online experience for users.\"}),/*#__PURE__*/e(\"p\",{children:\"These requirements led Human Interest to Twingate, which not only checked all of these boxes, but completely changed the way the team thought about remote access and Zero Trust in general.\"}),/*#__PURE__*/e(\"h2\",{children:\"Results\"}),/*#__PURE__*/e(\"p\",{children:\"Looking at its growth trajectory ahead, Human Interest chose Twingate to replace its VPN and provide a future-proofed remote access solution that would also scale with the business in the long term. Importantly, Human Interest also enhanced its security posture and improved the experience for its employees. \u201CI\u2019m definitely what you would call a happy user. Twingate has been fantastic for Human Interest. I\u2019m glad that I won\u2019t be going back to the days of setting up our VPN manually.\u201D Mason said.\"}),/*#__PURE__*/e(\"h3\",{children:\"Fast and Easy Deployment\"}),/*#__PURE__*/e(\"p\",{children:\"Human Interest was able to migrate to Twingate as their long-term solution of choice much earlier than they originally expected due to how easy Twingate was to deploy.\"}),/*#__PURE__*/t(\"ul\",{style:{\"--framer-font-size\":\"20px\",\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(18, 19, 21)\",\"--framer-text-transform\":\"none\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"As a software- and cloud-based solution, Twingate does not require hardware appliances to be installed or changes to network infrastructure, allowing Human Interest to get started with Twingate without going through weeks or months of implementation planning and effort.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Twingate can run alongside an existing VPN, allowing Human Interest to manage risk by evaluating and gradually rolling out Twingate without the need to rip and replace its existing VPN.\"})})]}),/*#__PURE__*/e(\"h3\",{children:\"Automation and Scalability\"}),/*#__PURE__*/e(\"p\",{children:\"Twingate simplified Human Interest\u2019s network infrastructure and provided enhanced automation capabilities, which meant a significant reduction in manual maintenance and monitoring.\"}),/*#__PURE__*/t(\"ul\",{style:{\"--framer-font-size\":\"20px\",\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(18, 19, 21)\",\"--framer-text-transform\":\"none\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Twingate eliminates the need for VPN gateways and bastion hosts, meaning fewer components to configure and maintain.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Twingate\u2019s ability to integrate with leading identity providers (IdPs) meant that Human Interest could rely on Okta, its IdP of choice, for user authentication. User accounts and access credentials are automatically synced from Okta. In addition, Twingate offers MFA support out of the box, providing better security for Human Interest with minimal effort.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Twingate\u2019s client applications can be downloaded directly by users from app stores and the Twingate website, or be pushed directly to any device using a MDM solution. This means better access for employees and easier deployment for the IT team, even as the company grows.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"\u201CWith Twingate, it\u2019s easy. We have a MDM solution that can push out the app to any device. The user just needs to open the app, type in Human Interest, and it\u2019s done,\u201D said Mason.\"})})]}),/*#__PURE__*/e(\"h3\",{children:\"Improved User Experience and Performance\"}),/*#__PURE__*/e(\"p\",{children:\"Twingate improved the experience for Human Interest\u2019s users as well, resulting in less time on support calls with the IT team, and less time waiting for resources to load.\"}),/*#__PURE__*/t(\"ul\",{style:{\"--framer-font-size\":\"20px\",\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(18, 19, 21)\",\"--framer-text-transform\":\"none\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Twingate eliminated a VPN setup process that routinely took over 30 minutes for even technically-minded employees, freeing up more time for both employees and IT support staff. \u201CWhen we told people to log on to the VPN in the past, users often got confused. But Twingate simplified everything\u2014everyone knows how to click on the Twingate icon,\u201D noted Mason.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Twingate offers split tunneling by default. With no complicated configuration required, this led to instantly faster network connectivity for users and an immediate reduction in network congestion. No longer did the IT team have to manage bandwidth consumption by resorting to workarounds like blocking access to certain destinations. As Mason observed, \u201CI used to always hear that VPN is slow. I don\u2019t hear that anymore after using Twingate.\u201D\"})})]})]});\nexport const __FramerMetadata__ = {\"exports\":{\"richText11\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText10\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText3\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText5\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText4\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText7\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText9\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText12\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText6\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText1\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText14\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText2\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText8\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText13\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"__FramerMetadata__\":{\"type\":\"variable\"}}}"], "mappings": "2JAA+G,IAAMA,EAAsBC,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,KAAK,CAAC,SAAS,kDAA6C,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2TAA4S,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,sKAA4J,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2TAAuS,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8VAAiT,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,oDAA+C,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,mZAAyY,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gJAAgJ,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wYAAoX,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+VAAiU,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,+CAA+C,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,oYAA0X,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,iVAAuU,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,uPAAwO,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,oDAAoD,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,iRAAkQ,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,iZAAyW,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yOAAyO,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,qCAAqC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,0bAAsa,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wOAAqM,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2RAA4Q,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gWAA2V,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,0RAAiQ,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,kCAAkC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,mQAA+O,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,uEAAoFE,EAAEC,EAAE,CAAC,KAAK,qDAAqD,aAAa,GAAG,aAAa,GAAG,SAAsBD,EAAE,IAAI,CAAC,SAAS,4BAA4B,CAAC,CAAC,CAAC,EAAE,iDAAyDA,EAAEC,EAAE,CAAC,KAAK,kDAAkD,aAAa,GAAG,aAAa,GAAG,SAAsBD,EAAE,IAAI,CAAC,SAAS,oBAAoB,CAAC,CAAC,CAAC,EAAE,QAAqBA,EAAEC,EAAE,CAAC,KAAK,sDAAsD,aAAa,GAAG,aAAa,GAAG,SAAsBD,EAAE,IAAI,CAAC,SAAS,mBAAmB,CAAC,CAAC,CAAC,EAAE,0FAAgF,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wMAAmM,CAAC,CAAC,CAAC,CAAC,EAAeE,EAAuBJ,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,KAAK,CAAC,SAAS,sCAAsC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4XAAmW,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,iEAA4D,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+hBAAsgB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,oKAA+J,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,yCAAyC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yPAAgO,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+TAAqT,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,mRAA0P,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gGAA2F,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,2GAA2G,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,uGAAuG,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,iIAA4H,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,mMAAmM,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yRAAyR,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kQAAwP,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2FAA2F,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kOAA8M,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,mDAA8C,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qcAA2b,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8JAA8J,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,iUAAuT,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,uMAAkM,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yVAAiT,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4LAA4L,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,2BAA2B,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,ibAAua,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,0TAAuR,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,+DAA0D,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,sYAA4X,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yUAAgT,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2VAAiV,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,4CAAuC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,oWAA0V,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,oZAA6V,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAEC,EAAE,CAAC,KAAK,gCAAgC,aAAa,GAAG,aAAa,GAAG,SAAsBD,EAAE,IAAI,CAAC,SAAS,gBAAgB,CAAC,CAAC,CAAC,EAAE,mJAA2JA,EAAEC,EAAE,CAAC,KAAK,mCAAmC,aAAa,GAAG,aAAa,GAAG,SAAsBD,EAAE,IAAI,CAAC,SAAS,mBAAmB,CAAC,CAAC,CAAC,EAAE,mCAAmC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeG,EAAuBL,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,KAAK,CAAC,SAAS,uCAAuC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,0YAA0Y,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yUAAgT,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,yDAAoD,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8UAA+T,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8RAA+Q,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,6PAAwP,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yNAA2L,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qMAAsL,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kHAAwG,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2VAAkU,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,2BAA2B,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gWAAsV,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,iOAAwM,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,uPAAuP,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,oPAA0O,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,6LAAyK,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wSAA+Q,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yKAAgJ,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,oOAA0N,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,uDAAkD,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,6PAA8O,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,mSAAmS,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,iQAA4P,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,sUAAmS,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,oPAA+O,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,2IAA2I,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,gKAAgK,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,iFAAiF,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,6QAA+O,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAEC,EAAE,CAAC,KAAK,gCAAgC,aAAa,GAAG,aAAa,GAAG,SAAsBD,EAAE,IAAI,CAAC,SAAS,gBAAgB,CAAC,CAAC,CAAC,EAAE,2KAAmLA,EAAEC,EAAE,CAAC,KAAK,mCAAmC,aAAa,GAAG,aAAa,GAAG,SAAsBD,EAAE,IAAI,CAAC,SAAS,mBAAmB,CAAC,CAAC,CAAC,EAAE,mCAAmC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeI,EAAuBN,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,KAAK,CAAC,SAAS,gEAAgE,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,0VAA0V,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kkBAAoiB,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,mCAA8B,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,0YAAqY,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2SAA4R,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4ZAA6Y,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kIAAwH,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,gDAAgD,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gWAA2V,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yTAAsR,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,uVAAkV,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,sXAA6V,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,kDAAkD,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8RAAyR,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qNAAuL,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,2BAAwCE,EAAEC,EAAE,CAAC,KAAK,+DAA+D,aAAa,GAAG,aAAa,GAAG,SAAsBD,EAAE,IAAI,CAAC,SAAS,4BAA4B,CAAC,CAAC,CAAC,EAAE,oRAAoR,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,SAAiBE,EAAEC,EAAE,CAAC,KAAK,qDAAqD,aAAa,GAAG,aAAa,GAAG,SAAsBD,EAAE,IAAI,CAAC,SAAS,4BAA4B,CAAC,CAAC,CAAC,EAAE,kJAAyH,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8NAA+M,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAEC,EAAE,CAAC,KAAK,wDAAwD,aAAa,GAAG,aAAa,GAAG,SAAsBD,EAAE,IAAI,CAAC,SAAS,kBAAkB,CAAC,CAAC,CAAC,EAAE,uRAAuR,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gPAAuN,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,sIAA8IE,EAAEC,EAAE,CAAC,KAAK,mCAAmC,aAAa,GAAG,aAAa,GAAG,SAAsBD,EAAE,IAAI,CAAC,SAAS,mBAAmB,CAAC,CAAC,CAAC,EAAE,mCAAmC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeK,EAAuBP,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,KAAK,CAAC,SAAS,yCAAoC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+aAAga,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wMAA0K,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4YAAmX,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,0BAA0B,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qTAAgT,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yTAAyT,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8MAA0L,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,6CAAwC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wVAAmV,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,oMAAoM,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4NAA4N,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4SAAmR,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qYAAsX,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qSAA4Q,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,4BAA4B,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,iTAAiT,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qQAAsP,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,4BAA4B,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,oUAAoU,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,ySAAqR,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,6QAA6Q,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,mBAAmB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,iSAAiS,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,0RAAiQ,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qbAAgb,CAAC,CAAC,CAAC,CAAC,EAAeM,EAAuBR,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,KAAK,CAAC,SAAS,WAAW,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yRAAoR,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2WAAsW,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8PAAyP,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qlBAAikB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4YAAkY,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+GAA0G,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,UAAU,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,sSAAiS,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,8OAAsPE,EAAEC,EAAE,CAAC,KAAK,sCAAsC,aAAa,GAAG,aAAa,GAAG,SAAsBD,EAAE,IAAI,CAAC,SAAS,qBAAqB,CAAC,CAAC,CAAC,EAAE,4NAA4N,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gJAAgJ,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,iHAAiH,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,SAAS,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,mBAA2BE,EAAEC,EAAE,CAAC,KAAK,0DAA0D,aAAa,GAAG,aAAa,GAAG,SAAsBD,EAAE,IAAI,CAAC,SAAS,qBAAqB,CAAC,CAAC,CAAC,EAAE,4PAA4P,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,0oBAA4mB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,+BAA+B,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wXAAyW,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,sUAAiU,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+JAAqJ,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,+BAA+B,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,oNAAoN,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,6OAA2OE,EAAEC,EAAE,CAAC,KAAK,2CAA2C,aAAa,GAAG,aAAa,GAAG,SAAsBD,EAAE,IAAI,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,EAAE,sHAAmIA,EAAEC,EAAE,CAAC,KAAK,kDAAkD,aAAa,GAAG,aAAa,GAAG,SAAsBD,EAAE,IAAI,CAAC,SAAS,mBAAmB,CAAC,CAAC,CAAC,EAAE,SAAI,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qcAAib,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,sOAA4N,CAAC,CAAC,CAAC,CAAC,EAAeO,EAAuBT,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,KAAK,CAAC,SAAS,WAAW,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,uPAAwO,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2TAAwR,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,uUAAkU,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8RAAiP,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8NAA0M,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,sSAAiS,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4JAA4J,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,UAAU,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,sFAAsF,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,iSAAiS,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kOAAmN,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,mPAA0N,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,sfAAue,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8JAA8J,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,SAAS,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,+BAA+B,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,0JAAqJ,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,uYAAwX,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wZAA8Y,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,8BAA8B,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,6KAA6K,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,mWAA+U,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,6EAAqFE,EAAEC,EAAE,CAAC,KAAK,wCAAwC,aAAa,GAAG,aAAa,GAAG,SAAsBD,EAAE,IAAI,CAAC,SAAS,aAAa,CAAC,CAAC,CAAC,EAAE,iIAAiI,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8SAAgR,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,gCAAgC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yYAAoY,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,4DAAyEE,EAAEC,EAAE,CAAC,KAAK,+BAA+B,aAAa,GAAG,aAAa,GAAG,SAAsBD,EAAE,IAAI,CAAC,SAAS,qBAAqB,CAAC,CAAC,CAAC,EAAE,wIAAmI,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,YAAyBE,EAAEC,EAAE,CAAC,KAAK,+BAA+B,aAAa,GAAG,aAAa,GAAG,SAAsBD,EAAE,IAAI,CAAC,SAAS,qBAAqB,CAAC,CAAC,CAAC,EAAE,kVAA6U,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wQAAmQ,CAAC,CAAC,CAAC,CAAC,EAAeQ,EAAuBV,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,KAAK,CAAC,SAAS,WAAW,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8bAAyb,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,0eAA4c,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2WAAuV,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,UAAU,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,sVAA4U,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,saAAia,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,mIAA8H,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,2DAA2D,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,wDAAwD,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,iDAAiD,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,SAAS,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wTAA8S,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2XAAiX,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,seAA4d,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+kBAAmhB,CAAC,CAAC,CAAC,CAAC,EAAeS,EAAuBX,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,KAAK,CAAC,SAAS,WAAW,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2cAA2c,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,mfAAueE,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAE,qgBAAif,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,UAAU,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,sQAAmRE,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAE,iOAAuN,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,8WAA4WE,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAE,8KAAyK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,SAAS,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,6BAA6B,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,+MAA4NE,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAE,+cAAybA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,UAAU,gBAAgB,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,sDAAsD,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gOAA4M,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4NAAkN,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kUAA0R,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gQAAiP,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,2BAA2B,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+HAA+H,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,uLAAkL,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qRAAsQ,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,uBAAuB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,mNAAyM,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4dAAwc,CAAC,CAAC,CAAC,CAAC,EAAeU,EAAuBZ,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,KAAK,CAAC,SAAS,WAAW,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4VAA4V,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kqBAA8oB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8iBAAyiB,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,UAAU,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,sbAAib,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wOAAwO,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8MAA8M,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2cAA2c,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,SAAS,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,2CAA2C,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,spBAAmnB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kWAA8U,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,iiBAA8f,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qRAAqR,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,mCAAmC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wNAA8M,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,69BAAq7B,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,giBAA4gB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gdAAub,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,wBAAwB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+RAA+R,CAAC,EAAeF,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,OAAO,0BAA0B,QAAQ,sBAAsB,kBAAkB,0BAA0B,MAAM,EAAE,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,wFAAwF,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,0LAAgL,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,kKAAkK,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,kIAAkI,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,0LAAqL,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeW,EAAwBb,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,KAAK,CAAC,SAAS,WAAW,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+aAA+a,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kYAAkY,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4VAAkV,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wWAAwW,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,UAAU,CAAC,EAAeF,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,OAAO,0BAA0B,QAAQ,sBAAsB,kBAAkB,0BAA0B,MAAM,EAAE,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,sEAAsE,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,4EAA4E,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,uDAAuD,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,wDAAwD,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,qEAAqE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,UAAU,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+OAA+O,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qhBAA2gB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,oKAAoK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,SAAS,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,wBAAwB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gdAAgd,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+NAA+N,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,wCAAwC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+YAA0Y,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wKAAwK,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wQAA8P,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,uBAAuB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,oQAAoQ,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qPAAqP,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+NAAgN,CAAC,CAAC,CAAC,CAAC,EAAeY,EAAwBd,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,KAAK,CAAC,SAAS,WAAW,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qZAAsY,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gUAA2T,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,oXAA0W,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kkBAAwjB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,mgBAAyf,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,UAAU,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,ofAAof,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yZAA0Y,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,SAAS,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,mCAAmC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8cAA8c,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kXAA6W,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,iWAAiW,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2NAA6L,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,kBAAkB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,sbAAsb,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,0VAAqV,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,0LAAgL,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,gBAAgB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2LAA2L,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+OAAgO,CAAC,CAAC,CAAC,CAAC,EAAea,EAAwBf,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,KAAK,CAAC,SAAS,WAAW,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,okBAA+jB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qMAAqM,CAAC,EAAeF,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,OAAO,0BAA0B,QAAQ,sBAAsB,kBAAkB,0BAA0B,MAAM,EAAE,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,gGAAgG,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,mDAAmD,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,sDAAsD,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,meAA8d,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,6TAA6T,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,0BAA0B,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,0YAA0Y,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4fAAuf,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,8BAA8B,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8UAA8U,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4WAAuW,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,kDAAkD,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gaAAga,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,uYAAuY,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,uyBAA6xB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,uWAAuW,CAAC,CAAC,CAAC,CAAC,EAAec,EAAwBhB,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,KAAK,CAAC,SAAS,qBAAqB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qfAAqf,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,gBAAgB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wgBAAwgB,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,8BAA8B,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kkBAAmjB,CAAC,EAAeF,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,OAAO,0BAA0B,QAAQ,sBAAsB,kBAAkB,0BAA0B,MAAM,EAAE,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,8PAAoP,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,6OAA6O,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,gPAA4N,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,SAAS,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qEAAqE,CAAC,EAAeF,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,OAAO,0BAA0B,QAAQ,sBAAsB,kBAAkB,0BAA0B,MAAM,EAAE,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,uoBAAuoB,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,wfAAoe,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,oQAA+P,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,UAAU,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4WAA4W,CAAC,EAAeF,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,OAAO,0BAA0B,QAAQ,sBAAsB,kBAAkB,0BAA0B,MAAM,EAAE,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,0GAA0G,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,sHAAsH,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,8CAA8C,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,6CAA6C,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,SAAS,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,oJAAoJ,CAAC,EAAeF,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,OAAO,0BAA0B,QAAQ,sBAAsB,kBAAkB,0BAA0B,MAAM,EAAE,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,mNAA8M,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,4LAA4L,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,uJAAuJ,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,4OAAuO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,sTAAwR,CAAC,CAAC,CAAC,CAAC,EAAee,EAAwBjB,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,KAAK,CAAC,SAAS,WAAW,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,iWAA4V,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qTAAsS,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+YAA0Y,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4SAAuS,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wlBAA+jB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,oNAA+M,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,UAAU,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,uTAAuT,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,ySAAqR,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,iPAAiP,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8LAA8L,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,SAAS,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8gBAAqf,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,0BAA0B,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yKAAyK,CAAC,EAAeF,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,OAAO,0BAA0B,QAAQ,sBAAsB,kBAAkB,0BAA0B,MAAM,EAAE,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,gRAAgR,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,2LAA2L,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,4BAA4B,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2LAAsL,CAAC,EAAeF,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,OAAO,0BAA0B,QAAQ,sBAAsB,kBAAkB,0BAA0B,MAAM,EAAE,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,sHAAsH,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,2WAAsW,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,sRAAiR,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,yMAAqL,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,0CAA0C,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kLAA6K,CAAC,EAAeF,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,OAAO,0BAA0B,QAAQ,sBAAsB,kBAAkB,0BAA0B,MAAM,EAAE,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,qXAAsW,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,4cAA6b,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EACjn5GgB,EAAqB,CAAC,QAAU,CAAC,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,SAAW,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,mBAAqB,CAAC,KAAO,UAAU,CAAC,CAAC", "names": ["richText", "u", "x", "p", "Link", "richText1", "richText2", "richText3", "richText4", "richText5", "richText6", "richText7", "richText8", "richText9", "richText10", "richText11", "richText12", "richText13", "richText14", "__FramerMetadata__"] }