Secure Remote Access

Has 2020 Thrown a Spanner in Progress Toward Zero Trust?

Thus far, 2020 has been the year in which already-complicated things became true hornets’ nests. Keeping applications secure for local access was hard enough – and then COVID-19 sent workforces around the world scrambling to work from home, via less-than-ideal VPN connections. Many of these deployments were hastily set up in record time without proper forethought or planning — and ironically, many of these same organizations and their VPNs had been on their way to splitsville — until Corona happened, of course.


Zero Trust – Fixing What’s Broken in Security

Let’s take a trip back in time, before life got upended. The hottest idea in security was Zero Trust, the concept of never trusting anything and always verifying everything coming into and moving throughout corporate networks. Zero Trust promised to fix all that was broken about the traditional security approaches of the time, including VPNs, by granting access on a need-to-know basis only.

This approach presented a clear advantage over VPN connections, which enable remote workers to access their workplace servers and send data via encrypted connections. But VPNs cannot protect against lateral movement on the inside, if say, attackers manage to get a hold of valid access credentials. Moreover, VPNs are, in a sense, a relic from a time before cloud computing was the standard. They are not properly equipped to deal with the complexities of modern distributed working. Understandably, security teams had already begun to explore options for making this desired Zero Trust security posture a reality for their organizations.

Taking Zero Trust from merely a great theory to a functional framework, requires certain a new generation of tools and technologies, such as a Software Defined Perimeter (SDP). Designed to allow access to all resources and applications only once a user has been authenticated, SDP prevents unauthorized lateral movement. This approach seemed like the perfect way to address the challenges of the modern working environment. And so, organizations began to make plans to migrate away from the VPN-based infrastructures in which they were heavily invested to equally expensive and involved SDP-based infrastructures.


VPNs – Back from the Brink but Still Problematic

Then the pandemic came along, narrowly saving VPNs from the trash bin of history. The rapid spread of COVID-19, and the sudden need to make working at home a reality, ASAP, forced organizations to change course mid-journey–and suddenly, ripping and replacing something that's working reasonably well seems far less practical. With the virus heading toward a second wave, VPN traffic is likely to remain at all-time high levels, as it has proven to be a low-effort, familiar way to get – and keep — employees up and running from wherever they are.

But what about the security shortcomings and newly expanded attack surfaces that come along with a distributed workforce? These elements still need to be addressed; the need for Zero Trust hasn't gone away, but it needs to be implemented in a more practical and cost-effective way than uprooting an entire VPN infrastructure.


Ericom Application Isolator – Flexible, Automatic Zero Trust

This, then, is the case for Zero Trust network security via your existing VPN through automatic, flexible, and customizable microsegmentation. Whether your workforce is entirely back in-office or still semi-distributed or on full lockdown again, budgets are limited and security teams are making do with less. The name of the game now is working with what you've got – and making it work well, as cost-effectively as you can.

With Ericom Application Isolator (EAI), you can quickly create the least-privilege access Zero Trust security approach your organization needs without getting rid of your existing VPN. By microsegmenting your network, EAI conceals your applications from attackers at all stages of access to protect them from being breached. It's the simple and cost-effective way to get a significant security posture upgrade without migrating to SDP.

Using machine learning, EAI’s automatic policy builder self-learns the specific applications each user needs access to and rapidly creates granular custom user policies to limit access, per user per application. This is much more secure than group policies which inevitably end up over-privileging some users and under-privileging others. And in contrast to SDP solutions and many microsegmentation solutions, because it leverages AI techniques to quickly learn user requirements and build policies, it’s simple to deploy and manage, saving IT and security teams weeks of effort. And there’s no change in user experience; users simply connect to the VPN for seamless, simple, and truly secure access to all the applications and resources they are authorized to use.

Just because 2020 has been a year of plans abandoned and postponed, it doesn't mean that your organization needs to abandon its Zero Trust plans. With the right tools, achieving least-privileged access can become simpler and easier to implement than ever.

Mendy Newman

Mendy Newman

Group CTO, International | Ericom Software