This month we share an insight from our technology partner Akamai. We look at how traditional remote application access methods such as VPNs, RDP, and proxies are becoming outdated. It is time to adopt a simple and uncluttered approach.
We are all familiar with the enterprise security approach of treating an organization like a castle, and protecting it with a moat. Moats have been used for perimeter defence since ancient Egypt. While the moat and castle enterprise security approach has worked well in the past it is starting to show its age.
The moat and castle approach is not only ancient, it is also losing its effectiveness in today’s mobile and cloud first world. The evolution of enterprises, applications, and the threat landscape is seeing to that.
Enterprises are evolving and turning inside out. Employees want to be able to access enterprise applications remotely and easily. In addition, the enterprise ecosystem has become a core ingredient in successful digital transformation. And that ecosystem of partners, contractors, and even suppliers wants the same thing as employees: Secure access to enterprise applications from anywhere, on any device. As Akamai’s own Sr. Director of Enterprise Security & Infrastructure Engineering points out: “There is no inside.”
You might also like: Third-Party and Remote Enterprise Application Access Needs to Evolve
End-users needs are changing, they expect the same experience when submitting an expense report or a bug report as when they update their social media profile or check their bank balance on their mobile phone. Being able to work anywhere, from any device, in a fast-efficient manner, is clearly good for the bottom line and hence a priority.
Lastly, the threat landscape is always evolving. The moat and castle approach to enterprise security is based on two simple assumptions. First, walls work. Second, once inside the walls a person can pretty much do whatever they want. There might be some simple door locks for certain rooms, but for the most part, a person can move around freely and spend time learning about the castle layout, where the locked rooms are, if they have open windows or a second, less protected door, etc.
This is probably starting to sound familiar since it is the blueprint for most modern cyber attacks. Get in; do reconnaissance; find the weak spots; get what’s needed; and get out without anyone realizing until it’s too late.
Combine enterprise, application and threat landscape evolution and you can see why we are waking up to the fact that moats and castles belong in the past.
A new SaaS-based approach to remote application access
We like to think about this new and better approach as the cloud perimeter. The cloud perimeter boils down to the user and the application they are trying to access. The cloud perimeter handles authentication, authorization and application delivery across devices and locations. The cloud perimeter obfuscates where the application is hosted, and automatically sends the user to the right location, but only if he or she has the appropriate privileges. The potential attack surface has now shifted to the Akamai Platform, which only provides application specific access to trusted and authenticated end-users and their devices. No more network access. No more moats and castles. Everyone is untrusted, inside and outside.
This makes life easier for enterprise IT and security teams who ultimately remain responsible for visibility, security, and performance even though enterprise data, apps, and employees have moved outside the enterprise’s traditional zone of control. In fact, it allows teams to continue to drive towards greater IT agility and simpler infrastructure. Only inbound and outbound non-malicious enterprise traffic passes through the cloud perimeter, everything else gets dropped.
What are the implications of not moving to a cloud perimeter? Well to start with, the inability to embrace and benefit from enterprise and enterprise application evolution. If you are not moving forward you are moving backward. Perhaps, more importantly, the increase in risk associated with proving full network access, without multi-factor authentication, or single sign-on integration weighs on the minds of most IT and security professionals. Another way to look at the implications of not adopting a cloud perimeter approach is by using the people, process, and technology framework.
So, how does the adoption of a cloud perimeter impact each of these areas?
In terms of process, it is all about expertise, man hours, and productivity. In terms of process, it is all about streamlining and simplification. Lastly, technology is pretty simple. Instead of having to build out your own infrastructure and cobbling together various access and optimization solutions we have decided to make it as easy and simple as possible. We are focused on offering the cloud perimeter as a service.
Our first cloud perimeter solution is Enterprise Application Access (EAA). You can find out more about how EAA offers simple, remote application access behind the firewall here.
It’s time to put moats and castles behind us.
This article was first published on the Akamai blog by Lorenz Jakober on April 3, 2017