NetFoundry uses Mattermost with OpenZiti for zero trust internal and external communications

NetFoundry is a software company committed to keeping the world secure via a free, open source zero trust overlay network called OpenZiti that’s compatible with any workload across any cloud, including AWS, Azure, and Oracle, as well as in on-premises environments. Founded in 2017 and headquartered in Charlotte, N.C., NetFoundry also offers CloudZiti, a SaaS solution built on OpenZiti that delivers a managed open source zero trust networking platform. The company has a team of about 60 employees spread out across the world.

Needing a collaboration platform that aligned with core principles 

As a remote-first startup, NetFoundry requires a resilient and adaptable collaboration platform to ensure employees stay connected and keep projects moving forward. 

The company had been using Slack to collaborate, but the tool didn’t align with NetFoundry’s core principles of permissionless innovation, belief in open source, and security by design. Further, NetFoundry wanted to have data sovereignty over such mission-critical information. So the team began searching for a new solution that aligned with their requirements. 

“Robust communications solutions are critical to our ability to collaborate and ultimately serve our customers as best as possible,” says Philip Griffiths, vice president and head of global business development and alliances at NetFoundry.

At the same time, NetFoundry also wanted a collaboration solution they could self-host and manage internally so they could maintain complete control over their data and also champion their own products.

“We wanted to be able to test it on use cases we had control over,” Griffiths says. “Internal usage of tools is important to figure out extra functions and bugs that make our products better for our customers without them experiencing any pain.”

Choosing Mattermost as an open source Slack alternative

While researching their options, the NetFoundry team came across Mattermost, the secure collaboration hub for technical teams. After studying the platform, they agreed that Mattermost had relative parity with Slack’s features. More importantly, Mattermost aligned with the company’s core principles:

• Secure by design. As a zero trust provider, NetFoundry is laser-focused on zero trust both for itself and for its customers. Since Mattermost’s open source nature delivers a highly secure, flexible, and resilient platform out of the box, the team has embedded zero trust networking directly into Mattermost clients using a JavaScript-based Zero Trust SDK. As a result, NetFoundry employees, customers, and even third parties can access Mattermost directly from their web browsers over a zero trust connection. Users have a public SaaS experience without the need to install a local zero trust client while Mattermost resides in a completely private network with no inbound firewall ports.
• Permissionless innovation. With a self-hosted solution and complete access to source code, NetFoundry could experiment with Mattermost however and whenever they wanted. The same can’t be said of proprietary alternatives.
• Open source and self-hostable. No one knows what the world will look like in five years; NetFoundry can’t be sure of what its collaboration and security requirements will be by then. Since Mattermost is an open source solution with endless adaptability, it doesn’t matter. The team can adjust the platform however they see fit as its needs change, and they are in full control of their own deployment.

Collaborating securely with internal and external partners wherever they are

Mattermost serves as NetFoundry’s central collaboration hub that keeps its distributed team connected across 178 channels, enabling team members and external partners to work together securely and productively according to their own schedules. 

“We are a remote-first organization with people across North America, Europe, India, and more,” Griffiths says. “While we have clusters, great asynchronous communication is paramount to success. Mattermost is great for internal communications, partner communications, and out-of-band communications.” 

Future-proof communications, business model

With an open source collaboration hub powering its operations, NetFoundry can rest comfortably knowing it has a messaging solution that can grow alongside it while accommodating its unique requirements, whatever they are.

At the same time, NetFoundry is positioned to meet the growing demand for zero trust architecture. “We can integrate our various external teams over our own zero trust network so that Mattermost stays ‘invisible’ while interacting with the external world,” Griffiths explains.

NetFoundry aims to help make the world safer, and both Mattermost and zero trust architecture aid them in that mission.

“If you look at the current state of IT, it’s woeful — huge attacks happen all the time,” Griffiths says. “We want to make the world secure by default to stop the perennial cyberattacks and drag on the world economy as we become even more dependent on digital and interconnected systems.” 

Bringing zero trust to Mattermost web apps

In 2022, NetFoundry unveiled a new solution: BrowZer, an open source product that’s part of the OpenZiti project. BrowZer enables organizations to deliver applications that are private to the internet over a normal internet experience — without VPNs, DNS configurations, or open firewall ports. It doesn’t matter where users are or where data lives; BrowZer delivers an embedded zero trust connection between a user’s web browser and the server, and the user is none the wiser because the session appears just as it would if they accessed the web app over the open internet. 

The NetFoundry team has used BrowZer to bring zero trust Mattermost instances to their customers for secure collaboration; any organization can use NetFoundry’s agentless BrowZer solution for Mattermost or the company’s agent-based solution if they prefer.

“We embedded BrowZer, our cutting-edge zero trust networking technology, into Mattermost to privately connect and communicate with partners over the public internet,” Griffiths continues. “The beauty is that software installations are not required. Users get a public application experience while the app stays completely private and unreachable for external hackers.” 

Even though Mattermost isn’t accessible via the public internet, NetFoundry can still make “dark webhooks” that pipe data into Mattermost automatically.

“We like to put Ziti inside things — we call them zitifications,” Griffiths jokes. “And perhaps one day OpenZiti will be embedded to create MattermoZt.”

Help spread the word about OpenZiti and Mattermost; giving each repo a star helps others know what projects are interesting, exciting, and worth checking out. Learn more about OpenZiti by reading the documentation. The team would love to hear from OpenZiti developers looking to integrate with other services.