As the old adage goes, “Trust must be earned.” This proverb essentially means that trusting those who are not truly trustworthy can have harmful results. Interestingly, this wisdom is particularly applicable to cybersecurity. There are countless external (and internal) threat actors that would love to take advantage of overly trusting enterprises in order to access their IT systems and steal their data. Consequently, organizations must make certain that they are granting access to trustworthy users only.
Zero Trust Network Access
Zero trust network access, or ZTNA, is a service that leverages the above ideas in order to ensure secure remote access to applications that are running in the public cloud or in private data center environments. These solutions provide secure access based on adaptive controls; they also monitor user activity and perform continuous risk assessment. ZTNA reduces the enterprise’s attack surface and increases IT’s visibility into user activity and applications.
Traditionally, organizations sought to achieve the above through VPN (virtual private network). Using VPN is a strategy that ensures safe access through a secure tunnel that links a user’s device to an enterprise’s network and the resources therein. However, VPN suffers from a number of issues that ZTNA circumvents entirely. Having users “VPN in” introduces latency, hampers productivity, can be difficult to scale organizationally, and grants users full access to the network and everything on it – which violates the principle of zero trust. Fortunately, ZTNA is scalable, preserves user experience, and grants access to specific applications rather than the entire network.
Bitglass provides a unique, powerful approach to ZTNA. Bitglass’ agentless solution eliminates the need for VPN and software installations on endpoints by tying into organizations’ single sign-on (SSO) solutions. When users authenticate via SSO in order to access custom apps hosted either on premises or on infrastructure-as-a-service (IaaS) platforms, Bitglass is inserted into the path of traffic. Once users are authenticated via SSO – and multi-factor authentication, if an organization wants extra security – and their traffic is being agentlessly proxied by Bitglass, then they are able to access protected apps and data. Users who are not deemed trustworthy in this way are not granted access. In addition to the above, Bitglass is able to enforce granular security policies, including encryption and real-time data loss prevention (DLP), bolstering security further.
Want to learn more about how Bitglass can secure your organization? Request a demo below.