The iboss Zero Trust SASE replaces VPN with ZTNA to improve security and reduce costs
Download this Solution Brief Download PDF
CHALLENGES
Legacy VPNs provide access to resources for remote workers but do not provide tight controls on what resources can be accessed while users are connected. Once a user is connected to the VPN, they have free access to any resource available on the private network. As users interact with resources, no security is applied, such as CASB, malware defense, and Data Loss Prevention, leading to a significant risk of breach and data loss. Because transactions are not inspected, no logging visibility is provided to security teams to detect unauthorized access or data hijacking. To make things worse, the increased number of security point solutions requires different products for VPN, Proxies, and VDI, which are necessary to meet a minimum level of security acceptable to the organization. This increases management overhead and substantially increases costs.
PAIN POINT
VPNs are cumbersome for remote users – When users are remote, they must remember to turn on the VPN to access private or onsite resources.
iboss SOLUTION
Replace VPN with ZTNA – The iboss Zero Trust SASE is an instant replacement for legacy VPN and improves the end-user experience because it runs transparently and automatically with no end-user intervention
KEY BENEFITS
Quickly replace VPN to improve security by providing access on a per-application basis
Consolidate point products such as VPN, Proxies, and VDI with ZTNA, SASE, and Browser Isolation for lower costs
Achieve higher security with continuous adaptive access that evaluates every request for security and compliance
Force MFA and SSO for all applications and services, including legacy applications that do not support SAML
Gain visibility from detailed logging for every interaction between users and sensitive private resources
Ensure devices are compliant before accessing sensitive resources, such as ensuring the device firewall is on, antimalware is running, and the disk is encrypted
SOLUTION
The iboss Zero Trust Secure Access Service Edge is an advanced security solution that completely replaces the functionality delivered by legacy VPNs with a global consolidated cloud security service. The iboss Zero Trust SASE includes ZTNA, CASB, malware defense, compliance policies, Browser Isolation, and logging that applies to users inside and outside the office. The ZTNA capability connects remote users to onsite resources, completely replacing the need for VPN and eliminating the VPN budget line item. ZTNA is substantially more secure than VPN because it only allows remote users to access approved applications while automatically denying access to all other resources in the office. ZTNA also authenticates users with modern SSO, including MFA, and provides continuous authorization so that every access to sensitive resources is inspected for protection. If a device becomes infected, the user is cut from sensitive resources immediately.
In addition, ZTNA connections run through the entire iboss Secure Access Service Edge security stack, which means that CASB, malware defense, DLP, and logging will be applied to each connection. This provides the needed visibility to avoid data theft and the controls required to provide in-app controls to prevent breaches. The ZTNA service is delivered through iboss and does not require VPN concentrator appliances, eliminating CAPEX spending and management overhead. And because the iboss Zero Trust SASE consolidates multiple point products into a single solution, costs are reduced even further.
The iboss platform includes ZTNA to replace VPN, Secure Access Service Edge to replace legacy proxies, and Browser Isolation to replace legacy VDI. As the security technology stack gets consolidated and costs are reduced, users get better security and an improved end-user experience.
KEY CAPABILITIES
- Consolidates VPN, Proxies, and VDI into a single solution that includes ZTNA, Secure Access Service Edge, and Browser Isolation
- Includes CASB, malware defense, DLP, Exact Data Match, compliance policies, and logging for all interactions with sensitive private resources
- Improves the end-user experience while increasing security by isolating access to resources
- Provides SSO and MFA for all types of resource access, including legacy apps, even when those apps do not support SAML or SSO
- Performs device posture checks, such as ensuring antimalware is running, the firewall is on, and the disk is encrypted, before allowing access to sensitive resources
PAIN POINTS
Pain Point | iboss Solution |
---|---|
VPNs are cumbersome for remote users – When users are remote, they must remember to turn on the VPN to access private or onsite resources. | Replace VPN with ZTNA – The iboss Zero Trust SASE is an instant replacement for legacy VPN and improves the end-user experience because it runs transparently and automatically with no end-user intervention |
VPNs are slow and reduce productivity – VPNs are slow because they are saturated with unnecessary traffic being backhauled to be secured at the data center resulting in lost productivity. | ZTNA + Secure Access Service Edge Provides Fast Access - The iboss Zero Trust SASE provides direct access to all applications without the need to traverse a VPN by delivering security in the cloud. This dramatically increases connection speeds and productivity. |
VPNs provide too much access to onsite resources – VPNs cannot provide granular access controls and allow users to access any resource in the office when connected, which increases risk | ZTNA provides granular access controls – The iboss Zero Trust SASE provides per-app access controls and automatically denies all other resources. It also provides a complete security stack and logging to reduce risk and increase compliance. |
Contractors need access to sensitive resources – Third parties and contractors need controlled, secured, and authenticated access to sensitive resources within the enterprise but must install a VPN to obtain it | Contractor Access is Provided Through Browser Isolation – Browser Isolation, the replacement for VDI, allows contractors to access resources through a pane-of-glass using SSO authentication while ensuring security and logging are in place for all transactions, all without software or a VPN. |
USE CASES/BUSINESS VALUE
Use Case/Challenges | Solution Description | Benefits |
---|---|---|
Need to replace legacy VPNs such as Cisco Anyconnect | The iboss Zero Trust SASE provides ZTNA that eliminates VPN and improves security | Quickly replace VPN with ZTNA to reduce costs, increase security and improve the end-user experience. |
Need to provide remote users access to onsite resources | The iboss Zero Trust SASE includes ZTNA that connects users to all resources, including those on-site, from wherever they work. | Eliminates point product solutions, such as VPNs, that only perform one function but consume a separate budget line item. This reduces costs and complexity and allows users to connect to whatever they need to do their most productive work. |
Microsoft O365 traffic has saturated the VPN resulting in slow connections | As a Microsoft Certified Network and Security Partner, the iboss Zero Trust SASE offloads Microsoft O365 traffic and secures the connections directly within the cloud service. The cloud security service enforces Microsoft Tenant Restrictions eliminating the need for traffic backhaul to the data center. | Increased productivity, fewer complaints related to connectivity, and lower costs when implementing Microsoft Tenant Restrictions which are traditionally enforced in the data center using expensive proxy appliances. |
Need to enforce device posture checks before allowing access to sensitive resources for security and compliance | The iboss Zero Trust SASE provides extensive device posture checks that include antimalware, firewall, and disk encryption checks and ensures compliance requirements are met before granting access to sensitive resources. | Dramatically reduces risk and ensures compliance is met without complicated management and configuration overhead. |
Need to allow contractors and third parties access to sensitive resources without the need for a VPN | The iboss Zero Trust SASE provides third-party access through Browser Isolation which supports SSO via Azure, Okta, Ping, or any SAML capable Identity Provider. Isolated sessions are VDI-like, prevent data from touching third-party devices, and only provide access to authorized resources. Browser Isolation eliminates the need for third parties to install VPN software as access is granted through a browser. | Reduce or eliminate the cost of expensive infrastructure related to VDI and replace it with instant Browser Isolation delivered by the iboss Zero Trust SASE. Prevent data from leaking to untrusted devices. Connect contractors without VPN software installs. |
TECHNICAL SOLUTION
VPNs are used to connect remote workers to sensitive onsite resources. When connected, those users have access to anything on the remote network. This increases the risk of breach and data loss as users can access unauthorized resources. If those devices become infected, they can cause damage to data and critical business applications. In addition, the remote user’s network, which may be infected, is connected to the private enterprise network, further increasing the risk of breach.
The iboss Zero Trust SASE can solve the issues related to VPN by replacing VPN with iboss ZTNA. ZTNA is a technology that increases security by only allowing users to access authorized resources while automatically denying access to everything else. In addition, VPNs do not provide visibility or security while users interact with sensitive resources. Because iboss ZTNA is part of the iboss Zero Trust SASE, all connections automatically have protection applied, including CASB, malware defense, DLP, Exact Data Match, compliance policies, HTTPS decrypt and logging at scale and delivered in the cloud.
Download this Solution Brief Download PDF