It’s an on-the-move, BYOD, cloud-based world. It’s just a fact. And for IT, Security, and Compliance teams – it’s a fact that makes life challenging.
Why is this? Because despite the obvious productivity benefits of the technologies that enable previously unthinkable mobility and flexibility – their use makes it far more difficult to define IT network boundaries and manage access to applications and data by employees, business partners, customers and various other enterprise stakeholders.
One key aspect of the mobility revolution is the need to provide employees, contractors, partners and sometimes even customers, with access to the systems they need for their everyday jobs, from a location other than the office. To develop and implement an effective remote access strategy, companies need to evaluate their actual access needs from a number of angles.
Our experts have put their heads together to produce a comprehensive list of their recommendations in our guide: 10 Steps to Evaluate Your Access Strategy to Remote Assets. Here are three of these key points to get you started:
#1 – Identity and Access Management (IAM)
Before you give or deny access, you need to know who exactly it is that you’re authorizing or denying. For this, companies turn to Identity and Access Management - IAM.
IAM in enterprise IT is about defining and managing the roles and access privileges of individual users and the circumstances in which users are granted or denied those privileges. Originally a subsection of cybersecurity, IAM has become its own market. However, as good as they are, in order to be effective, IAM solutions need to be integrated with all access scenarios to all IT assets and should be treated as singular “master” inventory locations. In many organizations, different corporate IT resources use different identity providers for authentication and authorization to different assets. This lack of federated identity or a “single source of truth” can result in:
- Inconsistent access control – where one user has different accounts in different systems
- Poor transparency – these systems are difficult to audit, which is especially worrisome in tight regulatory environments
- Complex on-boarding/off-boarding and troubleshooting processes
“The core objective of IAM systems is one digital identity per individual. Once that digital identity has been established, it must be maintained, modified and monitored throughout each user’s ‘access lifecycle,’” noted James A. Martin in a recent CSO Magazine article.
Organizations need to adopt IAM solutions that ensure that every user has one federated identity, and then follow-through on any organizational, personal, or technical changes that may affect the state of this identity. This “one source of truth” is the key to enabling safe access to remote assets.
#2 - Performance Scaling and Capacity Planning
Capacity planning for a secure access infrastructure is mission-critical. The problem is that in order to define the parameters of the computing, networking and storage resources your infrastructure will require, you need to answer some really tough questions. You might not even have those answers until you have implemented some tools. These questions include:
- Exactly how many users will be accessing corporate systems simultaneously?
- How much bandwidth will they be consuming when doing so?
- How latency-sensitive will their applications be?
To ensure that a secure access infrastructure, regardless of its environment, satisfies all real-world needs, you need to make sure your access infrastructure will be able to grow. Traditional network appliance vendors tout either the number of users each appliance supports or RAM, CPU and disk requirements. These approaches were acceptable for static networks, but less so in modern networks – which consist of dynamic infrastructure, hosted privately or in the public cloud. This is the elastic infrastructure about which we hear so much, and in this framework you can choose one of three approaches for your secure access infrastructure:
- Deploy it on a private cloud infrastructure, such as OpenStack or VMWare
- Deploy on a public cloud infrastructure, such as AWS, Microsoft Azure, Google Cloud Platform
- Consume Remote Access solution as-a-service
#3 - Network vs Application-Level Access
The enterprise network is more complex than ever before, with more endpoints, more cloud-based solutions and less on-premises solutions. This, as we mentioned above, makes it increasingly difficult to both effectively manage and secure the network.
Moreover, with the majority of individuals using web applications on social media and Gmail on a daily basis - we neither need nor have network access to their respective data centers. The question remains, therefore, why corporate applications should be any different.
What remote workers need is application-level access that facilitates the ability of users working off site to access corporate IT applications and services. This enables full productivity on their part, while reducing the risk of infected devices entering the network or malicious actors gaining network access: there is no longer a corporate network. Application-level access lowers the organizational attack surface dramatically, representing a completely new key infrastructure in security and architecture.
The Bottom Line
The above steps are just a sneak peek of three out of the ten steps we recommend that you take in order to evaluate your access strategy to remote assets. Regardless of your company’s policy on remote workers, whether you have distributed teams or whether only executives are allowed to access enterprise resources remotely - you need to ensure you have a plan in place.
To read the full whitepaper, click here.