25 years after the invention of VPN’s (PPTP was invented by an MSFT employee in 1996) we have finally found a revolutionary way of working remotely with increased security. In the new reality of instant lockdowns due to the pandemic, companies are forced to find ways to give access to cloud and on prem applications in a fast and secure manner.
Zero Trust Network Access (ZTNA) coupled with adaptive Multi Factor Authentication (MFA) is now being widely adopted world-wide as the best architecture to use.
Some questions that IT departments are being asked to solve:
- “Do I need to upgrade my VPN licensing on my Firewall’s to cope with an increase in remote users?”
- “Do I now need to upgrade my firewalls?”
- “Can my WAN/Internet links handle that traffic?”
- “If I give my end user’s VPN access, do I need to give them access to the whole network segment?”
- “How do I avoid issues like this?”: https://www.cert.govt.nz/it-specialists/advisories/vulnerability-in-fortinet-firewalls-being-exploited/
Imagine if there was a solution where you are working from home, and you can access that work application without opening your VPN client and not be the next potential casualty in the NZ Herald for using unprotected RDP access? Imagine if you can feel safe in the knowledge that because the solution understands your normal behavior it doesn’t even force you to use MFA anymore. The solution should understand who you are (User) and where you are working from (Home IP address) and that you are working from your normal laptop (MAC address) and only allows you access to the app that permits you to fulfill your normal work. If any of those parameters change then yes, you would be happy to run through the hoops of using MFA. Otherwise; let the user proceed with their normal working day. This is a solution that potentially removes the need for you to have any on-prem legacy application as you will be able to move them to the cloud a lot easier.
Chillisoft prides itself in putting together best-of-breed Gartner leading solutions to solve modern day problems that fit the kiwi market. Chillisoft is a typical standard NZ SMB, we have embraced the cloud and almost everything we have is either a SaaS solution or sits in the private or public cloud. The only thing we haven’t done is move our finance system to the cloud, which means we have racks of servers, switches and firewalls that are cumbersome, time consuming to maintain and costly to run. Sound familiar? Everyone has 1 or 2 legacy apps that require you to be a hybrid environment for a little while longer.
Using Netskope’s Private Access (https://www.netskope.com/products/private-access) and Cyberark’s adaptive MFA ()https://www.cyberark.com/products/adaptive-multi-factor-authentication/), we can now move that app to the cloud, give our finance and management team zero trust remote access without VPN and use adaptive MFA to tighten or relax their security depending on the user’s behavior and situation. Even better yet, we can limit that user to accessing that one (or multiple) legacy app/s without compromising the rest of the network using a philosophy of least privilege access. Meaning when working remotely I am only going to give the finance department access to only the finance application and nothing else.