If you’re planning to outsource any of your IT operations to an outside partner, those vendors will need access to your infrastructure. But granting third-party partners access via a VPN presents a number of security risks and challenges. Fortunately, there is another way to grant third parties access to the systems they manage – one that strengthens security and eases management.
IT organizations have traditionally relied on VPNs to provide secure remote access. A VPN establishes an encrypted connection between the remote endpoint and the LAN to allow users to securely access applications behind the corporate firewall. However, VPNs come with their fair share of administrative overhead. In addition to the installation of hardware, they require client software and modifications to firewall policies.
VPNs also pose a security risk because they present external access to critical internal resources behind the firewall. In fact, a number of recent high-profile data breaches started with attackers compromising VPN credentials.
What’s the alternative? An application gateway using federated authentication can enable secure remote access and single sign-on to on premises web apps such as SharePoint, SAP, or Jira. The IT organization can also bolster the security of sensitive on-premises apps with strong authentication and app-specific policies.
Here’s how it works. The third-party partner logs into a web-based portal. Once authenticated through the app gateway provider, the user simply clicks or taps on the app tile in the same portal. Because the portal is web-based, the user can be on any network, and everyone involved is spared the complexity of installing and maintaining VPNs.
Application gateways also simplify identity management and access control. IT grants web-based access and privilege for the specific systems and applications, and the 3rd-party vendor is responsible for managing its own employee identities. This way, identity lifecycle management for outsourced IT personnel remains with the vendor. Automated request and approval workflows, monitoring with optional termination of privileged sessions, and reconciliation of approved access versus actual critical infrastructure access, are all used to govern privileged access to specific resources.
In November 2015, Centrify commissioned Forrester Consulting to examine how IT decision-makers are both securing and granting privilege to identities in cloud-based environments. Forrester’s research included in-depth surveys with 150 IT decision-makers in the US, and discovered that the ubiquity of outsourced and remote identities is too large of a concern to overlook. Read this study to learn more.