Securing Remote Access for Contractors, 3rd Parties & Employees

According to the U.S. Bureau of Labor Statistics and research by Harvard and Princeton, there were about 15 million independent contractors in 2019. And this was before the pandemic. This does not include contractors and consultants that are working for U.S. companies from overseas. Nor does it include 42% of U.S. employees working from home in June of 2020.  

Organizations moved at lightning speed to ensure access to their remote workforce. They moved applications to the cloud and opened up access to applications and sensitive information. They also extended existing mechanisms of granting remote access – like VPNs, to encompass access to a wide array of resources. In other cases, they deployed zero trust solutions (like ZTNA) to meet remote access needs. Of course, like all decisions and with every crisis, organizations were forced to make tradeoffs. 

As companies evaluate the systems deployed, they must take a second look at security. During the initial rollout it might not have been possible to put the necessary controls in place to adequately secure data. Ignoring it any further is likely to result in data breaches. In 2021 there have been almost 1,800 publicly reported breaches. And we are only in the third quarter.  

Challenges with Legacy Remote Access

 There are many challenges associated with using tools built for a network-centric world in a cloud- and application-centric world. The most critical of these are the following:

 

Challenges of existing remote access solutions like VPN and ZTNA

  1. Operational challenges in deployment and maintenance, plus an undesirable user experience

Operational complexity arises from a combination of factors, and it often results in a compromised user experience. Key issues with legacy remote access include:

    • Shipping and managing devices to contractor or 3rd parties around the globe
    • Risk of malware propagation and lateral movement from unmanaged devices  
    • Deploying and managing agents at endpoints
    • Addressing performance issues that result from centralizing traffic or hairpinning traffic 
  1. Lack of continuous monitoring and granular visibility

One of the reasons organizations are looking to replace VPN strategies is the loss of visibility with VPNs. The inability to inspect individual transactions and establish context of the interactions pose unique challenges. Lack of visibility impedes the ability to identify the type of data being accessed and operations being performed on the data.

This in turn hinders the ability to achieve data loss prevention. As one CISO said, “I know where my data is, I just don’t know what it is.” This visibility is important as organizations grant employees, contractors, and third parties access to sensitive data and resources.

  1. Inability to apply real-time granular data access control

Legacy technology, and solutions like ZTNA, pose a problem with its lack of focus on data security. Additional challenges include providing granular controls that can be applied in real-time, for access to data and applications. Securing contractor, employee, and third party access requires a flexible policy framework that incorporates granular context for continuous authorization.

The solution must also be able to determine if sensitive data, like personally identifiable information (PII) is being accessed. It should also be able to identify the type of PII accessed. The ability to automatically classify data and identify data leakage through deeper analysis of access requests is required for data loss prevention. This should be the foundation of a zero-trust data centric secure remote access solution.

  1. Siloed approach to applications and platforms

Adaptation of security means creating solutions that meet the challenges of the new world. We have come to understand that providing security is not the function of a single tool, but requires a layered approach. 

A layered approach should not require a separate solution for each application or Infrastructure as a Service (IaaS) platform. It means that the solution chosen should be able to protect data on a wide array of applications and infrastructure. 

  1. Lack of integration with your existing security infrastructure

Security is a team sport. Security tools need to integrate or have the ability to work with a variety of tools. Protecting data, preventing unauthorized access, preventing the lateral movement of malware and visibility rely on less complex integration. This requires adherence to data exchange formats, providing a set of open APIs and/or a robust partner ecosystem.  

The Appaegis Approach

Appaegis provides data-centric Zero Trust to address the secure remote access needs of the modern cloud and application-centric world. The distributed nature of the workforce requires a secure work-from-anywhere solution. Appaegis provides a solution that can ensure secure third party access, contractor access or employee access, and protect data.

 Appaegis Isolation Access Cloud (IAC) incorporates isolation technology to deliver the following benefits:

  • Secure access to applications and data
  • Continuous granular visibility
  • Real-time control and enforcement for data access
  • Protection against the lateral movement of malware and zero day exploits
  • Centralized control that works across a wide range of applications and platforms

Some of the key capabilities offered by Appaegis that help mitigate the challenges described above include:

  • Granular logging and continuous monitoring
  • Flexible policy framework with real-time data enforcement
  • Agentless and easy deployment, built on browser isolation technology
  • Application and platform agnostic approach
  • Integration with existing security solutions

To read more about our product and the associated benefits click here.

Conclusion

There are several dynamics driving the modern organization. Infrastructure has shifted from a monolith to a hybrid world with on-premise deployments, private cloud, public cloud and SaaS. The workforce includes employees working in the office, those working remotely, contractors and third parties that could be anywhere. Threats are evolving at a break-neck pace.

Appaegis provides a solution to meet these challenges. Appaegis IAC provides secure, context-based continuous authorization for data access. It provides granular visibility of all data-in-motion. Appaegis IAC’s agentless approach leverages browser isolation, protecting against malicious endpoint threats and preventing the lateral movement of malware.

 To learn more about our solution, share your perspective, or explore opportunities to work with us, click here. 

Back to Blog

Related Articles

Data Security in a Zero Trust World

General Electric, Facebook, Equifax, U.S. Marshals, Microsoft, MGM, GoDaddy, Amtrak…and the list...

How to Make Data Central to Zero Trust

I had talked about Zero Trust in our previous blog. One of the key elements I discussed was the...

Contextualizing Zero Trust for Data Security

Zero Trust is often used to codify an approach to security.  What it means for each individual...