By Dor Knafo, CEO, co-Founder, Axis Security
When work from home went from a luxury to mandatory overnight, that put a lot of pressure on already stretched IT, teams. The magnitude of the challenge has been underscored by the difficulty that even the largest, most well-funded businesses in the world are having when it comes to delivering services quickly in this new environment. Many organizations are struggling to scale their legacy VPN infrastructure because of licensing and limits to the hardware-bound infrastructure that prevents them from quickly scaling capacity. For users, these network-based, legacy access solutions are leading to a frustrating experience as they are being overrun with all employees (not just some) going remote 24×7.
For the average enterprise without unlimited resources, the situation is especially acute. Now it’s not some, but all employees who require secure access to private business applications, anytime from anywhere. Not only that, but as always, a multitude of third parties, suppliers, and subcontractors also interact with the company daily and they continue to require remote application access.
IT teams need to provide this access immediately, or the gears of the business will grind to a halt. The challenge they face is scaling with speed and security.
While this massive infrastructure and access shift are happening, malicious actors are living down to their reputation, targeting hospitals, and healthcare institutions. They’re also targeting weak home-based infrastructure because that is where the workers are, and that infrastructure is assumed, rightly, to be easier to breach than an enterprise environment. Make no mistake, they know the changes that are happening to enterprises right now, and they are acting.
Providing remote, secure access to critical business applications is an extremely difficult proposition using traditional network-based access solutions. Most work from home employees is familiar with Virtual Private Network access. From a user perspective, this was a slow, clunky process even before there was an explosion of people trying to use the service.
What does this mean from a security perspective? Network-centric access approaches are based on trusted devices, and only have a single binary access decision at the beginning of each session. Once a session has begun, the VPN approach reveals another security shortcoming by bringing the user onto the network all the way to the application itself. What if that user has malicious intent, be they a hacker, a third party with access, or perhaps, an insider. They’re now on a flat network, with access to extremely vulnerable legacy applications. Essentially, what businesses are being forced to do using legacy network-based access solutions is to provide a dangerous level of access to inherently insecure and vulnerable applications, representing a massive security risk to the organization.
Application Access Security Without Compromise
There is a better way to enable access to critical business applications. You don’t have to mess with the network. You don’t have to bring every user on to the network right to the front door of highly vulnerable legacy applications. You can keep everyone off your network and your apps isolated…while actually making access easier.
The new way forward, now more than ever, is to leverage a secure application access cloud that acts as a broker between the end-user, the network, and the application. The benefits to this approach are immediate and broad-based both from a security and access perspective for end-users, it is the rapid deployment and a familiar web interface, not that clunky VPN experience we’ve all grown tired of. This increases business agility and user satisfaction
For IT teams, the beauty of a cloud approach is that they’re no longer required to make cumbersome network changes. They can deploy and scale users rapidly and integrate application access with existing identity solutions using a simple API.
From a security standpoint, the application access cloud allows the organization to implement a true zero trust approach to application access. Everyone is an untrusted user, separated from the network and the application itself. With a VPN, there is a binary yes/no decision point at the beginning of the session, and then the end-user is on the network, free to roam and interact with highly vulnerable legacy applications.
By leveraging an application access cloud, IT teams gain enhanced security by separating the user from the application, essentially upgrading legacy applications to the latest secure communications protocols without ever having to touch them. In addition to enhanced security are greater visibility, control, and analytics. Every user is tightly managed, every action is tightly reported and recorded. A dashboard provides visibility into exactly what’s going on across all users, at all times. This is the future; this is zero trust application access.
About the Author
Dor Knafo is co-founder and CEO of Axis Security. Axis Security was founded to solve the problem of secure application access for employees, partners, and other stakeholders. Axis Security delivers a purpose-built zero-trust cloud-native security and analytics platform for fully controlled and managed access anywhere, solving one of the most vexing challenges for security teams. Prior to co-founding Axis Security, Dor was a senior security researcher at Fireglass, a leader in web isolation and later by acquisition, at Symantec. Dor is a five year veteran of the elite Unit 8200 of the Israeli Army Intelligence Corps as a senior software engineer for advanced cybersecurity, and earned a Bachelor of Science degree in Computer Science from IDC Herzliya, graduating cum laude.