While some in the
industry are making the argument that enterprises don’t need VPNs anymore
(principally vendors that don’t offer VPN solutions), nothing could be further
from the truth. To mangle Mark Twain’s famous quote, press reports of the death
of VPN are greatly exaggerated.VPNs remain the proven
and reliable method of providing protected remote access to datacenter
resources. And those on-premises applications aren’t going anywhere.In a recent survey conducted by IDG Connect for Pulse Secure, every single respondent reported using a combination of on-premise data center and some form of cloud delivery capability. The network perimeter of today is more elastic and flexible than in the past, but the notion that it no longer exists is quite wrong.
A hybrid secure access
architecture for a hybrid IT worldVPNs remain an
essential component of a secure access architecture. They enable remote workers
and trusted third parties, such as partners, clients and contractors, to access
the trusted enterprise network and datacenter applications — on premises or in
the cloud — from a wide range of endpoints, including BYOD mobile.Extra marks go to VPN
providers that offer options for tailoring a solution to accommodate this
diverse set of users, such as agent or agentless access, and a single-client
approach that supports all operating systems and device types.But VPNs need not be the only component of secure access. Today’s hybrid IT world requires a hybrid secure access architecture that can protect data center applications from malicious insiders connected via LAN or WAN as well as malicious outsiders who might find their way into the enterprise network using stolen credentials.The solution is Zero
Trust, a concept first proposed by Forrester Research that pivots from the
“you’re in so you’re trusted” approach of the network perimeter to a “trust no
one until proven otherwise” approach that operates at the application level.
Zero Trust ensures that only authenticated users with compliant devices can
connect to authorized applications over any network.In a hybrid secure
access architecture, this Zero Trust capability is accomplished via network
access control (NAC) technology, which provides continuous visibility, endpoint
and IoT access control, and automated threat mitigation. NAC enables a “comply
to connect” strategy that uses strong endpoint authentication, host checking,
conditional access and guest management as well as IoT security and threat
response capabilities.Add SDP to the hybrid
secure access architectureSoftware defined perimeter (SDP) is a newer approach to securing access to applications residing in the cloud or data center. SDP offers an alternative to routing traffic through VPNs and complements NAC security resources by addressing identity-based security at a higher level in the stack. By granting secure verified user and device access to only specifically authorized applications, SDP helps reduce exposure to advanced threats while simplifying connectivity and improving the user experience.With SDP, the attack
surface is reduced through per-application network segmentation and allowing
only direct access to authorized applications; other applications are hidden
from discovery. Extensive multi-factor authentication and authorization ensure
that users, their devices and the applications they access are continuously
verified.“Where and when,” not
“either/or”You can have VPN where
you need it for remote access to datacenter and cloud applications, combined
with NAC for granular control over which classes of users can access which
applications. The result is a Zero Trust solution for secure access to
corporate data that leverages existing security technology investments. Layer
in SDP where it makes sense as a Zero Trust solution for IaaS or SaaS
application access, using it for external and internal users, working remotely
or onsite.Integration and
single-pane-of-glass managementResearch shows
management complexity is also important to enterprises. Security application
suites offer an alternative to individual VPN, NAC and SDP solutions. Vendors
offering integrated suites ideally provide a single client that supports all
technologies in the Zero Trust stack, with access via VPN or SDP depending on
the locations of the application. Integration should also deliver a
single-pane-of-glass for access management and operational visibility across
on-premise and cloud environments.
There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]
It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
