Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
TRUSTED SECURE ACCESS
Keith RoseCustomer Success Manager
From Securing Network Perimeters (Software Defined Perimeter) to safeguarding your Digital Transformation
INSTASAFE SECURE ACCESS
Venture backed | India & USA | 100+ customers, with global footprints |4 times CIO Choice awardee
“Restricting users only to the resources they need to perform their job” and continuously monitoring their activities.
The True “Zero Trust” Secure Access Solution
Market Demand for Zero Trust Access
Market Pains:• Traditional application access solutions
(e.g. VPNs) do not meet the needs of modern enterprises:
• Cloud applications, mobile workforce, 3rd party access
• Attackers targeting access technology vulnerabilities to enter corporate networks
Software Defined Perimeter (SDP):• Allows secure and flexible access to cloud
and on-prem applications
• Leverages the principals of Zero Trust access
• Trust is continuously verified; access is limited
By 2022, 80% of new digital business applications opened up to ecosystem partners will be accessed through zero trust network access (ZTNA).
By 2023, 60% of enterprises will phase out most of their remote access virtual private networks (VPNs) in favor of ZTNA.
By 2023, 40% of enterprises will have adopted ZTNA for other use cases described in this research
Gartner – Zero Trust Network Access
Zero trust network access replacestraditional technologies, which requirecompanies to extend excessive trust toemployees and partners to connect andcollaborate.Security and risk management leadersshould plan pilot ZTNA projects foremployee/partner-facing applications.
“… SDPs will become a mainstream approach adopted by more than30% of enterprises over the next five years
InstaSafe named by Gartner as a Represented Vendor in Report –Market Guide for Zero Trust Network Access
Traditional IT Architecture— Network Centric
Security enforced at the network perimeter
FWs/VPNs
Partner
Employee
Personal DeviceNetworkLevel Access
Modern IT Network—Application Centric
The network perimeter is vanishing
Cloud generation challenges• Apps, data and employees
have moved outside of traditional network—thereis no perimeter to defend
• Partners, contractors and others need access to corporate Apps and data
• Access needs to be limited/restricted
• Device types have proliferated—including BYOD
Contractor
Personal Device
Personal Device
Customer
Partner
Partner
Contractor
Partner
Need: Simple & Flexible Secure Access during this Digital Transformation Journey
Today’s Network Challenges
Applications hosted acrossMulti Cloud Environments
Compliance & RegulatoryChallenges
Password Management & Security Concern of remote user & BYOD devices.
Challenges to Manage and Monitor too many Dashboards & IT hardware
Many Remote Offices with few no of user in each location / branches
No visibility of users accessing Public Cloud Applications (O365)
Quick Provisioning and de-provisioning requirements
High Dependency on MPLS
Existing Approaches—Securing Access to the Cloud
DMZ
VPN
Complex
• Increased timeto market
• Cumbersome and confusing user experience
• Maintain agents/ appliances
• Lateral movement around entire network
• Increased network attack surface
• Compliance readiness failure
Insecure
• High infrastructure and licensing costs
• Duplication required• High operational costs
Expensive
VPNs, firewalls, & DMZs—not up to the challenge
Our Approach—Securing Access to the Cloud
Zero Trust-based Secure application access
Personal Device
Customer
Partner
Contractor
PartnerPersonal Device
Partner
How It Works
Zero Trust-based application access
ISA Controller
EmployeeAffiliate
Chain PartnerContractorB2b Partner
B2c CustomerContextualPrevention
ApplicationServers
Deploy Connectors& Connect To Secure
Access Cloud
Point-to-pointAccess
ApplicationLayer
Monitor &Log Activities
Authenticate UserValidate Device Health
Point-to-pointAccess
Anyone to anywhere – simple and secure app access
Deploy in Minutes
Cloud Alternative to Traditional Access Methods
ISA SDP
Connectivity Direction Connectivity Direction
AWS/Azure/Google/On-Prem
Traditional DMZ—Connected via the Network
InstaSafe Secure Access—SDP-based Cloud Native Connectivity
Internet/MPLS
ProxySSLVPNBastion
Jump Host
Corporate DMZ
ApplicationsServices
Workloads
AWS/Azure/Google/On-Prem
Connectivity Direction Connectivity Direction
Internet/MPLSInternet/MPLS
ApplicationsServices
Workloads
Internet Internet
Superior Architecture Improves Security
HTTPSHTTPS
VPN Connectivity
• Indirect HTTPS connections established between users and applications using a reverse proxy
• Authenticated devices never gain direct access to the application server or network
• Eliminates OS or SSL/TLS vulnerabilities such as HeartBleed
• Policies can govern specific user actions and prevent data exfiltration
No direct connection to the application
Alternative Approach
• Uses a (VPN-like) endpoint client to connect users to applications through the cloud
• Authenticated users requesting access, gain direct layer 4 level access to the application server
• Approach exposes applications to network-based attacks such as OS or TLS vulnerabilities from malicious or infected users
Direct connectivity to the application server and network
Key Enterprise Use Cases
Applying Zero Trust access to secure corporate applications
Secure access for DevOps
Simple and secure access for dev environments
Secure access to corporate apps migrating to IaaS
Reduces complexity while improving security
Secure access for 3rd party users, M&A, & BYODAllows modern workforce to work from anywhere
13
FIELD USE CASES
From Securing Network Perimeters(Software Defined Perimeter)
to safeguarding yourDigital Transformation
Secure Access to applications hosted in AWS for Remote users
Provide a secure, simple and easy way for my users and contractors to access corporate applications distributed across AWS cloud and OnPremises without switching agents.
Allow application access for BYOD (unmanaged) devices without data leaks. Mitigate credential sharing and Device switching between the users. Authenticate user and user devices before accessing the application. Integrate MFA to satisfy compliance and security needs. Support all users devices and operating systems. Provide rule and role based access. Maintain all access logs: which user accessed which application at what time? Eliminate complexities in managing secure access.
Provide Zero-Trust access to cloud and on-premises applications while reducing complexity
DevOps
Secure Access for 3rd Parties & BYOD
Securely let 3rd parties (e.g. suppliers and partners) and BYOD devices access corporate applications
Contractor BYOD
Support the needs of the modern workforce using BYODs while working from anywhere
Let 3rd parties access corporate applications without exposing my network
Account for identity, device posture and sensitivity of resources when providing application access
Secure Access for DevOps Managing Development and Production Environments
Give DevOps teams with agile access to cloud environment without compromising security
DevOps
Allow DevOps resources to securely access multiple cloud environment from anywhere
Dynamically provision and de-provision access to VMs, PaaS and IaaS environments
Full audit trail over DevOps actions in cloud environments
Multi Cloud Peering
IaaSOn-Premises
Provide a secure and economical access for workloads distributed across AWS, Azure and GCP
Make my applications invisible from Internet. Make this connections live quick. have proper monitoring for connections and HA in place. Mitigate risks of network based attacks.
Provide Zero-Trust while reducing complexity
Experience: Zero Trust @ InstaSafe
Proof of Value Projects:• DevOps access
– Development environment– RDP or SSH access
• Corporate application access– Select applications– Hybrid Cloud / IaaS or on-
premises
• BYOD & 3rd party access– Select users / vendors– Select applications– Select devices
One of the top pilots
enterprises should budget for in 2019
You will see: • Simple & Flexible solution• Ease of deployment/use; no
agent required• Zero-Trust Access to
corporate applications
*Zero Trust Is an Initial Step on the Roadmap to CARTA - 12/18
We are Trusted by
Thank You