Leveraging Network Access Control to Unify Secure Access in Hybrid IT
Network Access Control (NAC) solutions are widely deployed to secure an organization’s enterprise network from threats inside the network. Most NAC solutions work by enforcing security policies on users and devices that attempt to access on-premise resources. Digital transformation has blurred network perimeters and changed the way users work, creating numerous challenges for organizations as they strive to both simplify access and ensure security of their valuable assets on-premises and in the cloud.
Challenges in a Hybrid IT environment
- Lack of an integrated solution that spans enterprise access
85% of the organizations today are on hybrid cloud, as it provides flexible access to a variety of applications hosted on-premises and in public/private cloud. Although traditional Network Access Control solutions do a great job of protecting users and resources located inside the network, they do not extend this protection to users coming in from outside the network or accessing resources in the cloud. For example, device compliance checks and user security policies often do not have feature parity between local, remote and cloud access. This can result in security gaps that lead organizations to buy a multitude of products to meet different access security needs across their organization, increasing the device sprawl in the network and escalating total cost of ownership as well as management complexity with lack of visibility.
- Lack of well-defined policies for internal users and devices
According to the 2018 Ponemon report, although majority of users don’t need privileged access, they continue to have access even after they move to a different role or organization. Most of these gaps go undetected with only user authentication and no device authentication in place. For example, a user logging in via the credentials of another user from his or her device may go unnoticed. A Next-Gen NAC solution with well-defined policies can ensure that such critical security gaps are closed.
The Ponemon Survey results indicate that organizations in general have loose security policies for access. Below responses were given as the primary reason for having privileged access rights:
Fig 1. Source- 2018 Ponemon report on data access governance
- Increasing legal regulations and focus on compliance
With regulations such as the GDPR, companies are under more pressure to secure user-data than ever before. A security breach or a loose data-governance policy can lead to hefty government penalties, negatively impacting the company reputation and revenues. Next-gen Network Access Control solutions eliminate this threat as access to data is limited to only those who are authorized to do so, and this access is enforced across hybrid IT.
- Lack of visibility
If organizations can’t see what type of devices are connecting to their network and how they’re behaving, they are at risk of data theft without knowing, because an unseen enemy is more dangerous than a seen one. Presently, most NAC solutions do not provide the single pane of glass visibility of all endpoints – wired, wireless and remote - connected to their network, leaving customers to patch visibility using multiple sources.
- Threats from BYOD and the Internet of Things (IoT)
Bring Your Own Device (BYOD) to workplace is growing as it makes employees feel at home, increases productivity and reduces operational costs. However, personal devices are susceptible to malware infection by malicious apps that steal data without the user’s knowledge or might be stolen or lost, putting sensitive corporate data at risk. From webcams and printers to heart-rate monitors and medical devices, more and more IoT devices are getting connected to the internet. Gartner predicts that by 2020, there will be 26 billion IoT devices with most of their firmware outdated and insecure, leaving them vulnerable to 5th generation cyber-attacks like the Mirai Botnet attack.
Fig 2. A few statistics on Network Security risks today
- Sponsored-based Guest and Contractor user access challenges
The first question that a visitor to your company might ask is “Can I use your Wi-Fi?”. Your organization also may have many contractors who need time-limited access. While many Network Access Control solutions provide guest access management solutions, they lack advanced capabilities such as sponsored-based guest access, automated on-boarding, and time-limited access. These features can make guest access more secure while also improving the guest user experience.
Solution: The unification of remote, cloud and local access can help to eliminate traditional and emerging security threats – and provide a great user experience.
A unified Network Access Control solution ensures that regardless of whether a user is a local, remote, or guest user, and regardless of their device – corporate, BYOD or IoT - every user/device trying to access resources in the corporate network, is rigorously authenticated through strict policy enforcement and device-compliance checking measures. A Next-Gen Network Access Control solution allows you to view all the devices on your network, where they’re coming from and what they’re doing inside the network while also ensuring automated threat response via behavioral analytics and integration with security infrastructure. In the case of suspicious behavior detected by behavioral analytics, the solution can activate adaptive authentication and take control. Such a solution also has the capability to intelligently identify devices or users and adapt to their changing platform of use, without the need for logging in twice, thus enhancing user experience with Single Sign On across on-premises and cloud.
What is Pulse Policy Secure?
Pulse Policy Secure is a vendor agnostic and Hybrid-IT focused unified Next-Gen Network Access Control solution that not only protects your organization’s enterprise network from internal threats but also provides visibility into, and consistent secure access for, users connecting remotely through VPN without the need for multiple logins. The on-box Profiler gives you complete visibility and enables control of all devices connected to the network: wired, wireless, and remote.
Pulse Policy Secure vs traditional NAC Solutions – A comparison.
Pulse Policy Secure benefits at a glance:
Fig 3. How Pulse Policy Secure protects your organization
For more information, please visit Pulse Secure at www.pulsesecure.net
Read the datasheet
Gartner's latest report: Gartner’s report on network security and zero trust
Download a virtual demo, click here