A New Remote Zero-Trust Platform is Needed - Security Boulevard

A New Remote Zero-Trust Platform is Needed

Enterprise digital transformations are being seriously impeded by ineffective, difficult-to-secure remote working environments. Remote DevOps teams, for example, are affected by the quality of the remote access experience. Organizational security is impacted by the decisions DevOps teams make in terms of how they choose to solve for providing teams remote access to hosts, servers, services, infrastructure and hosted applications. The trend toward flexible work styles is stressing most organizations’ ability to provide dependable, secure and productive remote access. The industry is crying out for robust security, rich visibility and a consistent user experience.

Jennifer Gregory, in her April 29, 2021 article Is VPN or Zero Trust Best for Remote Working Security? said, “Now that remote work is still the near-future answer for most companies and likely a permanent solution, it’s time to take a hard and honest look at building a secure remote workforce that works as a long-term solution. The first step is deciding if VPNs and/or zero-trust should be the cornerstone of your company’s remote work policy.”

Problems with Typical Remote Solutions

Typical problems of current remote work solutions include:

• Setup and management of zero-trust access to hosted applications and complex infrastructure requires integration or cross-functional work.
• Onboarding new users and infrastructure services for remote access is incredibly complex and often requires collaboration between separate groups inside an organization. This can take days, resulting in a huge loss of productivity.
• Users typically lack visibility into which services they are entitled to access.
• SSH user and key management has traditionally been difficult to deploy, renew and revoke access.
• Traditional VPNs have performance issues and require complex planning for global coverage, not to mention the user experience varies depending on the user’s location.

A New Approach

A new approach is needed. Traditional secure remote access solutions like VPNs are not sufficient in today’s world where users, devices and applications are highly distributed and dynamic.

Vijay Pawar, in his April 14, 2021 article Experience Zero Trust Network Access (ZTNA) with Banyan Security Test Drive, offered several use cases for zero-trust remote worker security platforms, which included:

• Get visibility across your endpoints and services.
• Enforce policies across sensitive services (infrastructure, hosted, SaaS).
• Increase end user productivity with one-click access to services.

A zero-trust remote worker security platform must offer secure and efficient remote worker access to DevOps environments. Current approaches to secure remote use of DevOps environments use a complex combination of security strategies that are unfriendly to users and are hard to manage.

New infrastructure services and hosted applications need to be made available in minutes rather than days, with trust-based policy control, least-privilege access and continuous authorization ensuring end user productivity while providing admin visibility, control and security.

Benefits of Zero-Trust Remote Security Platforms

The following are examples of benefits that a zero-trust remote worker security platform should offer:

• Workers—whether remote or at the office—would have simple, fast access to all their on-premises, cloud and SaaS applications so they can get their work done from anywhere, on any device, without additional training or jumping through extra hoops. They would gain one-click access to developer resources such as SSH/RDP servers, Kubernetes and databases. And additional benefit would be user consistency and performance. Productivity is provided by automation-capable SSH/RDP and API access.
• Secure third-party access is essential to today’s businesses, but devices are typically unmanaged and most solutions overprivileged. There is a need to enforce least privilege principles while granting seamless and secure access to reduce the risk of a breach.
• Administrators need easy onboarding/offboarding capabilities with rich visibility and security. A policy engine could enable continuous authorization based on user and device trust, device security posture and resource sensitivity. Least privilege access allows differentiated access for FTEs and third parties alike that is easy to deploy, administer and audit.
• Integrates well with customers’ cloud IaaS and PaaS environments. Mesh architecture extends security controls to distributed assets, spanning all environments and protocols. A cloud-native approach leverages the public internet without network tunnels or MitM clouds resulting in a scalable, high-performance solution that does not risk data privacy.

What This Means

Current approaches to secure remote use of DevOps environments employ a complex combination of security strategies that are unfriendly to users and are hard to manage. Today’s piece-meal, siloed solutions offer poor productivity and wasted overhead. A new, zero-trust remote worker security platform is needed to offer secure and efficient remote worker access to DevOps environments. Such a solution would more directly address the needs of DevOps and engineering teams.

Featured eBook
Managing the AppSec Toolstack

Managing the AppSec Toolstack

The best cybersecurity defense is always applied in layers—if one line of defense fails, the next should be able to thwart an attack, and so on. Now that DevOps teams are taking  more responsibility for application security by embracing DevSecOps processes, that same philosophy applies to security controls. The challenge many organizations are facing now ... Read More
Security Boulevard

Marc Hornbeek

Marc Hornbeek, a.k.a., DevOps-the-Gray esq. is CEO and Principal Consultant at Engineering DevOps Consulting , author of the book Engineering DevOps , and Ambassador of The DevOps Institute. Marc is a specialist / expert at applying a deep knowledge of engineering practices to DevOps, QA, DevSecOps and SRE transformations. Marc applies his unique, comprehensive Engineering Blueprints, Seven-Step DevOps Transformation Blueprint and 9 Pillars of DevOps / QA / DevSecOps / SRE discovery and assessment tools, together with targeted workshops to create actionable and comprehensive DevOps transformation roadmaps and strategic plans. Marc is an IEEE Outstanding Engineer, and 45-year Life Member of IEEE. He is a DevOps leadership advisor/mentor. He is the original author of the Continuous Delivery Ecosystem Foundations (CDEF) and Continuous Test Foundations (CTF) certification courses that are offered by global training partners of the DevOps Institute. He is a Blogger on DevOps.com and ContainerJournal.com. He is a freelance writer of DevOps content including webinars, and white papers. . His education includes engineering and executive business degrees and multiple certifications from the DevOps Institute. Email Marc for DevOps / QA / DevSecOps / SRE consulting, training, writing and speaking engagements at [email protected], call him at +1 805 908 5789 or use this link to book a live 20-minute chat. https://calendly.com/engineeringdevops/devopschat

marc-hornbeek has 1 posts and counting.See all posts by marc-hornbeek