A USE-CASE FOR SIMPLIFIED ACCESS TO IT-RESOURCES
A medium sized organisation required secure connectivity to their cloud environments on-site applications. The primary focus was their Sales and R&D business units which required differentiated access to CRM, AWS and on-premise applications. Realizing they could easily step away from the massive effort maintaining their legacy VPN, with distributed and complicated application management not provide the agility, easy installment of client applications they need - and their current setup didn't support the monitoring of users accessing servers, networks and applications. Helping them realize to change, was the help-desk support reporting an overrepresentation of VPN-related tickets.
The organisation had a few options. For convenience, but also the least secure option, they could leave their application open to the Internt. An assessment from an external consultancy made it clear this approach would leave them at high risk for a number of cybersecurity threats including DDoS attacks, brute force attacks, zero day exploits, leaked credentials, lateral movement and more.
They could have done better firewalling, but the assessment also showed that blocking of IPs was a cumbersome process only protecting their data at the packet level and still left network security threats open - and the VPN itself proved to be a time consuming hardware installation, impractical and expensive due to high bandwidth costs from backhauling traffic via MPLS.
Various options was evaluated - from using an ad-hoc solution, like an AWS “Direct Connect” or Azure “Virtual Network” which proved not to be a scalable alternative to protect their IaaS workloads. These alternatives proved not to include the user-friendly client application deployments, on-off-boarding of users, resources etc., the monitoring/auditing, and cross-platform compatibility that was required and which is beneficial to IT admins.
They decided to lower cost of operation and complexity - eliminate much of the VPN-hardware costs and reduce complexity helping lower the extensive management and personnel burden.
Now the organisation don't waste time and resources on every deployment of a new VPN endpoint and client configuration, and their hybrid and IaaS environment could not be supported very well with a traditional VPN-solution anyway.
The solution was SDP (Software Defined Perimeter), offering segmented access for entitled and authenticated users, rather than access to the entire network for every user.
SDP provide the organisation with an extremely secure, easy, manageable & segmented virtual private connectivity and access solution, allowing then to seamlessly deploy new IT-resources, SDP access points and their IT-team can easily provision new segmented cloud and application services.