The ever changing threat landscape coupled with current global pandemic is forcing enterprises to rethink their remote access strategy. Enterprises need adaptive security and scalable remote access more than ever before. Traditional remote access VPNs, the norm for remote access for three decades, have not evolved to meet these demands. They are beset with inherent deficiencies – physical appliances, flattening of the network, inferior NAC, lack of identity profiling, lack of granular segmentation, and lack of visibility. Not to mention being complex to configure and maintain.
Recent market analysis shows a multi-fold increase in remote connectivity needs, with some surging up to tenfold. VPNs, with their non-scalable nature, are incapable of handling these spikes in demand. Furthermore, the current environment has brought to light the advantages of a remote workforce; many enterprises view this as the future.
Addressing the above needs with legacy VPN technology means extending the “DC is the center of universe” model for availability and adaptive security. Scaling this model requires physical network appliances with complex connectivity changes inside and outside the enterprise network, as well as traffic orchestration through the added VPN appliances and replicating across DC locations. This also involves a kludge of other security appliances, protocols and complex security translations, especially when the resource access is across disparate domains. It is clear that there is a need for technology overhaul from connectivity and security perspectives.
From the connectivity perspective, the digital enterprise requires on-demand, low latency and highly available access. Remote users should be able to easily consume resources from disparate enterprise domains – hybrid, multi-cloud or on-prem/DC and should not be forced to hop between VPNs for performance or availability reasons. The VPN pre-provisioning model invariably runs the risk of either over or under provisioning and does not suit current enterprise consumption models. Rather, they will be looking for a need-based rapid, easy, and seamless remote access provisioning option.
From the security perspective, need is to bring airgap security as laid out by DoD into commercial space. Security, whether it is access protection or attack prevention, should be adaptive. The architecture should follow a “you cannot attack what you cannot see” tenet where connectivity is granted only after the assertion of security as opposed to the predominant “you cannot protect what you cannot see” approach, where security is an afterthought.
In essence, enterprises want secure and quick resource access regardless of the location of the resource or the user. The expectation is that accessing an enterprise resource should be as easy as accessing a secure internet application and users should have seamless, secure, yet superior access performance. This calls for highly adaptive, available, secure, and scalable architecture which cannot be accomplished through traditional VPN technology.
Replicating the security enhanced DC based model in the cloud will not serve the purpose, as it will bring the same legacy deficiencies. Enterprises need a new Remote Access Service in the cloud that implements adaptive security measures. The service should truly embrace the cloud operational methods, take advantage of its automation and autoscaling techniques and allow for seamless enabling of new security function when needed.
Elisity Cognitive Access Service (CAS) is a service that brings DoD’s Airgap security methods to the commercial space and transforms conventional enterprises into “Secure Digital Enterprises”
At its core, Elisity solution revolves around deploying on-demand and highly secure Elisity-TLS between users and applications through an autoscaling and highly available CAS cluster in the cloud. CAS is where ZTNA is enforced. The CAS implements Software Defined Perimeter methods for adaptive access protection – no direct visibility of resources/applications to users, continuous and detailed identity assessment, entitlement based application access, and End-2-End encryption. With its behavior analytics, default deny security posture and highly granular application level segmentation, CAS delivers adaptive attack prevention for enterprises. At the center of it all is the Elisity Cognitive Cloud (ECC), the brain of the solution. Through identity provider integration and AI powered Identity Behavior Analytics engine, ECC delivers granular, identity based adaptive access control and proactively protects enterprise resources spread across disparate domains at the CAS layer.
To summarize, Elisity CAS, through comprehensive and adaptive security, not only offers a highly secure remote access technology, but by embracing the true automation and autoscaling methods of the cloud, it eases the provisioning and management of highly available remote access service. Enterprises can now transform into highly secure digital versions of themselves.