world tour:
Join us for a live look at how Menlo’s Secure Enterprise Browser puts you ahead of attackers
There’s no doubt that the year 2020 transformed the world. A global pandemic shut down the economy, halted travel and made the home office a viable work space. At the same time, digital transformation moved data and applications out of the data center to cloud-based infrastructures and Software as a Service (SaaS) platforms. Suddenly, critical business traffic over the public Internet exploded, and the humble browser became the most critical business tool.
At the time, expanding application access trumped security. Most executives didn’t know if the organization would survive the shutdown and subsequent economic downturn, after all, and IT teams scrambled to make sure everyone could remotely access the tools and information they needed from the first day of the shutdown.
Unfortunately, the chickens have since come home to roost. It shouldn’t surprise anyone that exposing critical applications to the Internet and a massive extension of enterprise threat surfaces have correlated with the rise of highly sophisticated and successful cyberthreats. Rather than beat down the back door, threat actors can now disguise themselves as legitimate content from the Internet and stroll through the front door unnoticed. From there, they are able to lay in wait, spread across the network and pick the time of their choosing to deliver their payload.
According to the Harvard Business Review, 98% of organizations have a relationship with a vendor that experienced a data breach within the last two years. This increase in breaches is causing massive operational and financial disruptions for organizations across the spectrum.
Now, four years later with hybrid working as the norm, it’s time to finally close this major security gap and implement robust security controls in the browser. Only then can organizations continue the digital transformation initiatives they accelerated during the pandemic and ensure reliable, fast and, yes, secure access to today’s modern applications.
As the world burned and remote application access became a business critical capability, the two legacy solutions that were supposed to solve this problem – Virtual Private Network (VPN) and Virtual Desktop Infrastructure (VDI) – failed spectacularly. Users couldn’t log on when they wanted. They faced major performance issues when they did. And scaling to meet these new requirements became extremely expensive.
VPNs faced scalability issues. In March 2020, about 10 percent of users were classified as remote workers. A month later, 100 percent worked remotely. Imagine the bandwidth requirements and the resulting traffic bottlenecks. Poor latency led to a poor user experience. VPNs also give users access to the entire network, rather than specific applications. So, anyone who could breach the VPN by stealing credentials would suddenly have the keys to the kingdom to access any business system – including finance, customer and engineering systems.
VDI solutions were also ill suited to meet these demands. Designed around the turn of the century, VDI once promised improved security, flexibility and cost savings due to the high cost of hardware at the time. However, over the years, hardware prices have come down, and the cost of VDI has surged to 10x that of traditional networking setups. It’s also complex, hard to manage from the administrator and user perspective and is a common target for malicious actors looking for soft targets in which to breach the network.
Both VPNs and VDI environments served a purpose at the time, but times have changed. Today's organizations need a new application security tool to meet their new needs.
Securing today’s modern applications for a distributed workforce requires a Zero Trust approach. Rather than give users complete access to the entire network, Zero Trust principles only provide authorized users access to the applications they need and nothing else – even within applications themselves. In addition, Zero Trust continues to authorize users for every request, making it hard for unauthorized actors to spread laterally across the network without the appropriate permissions. However, Zero Trust can be extremely complex to implement properly at scale without disrupting normal business operations.
Secure Application Access enables Zero Trust by keeping private applications and SaaS platforms restricted from direct visibility on the public internet. Isolating applications in this way helps protect organizations from exposure to Internet-born threats, such as DDoS, code injection and SQL injection. Most importantly, applying SAA at the browser level rather than the network level ensures reliable and fast access without disrupting the native user experience.
1. Granular access control: Your secure application access solutions should enable least-privileged access on a resource by resource basis. This means that access is only granted for specific applications that are necessary for a user’s job function. Security teams can define access by users, groups, source IPs and geographies.
2. Browser isolation: Zero trust means that there is no inherent trust of web traffic and web interactions. Even content from seemingly legitimate sites, such as salesforce.com or office.com, is executed in a remote browser in the cloud, far from the end device. This prevents hijacked URLs or adware from piggybacking on legitimate traffic to gain access via the browser and prevents threat actors from spreading through the network.
3. Preserves the native user experience: Security and productivity shouldn’t be mutually exclusive to each other. They go hand in hand. In today’s fast-paced, always-on business environment, users need reliable, fast and secure access to the tools and information they need wherever business takes them.
VPNs and VDI environments were ill-suited to meeting the security or performance needs of today’s hybrid workforce. As modern applications move from the data center to the cloud, Secure Application Access solutions enable a Zero Trust approach to cybersecurity through the browser, providing distributed users secure access without having to worry about performance, scalability or reliability issues. Learn more about how you can implement Menlo Secure Application Access for your organization here.
