The outbreak of the coronavirus has created a new reality of work-from-home at scale. To cope with this, companies are required to quickly provide open access to a sizeable number of people holding varying roles and different access requirements.
The result is an increased attack surface for the companies and greater risk to their business-critical applications. Protecting access to these applications can help reduce attack surface, prevent potential breaches from escalating and stop lateral movement early on. And user identity access management can provide a fine-grained policy, identifying and enforcing exactly which users can access which applications.
Remote Work – Security and Economic Challenges
Remote work introduces new identity assurance challenges. Companies need to make sure employees access only what they’re authorized to access.
Aligned with the zero trust least privilege access principle, employees should only be able to access applications they need for their daily activities based on their role. This means, for example, ensuring that the SPLUNK teams connect to the SPLUNK servers only, while the Accounting teams connect only to their respective Accounting servers.
Cost is another key consideration. To handle the increased volume of remote workers, companies need to deploy more resources and increase the amount of servers used for VDI and Terminal Servers environments.
Strong User Identity Access Solution Leads to Cost Savings
To provide secure, least privilege access to users, security and network policies should be adapted to match user role and access permissions.
Application segmentation is commonly used to make sure that users access only the applications they’re authorized to access and no more. Coupled with user identity access management, a solutions of the type Guardicore offers, it allows setting user-specific segmentation policies for each user connecting through VDI, terminal server or jumpbox. This way, each user on these shared resources is only able to access applications specific to his/her role.
This allows organizations to consolidate the use of their VDI or terminal servers while gaining significant savings, requiring no change to the infrastructure or downtime.
To allow each group of users (HR team, Billing team, etc.) access to their own application, Guardicore enforces a different network policy for each user based on their Active Directory group memberships. For example, when connecting remotely, HR team members will only be able to access HR servers and Billing team members will only be able to access their Billing servers.
Cost reduction is another key benefit of using this user-based segmentation.
Instead of a dedicated terminal server or VDI cluster per each user group, often required with traditional segmentation solutions, companies can consolidate the use of these servers for several groups of users, each with their own access policy. This way HR teams can only access HR servers, Billing teams can only access Billing servers etc’, while sharing the same infrastructure.
“One of our Advisory Board customers told us that last year, they were able to cut costs on terminal servers by nearly 60 percent using Guardicore’s solution” said Lior Neudorfer, VP Product for Guardicore. “There was no longer a need for separate terminal servers for each client or contractor, which resulted in significant savings.”
Protect Your Critical Applications In Your Remote Workforce
If you would like to speak with one of our security experts about how to manage your application protection during times of change in your organization’s remote workforce, please contact us.