Sorry VPN, it's time for people-centric zero-trust remote access control
To be 100% sure that the right person is logging into your systems using a well-secured device, G/On works according to a zero-trust model, says Sean Glansbeek, CEO of Private Protocol.
In a security-centric world, you can control everyone who comes into your office, but, unfortunately for CIOs and IT managers, we don't live in a security-centric world. We live in a people-centric one, and people like to travel, work from home, bring their own devices and be flexible. It's time to choose a people-centric remote access security system. And no, it's not VPN.
"Studies show that companies spend thousands of rands per year on purchasing software licences and maintenance per device," says Sean Glansbeek, CEO of Private Protocol.
Remote access dilemma
Company data is getting harder to protect. Employees are everywhere, using company and personal devices for both work and personal tasks. This means your company data goes beyond the walls of your company into all sorts of unknown devices. For CIOs and IT managers, this comes with a dilemma: buy your co-workers a well-secured work laptop or provide all of their owned devices with a security stack. In both cases, the costs are high, as not all devices are suited for advanced security software, meaning they must be replaced regularly.
Secondly, all devices (whether corporate or privately owned) must have the right security certificates to gain access to the corporate systems. These certificates have to be installed and renewed. This makes remote access control both expensive and high maintenance.
What's wrong with VPN?
Apart from the dilemma described above, remote access control comes with a second problem.
To facilitate remote access, most companies use a VPN connection to connect laptops, mobile phones and tablets to corporate systems. With VPNs, devices become part of the company network, employees can access company folders, download data to their device or make changes to files. This sounds practical, but it also means that bad things, such as malware and data theft from remote devices, end up in the company network. When employees use a WiFi hotspot, for example, you have no idea what's on the other end of the line. Moreover, when bad things happen, it's hard to find out where they happened and who's behind it.
Want to make remote access control waterproof? Then don't give access at all. The safest way is no way at all.
Long story short: VPNs will always come with risks, because they get the user into the company system.
But, what can you do? Forbid your colleagues to work from home? Share sensitive data per carrier pigeon?
You might almost think the only way to secure your company systems is to not give access to remote devices in the first place.
Well, if that's what you think, you're not wrong.
This is the idea behind the remote access control solution G/On. With this solution, there's a server in-between (a proxy) that handles all the activity between the remote device and the server. The remote computer is never inside your network, but the user still has access to the data and applications they need. It's just that data never leaves the network. The end-user cannot upload data either, unless the G/On network gives them permission. Moreover, G/On only gives access to people that comply with the rules that you define beforehand. This means you not only control which people gain access to the corporate systems, but also when they do, and which department systems they can enter. It's the ultimate combination of freedom of movement and optimal security.
As you want to be 100% sure that the right person is logging into your systems using a well-secured device, G/On works according to a zero-trust model: "I know nothing about the computer and vice versa." This means the laptop or computer first has to identify itself and tell where it's connecting from. Then, the corporate system can check with the administrations to see if access is permitted.
Speaking of zero trust: G/On runs on MS Windows and Apple Mac, but also comes in the form of a bootable USB key with a private key. If the user pulls it out, the memory is deleted automatically and the computer is shut down, leaving no trace of the work done. Both options serve different end goals. When your colleagues work from home, you can install G/On on their computers, but if they work abroad on a regular basis, the USB key adds an extra security layer that makes the difference between "pretty safe" and "waterproof".
VPN connections have long provided remote workers with the access they needed, but it's time to take security a few steps further. Want to know whether G/On is the remote access control solution for you? Go to https://insights.solitonsystems.com/sign-up-g-on and test it yourself!