The Problem

Modern Requirements

Organizations need a better way to securely connect users to apps and resources. This is no small task for an enterprise that often has more than 250 different company sanctioned applications in regular use. It is common for a modern enterprise to need secure user access for resources across on-premises data centers, private cloud, and public cloud including access for:

• Email, messaging, file transfer, web apps
• Thick client apps
• VOIP, video, peer-to-peer apps
• Remote desktops
• Databases
• Admin logins
• Developer resources
• Public SaaS & IaaS

A typical enterprise also has to provide secure access to different types of users and a range of devices, including:

• Employees with company laptops
• Employees working from their own devices (BYOD)
• Supply chain vendors and partners with 3rd party owned devices
• Contractors and consultants who may or may not have company issued devices
• Employees of acquired companies and subsidiaries
• Temporary users with their own devices
• Development teams
• Privileged users and administrators

With so many different types of applications, devices, and users that need secure access, organizations are hard pressed to find a simple way to solve for all their use cases. And remember, they still need to secure the enterprise against attacks. As a result, many companies have resorted to using multiple solutions, ending up with a complicated and fractured approach spread across multiple teams — IT Security, Networking, Infrastructure, Identity, and Cloud.

Old Methods

The VPN

The VPN is the most common default method for granting secure access to applications and resources. This is too bad. It is decades old technology. No one likes the VPN. Let me count the ways:

1. Users find it inconvenient to navigate and it is especially bad for organizations with lots of acquisitions as you can only be on one VPN at a time.
2. VPNs are expensive to scale and complicated to deploy, a problem many companies dealt with this year when their VPN’s overloaded with a suddenly all remote workforce.
3. VPNs are very inefficient for cloud. No one likes the idea of tunneling remote traffic back to the enterprise network and then back out to the cloud. The alternative is to use split tunneling which is problematic for security.
4. And speaking of security, VPNs overall are fundamentally not secure enough since they tunnel users directly into the open internal network of the company where a malicious or compromised user can wreak havoc on vulnerable applications and gain access to precious data.
5. VPNs also require agents on the endpoint, except sometimes for web apps, but not every use case is a web app — making it very hard to solve for BYOD and 3rd party owned devices.

What about VDI?

Virtual Desktop Infrastructure is one of the work-arounds for secure access use cases that can’t be solved with a VPN. Specifically all those use cases with users on unmanaged devices who need to access resources and applications that are not web apps. Secure access is not the only reason to use VDI but it is increasingly common for organizations to turn to VDI for what should be a simple remote access requirement.

VDI is problematic, too. Let me count the ways:

1. Users don’t love it because it can tax their productivity with painful, painful latency. The lag time for the user trying to accomplish something on a virtual desktop can be maddening.
2. VDI is expensive and complicated. In addition to the virtual desktop infrastructure with servers, storage, etc, VDI still requires a network gateway to enable remote users to access the virtual desktop where the applications and resources are located. So you have to buy and manage infrastructure and network gateways.
3. And that virtual desktop, where the user ends up, is inside the perimeter sitting in the data center or in the corporate cloud. Also you may not be able to protect those virtual desktops with EDR because auto updates can cause the whole virtualized system to seize up and non-persistent virtual environments may not be around long enough for EDR to work at all. Once again you have a security issue with users getting very close to critical and potentially vulnerable assets.

And then there’s CASB, Web Gateways, and Public Cloud

Neither VPNs nor VDI are friendly solutions for public cloud. So, many organizations add even more secure access solutions into the mix. They turn to inline Cloud Access Security Broker (CASB) or Secure Web Gateway (SWG) capabilities to control and monitor use of public cloud and web apps. They may also try to use native capabilities in individual cloud apps and services. This adds even more complexity to the secure access mix because these solutions are only for public web and cloud apps and services. They come with their own policies, management, visibility and integrations.

It’s all too much

It is madness that the one simple business requirement for remote secure access has become such a quagmire of complexity and cost. VPNs, network gateways, VDI, CASB, Secure Web Gateway, IaaS, and SaaS are often managed by different people or even completely separate departments. Each system has its own policies, visibility, integrations, and deployments.

The Solution

There’s no denying that organizations need a solution that is cloud friendly but also good for both cloud and on-prem applications, and can also cover users no matter where they are working from. A solution that is agentless most of the time (not just for web apps) makes it much easier to deliver secure access to users on devices not managed by the company. A solution that supports secure access for the full range of applications and use cases. This includes users with thick client apps or using peer-to-peer apps, VOIP, and video. And this solution needs to meet modern security standards so it should be a zero trust approach to protect vulnerable corporate resources.

This may sound too good to be true, but it shouldn’t be.

One Secure Access Solution for All

What if there was a solution that supported all these enterprise use cases with the myriad of different applications, users, and devices? What if you could deliver secure access with a single fast-to-deploy cloud service that is agentless first and doesn’t require you change your network? What if you had one central place for policies; consistent visibility across all users and apps; one place for integrations with your identity, endpoint, SIEM, and other security systems; and one solution that easily scales as your access needs change?

Such a solution now exists. With Axis Security Application Access Cloud’s recent expansion of capabilities, organizations have a solution that scales with them as they grow, providing more agentless options, and supporting more apps and use cases than any other secure access solution. With Application Access Cloud, all of the secure access use cases that once required the complexity of multiple solutions, can all be handled one fast-to-deploy, easy-to-use, zero trust solution. For more information on what Application Access Cloud can now do for you, check out our December 8th announcement.

The post Secure Access Challenges for the Modern Enterprise appeared first on Axis Security.

At a time when apps are the beating heart of an organization, security breaches have become more prevalent and damaging than ever. That’s why more enterprises are transitioning to Zero Trust Application Access (ZTAA) over VPNs.

Key Differences Between VPNs and ZTAA

VPNs are outdated

Are there any other technologies in your stack, network, or device that are 25 years old? Probably just your VPN. The way most companies do remote access appears to be the only thing that hasn’t evolved.

In the last ten years alone — since the introduction of the iPad — more and more employees have accessed work-related applications using their own devices. Users now want their security to be as user-friendly and reliable as their new devices. Add in the migration to (and added complexity of) the cloud, and you can see why the geo-centric VPN has become outdated.

Today’s security requirements call for a higher level of reliability than VPNs can offer. A virtual private network isn’t even that “private“ by today’s standards. In fact, it opens up a network and its applications to all sorts of threats, internal and external. This is why modern organizations should be looking for VPN alternatives more than ever before.

ZTAA: Faster, easier, more secure

Zero Trust Application Access, on the other hand, is the modern VPN replacement. It offers a data security approach that focuses on zero trust of any users inside or outside of an organization, enabling users anywhere while protecting applications.

Today’s businesses run on people, apps and policy. As such, they must fulfil their users’ and employees’ need to access the internet, private networks, and the cloud. Such complexity requires Zero Trust Application Access to safely provide this critical connectivity.

The fastest and most secure way to a true zero trust posture, ZTAA leverages that connectivity to simplify and secure application access. All without the complexities or risks of configuring and securing the underlying network.

The App Access Cloud: The VPN Alternative of Choice

Using ZTAA, Axis Security’s App Access Cloud covers applications in a Zero Trust “blanket” that isolates them from threats while providing trusted, continuously monitored access to anyone, anywhere, on any device.

Axis Security’s App Access Cloud has a significant advantage over other Zero Trust solutions: It brokers the connection between users and apps to ensure that users never actually touch the network or the apps themselves.

Unlike VPNs, the App Access Cloud is cloud-centric, functioning entirely on the Internet. This quickly provides partners or 3rd parties with access, without any network changes or hardware installations – making it the ideal VPN replacement. Request a free demo today!

The post Simple, Secure, Scalable: The Best Alternative to VPN for Enterprises | Axis Security appeared first on Axis Security.