blog-banner.jpg

Total Cloud Security Blog

Securing Remote Work Part 4: ZTNA

By Kevin Sheu | May 15, 2020 at 5:00 AM
remote-work-CTA

My colleagues Wayne Phillips and Jonathan Andresen recently delivered a webcast titled, “Who moved my VPN and why should I care?” It covers a host of topics related to securing today’s remote workforce, but the title does raise a valid question: are VPNs still relevant?

 

For decades, VPN has provided remote users with a secure tunnel into the office network. VPNs are part of a “coconut” or “M&M” strategy (hard outer shell, soft inside). It relies on the notion of a network perimeter where trusted users are on the inside and everything on the outside is denied access.

Yet, even before the shift to a remote workforce, the paradigm was faltering. “We've reached this market inflection thanks to the categorical realization from both security vendors and security pros that perimeter-based security has failed,” says Forrester principal analyst Chase Cunningham. There are a variety of flaws: it doesn’t address insider attacks, non-employees (e.g. partners) may need access, and most notably, if an attacker gets access (e.g. via VPN credential abuse), they are able to move freely between hosts. There is an additive point that VPNs are simply difficult to manage.

The modern business environment, independent of restrictions on movement, requires a new pardigm. Users leverage a broad swath of devices; not to mention, assets and applications rarely reside behind that tough outer perimeter. Long ago, the load on the VPN firewall was already overwhelmed and performance bottlenecks affected usability and uptime. Furthermore, VPN access from unmanaged devices is infeasible. To overcome these limitations, we recommend zero trust network access (ZTNA) tools. 

Comprehensive ZTNA encompasses several core disciplines; fortunately Bitglass is designed to deliver everything that is needed to secure access to on-premises or private apps.

Identity and MFA​: Whether for managed or unmanaged devices, ZTNA must require authentication via corporate SSO and MFA. 

Bitglass offers native single sign-on (SSO) and can integrate with your existing identity provider like Okta and PingFederate. The solution also provides multi-factor authentication (MFA) that goes beyond the use of passwords and verifies users’ identities through hardware tokens, SMS tokens sent via text or email, as well as third-party tools like Google Authenticator.

Configuring the integration between an existing IDP and Bitglass is simple and brief. Once configured, when users authenticate via the IdP, Bitglass is inserted into the path of traffic to apply inline and out-of-band protections.

ZTNAPicture1

Access Control and DLP

Granting access to resources must be done contextually, based on user, group, application, location, type of device, etc. 

Bitglass offers a customizable, fine-grained approach to data security. With a robust cloud DLP engine, the platform automatically takes action on data based on content and context; this includes the aforementioned items, relevant compliance requirements, any data patterns you may select or build, and more. DLP policies that can be enforced on content flowing into and out of applications include encrypt, watermark, block, DRM, and more.

ZTNAPicture2

Threat Protection: Advanced threat protection is a critical requirement for cybersecurity—malware is incredibly dangerous for any enterprise. 

By incorporating the CrowdStrike and Cylance detection engines directly into Bitglass’ proxy, the Bitglass platform identifies and blocks malware in real time as infected files are uploaded to or downloaded from on-premises applications. Because the solution is agentless and transparent to the end user, it is a perfect fit for blocking malware on any device, including personal endpoints. Security teams also have the option to scan data that is already at rest in an application. Infected files can then be quarantined proactively so that malware can’t spread to connected apps or be downloaded by users.

ztnaPicture3

Engage any of our worldwide cloud specialists to learn how the most innovative organizations in your industry are using Bitglass to fast track their ZTNA initiatives. To learn more about how Bitglass can secure remote workers, download the below technical brief.

Want to learn more about how Bitglass can help your organization and its remote workers stay safe in today’s trying times? Download the white paper below. You can also request a free trial of Bitglass’ solution.

Enabling Zero Trust Remote Work

FOLLOW US