Application gateways can minimize overhead and improve security If you’re planning to outsource any of your IT operations to an outside partner, those vendors will need access to your infrastructure. But granting third-party partners access via a VPN presents a number of security risks and challenges. Fortunately, there is another way to grant third parties access to the systems they manage – one that strengthens security and eases management. IT organizations have traditionally relied on VPNs to provide secure remote access. A VPN establishes an encrypted connection between the remote endpoint and the LAN to allow users to securely access applications behind the corporate firewall. However, VPNs come with their fair share of administrative overhead. In addition to the installation of hardware, they require client software and modifications to firewall policies. VPNs also pose a security risk because they present external access to critical internal resources behind the firewall. In fact, a number of recent high-profile data breaches started with attackers compromising VPN credentials. SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe What’s the alternative? An application gateway using federated authentication can enable secure remote access and single sign-on to on premises web apps such as SharePoint, SAP, or Jira. The IT organization can also bolster the security of sensitive on-premises apps with strong authentication and app-specific policies. Here’s how it works. The third-party partner logs into a web-based portal. Once authenticated through the app gateway provider, the user simply clicks or taps on the app tile in the same portal. Because the portal is web-based, the user can be on any network, and everyone involved is spared the complexity of installing and maintaining VPNs. Application gateways also simplify identity management and access control. IT grants web-based access and privilege for the specific systems and applications, and the 3rd-party vendor is responsible for managing its own employee identities. This way, identity lifecycle management for outsourced IT personnel remains with the vendor. Automated request and approval workflows, monitoring with optional termination of privileged sessions, and reconciliation of approved access versus actual critical infrastructure access, are all used to govern privileged access to specific resources. In November 2015, Centrify commissioned Forrester Consulting to examine how IT decision-makers are both securing and granting privilege to identities in cloud-based environments. Forrester’s research included in-depth surveys with 150 IT decision-makers in the US, and discovered that the ubiquity of outsourced and remote identities is too large of a concern to overlook. Read this study to learn more. Related content brandpost Making Multi-factor Authentication Easy to Use A user-friendly approach to MFA can boost security and increase adoption By Crystal Bedell Jan 05, 2017 5 mins Security brandpost How to Reduce the Risk of Windows Server Insider Threats Three common insider threats and how to thwart them By Crystal Bedell Jan 03, 2017 3 mins Security brandpost Outsourcing IT Services: Reduce the Risk of Privileged Credentials Adopting a single identity platform can help reduce security vulnerabilities By Crystal Bedell Dec 21, 2016 3 mins Security brandpost How Much MFA is Too Much MFA? The goal: Ensure optimum security and preserve user convenience By Chris Carroll Dec 15, 2016 3 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe