October 12, 2020

Secure Remote Work: Deploying Zero Trust Access

The global pandemic has forced knowledge workers to move out of their offices en masse to the isolated environment of their homes. Most will return to the office at some point, even if only part-time, as companies adjust to social distancing measures meant to keep employees safe.

Global Workplace Analytics estimates that 25-30% of the workforce will be working from home multiple days a week by the end of 2021. Others may never return to an official office, opting to remain a work-from-home (WFH) employee for good.

The suddenness of having to turn so many people into remote workers has put a real strain on network security. There was little, if any, time to develop and execute a secure remote access strategy that provides the same level of security protections that workers have in the office. This has introduced a range of cybersecurity risks and challenges, and a need for real Zero Trust Access solutions regardless of where people work.

Security Is Often a Weak Link of Remote Access

In April 2020, just as millions of office workers began their foray into WFH practices, Cato Networks conducted the “Enterprise Readiness to Support Widespread Work-from-Anywhere” survey pertaining to enterprise readiness to facilitate remote work. In sampling nearly 700 organizations, Cato found that nearly two-thirds of respondents (62%) have seen remote access traffic at least double since the outbreak, and more than a quarter (27%) have seen remote access traffic triple.

Of critical concern is how enterprises enforce security policies on their expanded remote workforces. The survey found that most respondents fail to employ at least one key measure needed for enterprise-grade security:

  • Multi-factor authentication (MFA) for validating user identity,
  • Intrusion Prevention for identifying network-based attacks, or
  • Antimalware for preventing threats posed by malicious content.

While MFA has become standard even among consumers, more than a third (37%) of respondents don’t use MFA when admitting remote users, instead relying on Single Sign On (SSO) or username and password. As for preventing attacks, more than half of respondents (55%) fail to employ Intrusion Prevention or antimalware. Even worse, 11% fail to inspect traffic altogether.

Used by 64% of the survey respondents, VPN servers are the dominant point solution to enable remote access. While VPNs provide traffic encryption and user authentication, they are a security risk because they grant access to the entire network without the option of controlling granular user access to specific resources. There is no scrutiny of the security posture of the connecting device, which could allow malware to enter the network. What’s more, stolen VPN credentials have been implicated in several high-profile data breaches. By using legitimate credentials and connecting through a VPN, attackers were able to infiltrate and move freely through targeted company networks.

VPNs Are Giving Way to Zero Trust Security

The tech industry is moving toward a much more secure user access model known as Zero Trust Network Access (ZTNA). It’s also called the software-defined perimeter (SDP). How ZTNA works is simple: deny everyone and everything access to a resource unless it is explicitly allowed. This approach enables tighter overall network security and micro-segmentation that can limit lateral movement in the event a breach occurs.

Last year, Gartner’s Market Guide for Zero Trust Network Access (ZTNA) projected that by 2023, 60% of enterprises will phase out VPN and use ZTNA instead. The main advantage of ZTNA is its granular control over who gains and maintains network access, to which specific resources, and from which end user device. Access is granted on a least-privilege basis according to security policies.

This granular-level control is also why Zero Trust Network Access complements the identity-driven approach to network access that SASE (Secure Access Service Edge) demands. With ZTNA built-in to a cloud-native network platform, SASE is capable of connecting the resources of the modern enterprises — sites, cloud applications, cloud datacenters, and yes, mobile and remote users — with just the right degree of access.

Security Integration Is Key to Effectively Enforcing Zero Trust Security Policies

Like VPNs, firewalls, and Intrusion Prevention solutions, there are point solutions for ZTNA on the market. In fact, many networks today are configured with an array of standalone security and remote access solutions. This lack of product integration is a real drawback for a number of reasons. First, it increases the probability of misconfigurations and inconsistent security policies. Second, it increases network latency as traffic must be inspected separately by each device. And finally, the lack of integration makes holistic threat detection all but impossible, as each appliance has its own data in its own format. Even if that data is aggregated by a SIEM, there is considerable work to normalize data and correlate events in time to stop threats before they can do their damage.

In addition, Zero Trust is only one part of a remote access solution. There are performance and ongoing security issues that aren’t addressed by ZTNA standalone offerings. This is where having ZTNA fully integrated into a SASE solution is most beneficial.

SASE converges Zero Trust Network Access, NGFW, and other security services along with network services such as SD-WAN, WAN optimization, and bandwidth aggregation into a cloud-native platform. This means that enterprises that leverage SASE architecture receive the benefits of Zero Trust Network Access, plus a full suite of converged network and security solutions that is both simple to manage and highly-scalable. The ICG Asia SASE solution provides all this in a cloud-native platform.

ICG Asia’s SASE Platform Simplifies Secure Remote Access for WFH

What does this mean for the remote access worker? The ICG Asia SASE platform makes it very quick and easy to give highly secure access to any and all remote workers.

ICG Asia provides the flexibility to choose how remote and mobile users securely connect to resources and applications. ICG Asia Client is a lightweight application that can be set up in minutes and which automatically connects the remote user to the ICG Asia Cloud. Clientless access allows optimized and secure access to select applications through a browser. Users simply navigate to an Application Portal – which is globally available from all of ICG Asia's 57 PoPs – authenticate with the configured SSO and are instantly presented with their approved applications. Both approaches use integrated ZTNA to secure access to specific network resources.

A Zero Trust approach is essential for a secure remote workforce, and ICG Asia SD-WAN allows an easy and effective implementation of ZTNA.

Have time for a coffee?

Face to face or over Zoom, we are here to help you.
Sharing insights and solving IT challenges.
We make "IT" possible.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Read more
You might also be interested in...
Gartner Report 2021 Strategic Roadmap for SASE Convergence
Gartner Report 2021 Strategic Roadmap for SASE Convergence

April 20, 2021

Digitalization, work-from-anywhere, and cloud computing have accelerated SASE offerings to address the need for secure and optimized access, anytime, anywhere, and on any device.
Industry 4.0 – Talking About a Revolution
Industry 4.0 – Talking About a Revolution

March 15, 2021

Industry 4.0 represents the next phase of innovation in production processes, merging traditional systems with new digital technologies (IoT, AI, big data, AR, robotics, M2M, real-time analytics, and so on), facilitating automation, agility, and efficiency to create a world of smart manufacturing.
SASE vs. SD-WAN: Achieving Cloud-Native WAN Security
SASE vs. SD-WAN: Achieving Cloud-Native WAN Security

February 8, 2021

For several years now, the network evolution spotlight has been on SD-WAN, and rightfully so. SD-WAN provides big advancements in connecting branch locations into central data centers in a cost-effective manner. It is the networking equivalent of a killer application that allows companies to use a variety of transport mechanisms besides MPLS and to steer traffic according to business priorities.
Why Remote Work and Legacy Security Architectures Don’t Mix
Why Remote Work and Legacy Security Architectures Don’t Mix

January 25, 2021

Last week, Cato Networks announced the results of the 5th annual IT survey, The Future of Enterprise Networking and Security: Are You Ready for the Next Leap. It was a massive undertaking that saw 2,376 participants from across the globe provide detailed insights into how their organizations responded to the COVID-19 crisis, their plans for 2021, and what they think about secure access service edge (SASE).
SD-WAN or SASE: Choose a platform rather than a product
SD-WAN or SASE: Choose a platform rather than a product

January 12, 2021

As enterprises set out to modernize their networks, SD-WAN has become a key networking technology for connecting offices. But with COVID-19, users transitioned to work at home, not in the office.
Connecting Hybrid Clouds with SD-WAN in a Snap
Connecting Hybrid Clouds with SD-WAN in a Snap

December 7, 2020

How to integrate hybrid clouds and multi-clouds with SD-WAN in 5 minutes or less.
Thought SD-WAN Was What You Needed to Transform your Network? Think Again.
Thought SD-WAN Was What You Needed to Transform your Network? Think Again.

November 9, 2020

Since its premier over a decade ago, SD-WAN was adopted by enterprises as the go-to-technology for preparing their network for the digital transformation.
Rethinking Enterprise Remote Access VPN Solutions: Designing Scalable VPN Connectivity
Rethinking Enterprise Remote Access VPN Solutions: Designing Scalable VPN Connectivity

November 2, 2020

The global pandemic has forced many organizations around the world to send their workers home to support social distancing mandates. The process happened suddenly – almost overnight – giving companies little time to prepare for so many people to work remotely. To keep business functioning as best as possible, enterprises need to provide secure remote connectivity to the corporate network and cloud-based resources for their remote workers.
Secure Remote Work: Deploying Zero Trust Access
Secure Remote Work: Deploying Zero Trust Access

October 12, 2020

The global pandemic has forced knowledge workers to move out of their offices en masse to the isolated environment of their homes. Most will return to the office at some point, even if only part-time, as companies adjust to social distancing measures meant to keep employees safe.
How much does SD-WAN cost?
How much does SD-WAN cost?

October 6, 2020

Calculating the cost of SD-WAN can be complicated, especially when it comes to CAPEX vs OPEX and ambiguous ROIs. With so many vendors promising massive savings over MPLS internet connections, SD-WAN is currently been touted as one of the hottest categories in networking today. Take a closer look at the costs, considerations, potential savings and leverage the SD-WAN calculator to estimate your organisations SD-WAN cost.
Considerations for a branch office firewall
Considerations for a branch office firewall

October 5, 2020

Organisations looking for a branch office firewall upgrade, refresh or deploying firewalls to new sites, need to consider multiple different elements. Let's walk through all of the major factors to consider for a branch firewall and why organisations should consider SD-WAN, and more recently Secure Access Service Edge (SASE) as part of their next-generation of branch network security.
What is STaaS?
What is STaaS?

September 22, 2020

Storage as a service (STaaS) is a managed service model for purchasing data storage based on consumption, where a company only pays for what they use, typically on a per-GB per-month basis.
What is SD-WAN?
What is SD-WAN?

September 21, 2020

Software-Defined WAN (SD-WAN) is a networking technology that seamlessly connects branch offices, HQs cloud and data centers over broadband internet rather than MPLS leased lines.
SD-WAN vs. VPN comparison
SD-WAN vs. VPN comparison

September 15, 2020

Internet-based VPN vs MPLS was the debate for some time, WAN technology has evolved in recent years. During that time, SD-WAN has emerged as an enterprise WAN connectivity solution that provides a combination of cost efficiency, agility, and cloud-friendliness that neither MPLS nor Internet-based VPN can match.
SD-WAN vs. MPLS vs. broadband public internet
SD-WAN vs. MPLS vs. broadband public internet

September 10, 2020

To meet the needs of a global enterprise, our network architectures need to evolve as well. Which architectural approach will best serve your needs — MPLS, public internet or cloud networks?
SD-WAN vs. MPLS: Choose the best WAN solution for you
SD-WAN vs. MPLS: Choose the best WAN solution for you

September 9, 2020

You've probably heard about SD-WAN and its promise to transform enterprise networking as we know it. And, by enterprise networking we mean the use of MPLS at the core of enterprise networks. So, to SD-WAN or to MPLS? Here is what you need to consider.
Alternatives to MPLS internet
Alternatives to MPLS internet

September 8, 2020

SD-WAN is looking to address the challenges of MPLS like cost, capacity, rigidity, and manageability.
Challenges of SD-WAN security
Challenges of SD-WAN security

September 6, 2020

A good starting point in explaining why cloud-native SD-WAN is so compelling from a security perspective is the shortcomings of two older WAN solutions: MPLS and appliance-based SD-WAN.
WAN Optimization in the SD-WAN Era
WAN Optimization in the SD-WAN Era

September 3, 2020

WAN optimization has been with us for a long time. Born alongside expensive and capacity constrained WAN connectivity, such as MPLS, WAN optimization appliances allowed organizations to squeeze more bandwidth out of thin pipes through compression, and prioritize traffic of loss-sensitive applications such as remote desktops.
History of SD-WAN
History of SD-WAN

August 28, 2020

Let's take a look at the history of WAN and as we journey from Point-to-Point, T1/T3, Frame Relay, to MPLS, and finally arrive at SD-WAN.
How to load balance multiple internet connections?
How to load balance multiple internet connections?

August 18, 2020

Internet load balancing or fail-over for multiple internet connections can seem like a tight rope walk, but it doesn't have to be. There are multiple ways to accomplish it, from point products to routers and firewalls. Let's take a look at the options and alternatives.
How does SD-WAN work?
How does SD-WAN work?

August 12, 2020

SD-WAN has quickly become the go-to technology for enterprises seeking to leverage the cloud and embrace digital transformation. Yet, much confusion still exists about what exactly is an SD-WAN, and how the technology works.
WAN Optimization vs. SD-WAN
WAN Optimization vs. SD-WAN

August 11, 2020

With the rising popularity of SD-WAN, there is a growing debate that WAN optimization is becoming obsolete. SD-WAN is gaining acceptance and for good reason. It creates an intelligent overlay of multiple transports on your WAN to efficiently and automatically route traffic over the most optimal path.
How to connect multiple branch offices?
How to connect multiple branch offices?

August 10, 2020

How do you connect multiple offices rapidly and affordably without sacrificing performance?
Last mile constraints for SD-WAN
Last mile constraints for SD-WAN

August 3, 2020

From pairing MPLS with a backup internet connection, to link-bonding for aggregate last-mile, SD-WAN introduces new ways to handle old problems, with policy-based routing, active/active links, packet loss mitigation, and quality of service (QoS).
Affordable MPLS Alternatives
Affordable MPLS Alternatives

July 28, 2020

After decades of use, enterprises are looking for MPLS alternatives. To be considered a viable alternative, a network must match MPLS’ service levels for predictability and consistency, while avoiding its pitfalls of cost, rigidity and capacity constraints.
SD-WAN vs. MPLS redundancy
SD-WAN vs. MPLS redundancy

July 23, 2020

How can SD-WAN deliver the same reliability and redundancy as MPLS when it uses the public Internet?
How does SD-WAN benefit digital transformation?
How does SD-WAN benefit digital transformation?

July 21, 2020

Digital transformation is all about agility. SD-WAN enables organisations to be more agile in multiple different ways. Such as the ability to rapidly stand-up a new site with secure internet and inter-office connectivity, without the need for additional security appliances, make policy changes across multiple sites on-the-fly, gain real-time visibility of users and connections, on-board new VPN users for remote work without worries license or connection limits.
The Trombone Effect
The Trombone Effect

July 3, 2020

The “Trombone Effect” occurs in a network architecture that forces a distributed organization to use a single secure exit point to the Internet. Simply put, network traffic from remote locations and mobile users is being backhauled to the corporate datacenter where it exits to the Internet through the corporate’s security appliances stack. Network responses then flow back through the same stack and travel from the data center to the remote user.
Evolution of SD-WAN
Evolution of SD-WAN

June 2, 2020

SD-WAN has become more than just a network for connecting locations. The rise of cloud, mobile, and business agility demands has required SD-WAN to become smarter by providing security, optimization, intelligence, and better reach. These changes in SD-WAN can be broken down into three phases, reflecting the ways that SD-WAN technologies have adapted over time to the demands of business requirements.