IT Brief Australia - Technology news for CIOs & IT decision-makers
Australia
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things
Search
Story image
#
Network Security
#
IoT
#
BYOD

Secure remote access: Securely connecting devices you don’t own

Today
By Bruce Johnson, Sr. Product Marketing Manager - Security, Ericsson Enterprise Wireless Solutions, Ericsson

Let's face it — it's impossible to control every device that exists on a network. This is especially true as companies are leveraging more IoT devices than ever. While IoT devices provide great business value with streamlined data sharing and automated processes, a third-party typically handles maintenance and monitoring, as company IT resources don't have the specific expertise needed.  Third parties often connect with their own laptops or tablets to conduct these managed services and need access to your network to do their jobs.

According to recent data, nearly half of organisations suffered a cyber incident involving a third party within the last year. So that begs the question: If introducing third-party devices to your network presents certain risks — but you still need these managed services — how do you protect your network and applications? The answer lies in a clientless zero-trust network access (ZTNA) solution. 

The challenges with traditional third-party remote connectivity

Currently, virtual private networks, or VPNs, are the more traditional methods for trying to protect your network from outside attacks.  Although the VPN requires a login for access, once in the network, the risk of lateral movement is very real.  So, when the third-party logs into the network with a VPN client to take care of required business, they may be able to access more than they really need to.  Another challenge is that since you don't "manage" these third-parties or contractors, the client approach doesn't really work.  The third challenge is that since you don't "manage" these devices, you can't predict their security posture, and they could potentially infect company systems with malware.  

Let use the "hotel elevator" analogy to explain. Say your hotel is a network, and maintenance personnel must fix the HVAC unit in a room on the 5th floor. Through a VPN approach, you would allow the person access to your hotel elevator to repair the HVAC unit.   

The problem with this scenario, and ultimately the VPN approach, is that nothing prevents the maintenance person from getting off at the 3rd floor and just roaming the halls. There's also the possibility that, as the repair person gets onto the elevator, someone meaning to do the hotel harm follows them into the elevator and gains access to another floor. 

The bad actor who hops on the elevator represents a threat actor who piggybacks on a third-party device. Their ability to roam the third floor represents the dangerous lateral movement that can cripple a network. Once a threat actor is in, it can be hard to stop the scale and severity of an attack in a legacy VPN environment. IoT devices are a favorite target of bad actors because they are difficult to secure and often haven't been updated or had their default password changed.   

Using zero trust to allow access only to specific resources

In our analogy, what if you could drop the maintenance person in the 5th floor room and ensure he couldn't go anywhere else? That's the essence of a clientless ZTNA solution. Zero trust principles at their core deny all network access by default, with specific access being allowed by policy through the network administrator.  A comprehensive clientless ZTNA approach takes this a step further, protecting company applications by isolating user interaction with permitted applications using air gapped cloud containers.  Even if the third-party has malware on his device, it can't infect the company systems. 

This approach has multiple advantages. First, lateral movement is no longer a possibility, even for vulnerable IoT devices as the zero trust least privilege principle prevents default east-west movement.  Contractors can securely access the IoT device they're managing through the isolated portal. Second, if the third party unknowingly has malware on their device, company applications are protected because the third party interacts with the application through an isolated portal.     

A clientless ZTNA approach isn't only for third-party contractors. Some organisations may not have the financial resources to provide company managed laptops to all employees.  Instead, they opt for a bring-your-own-device (BYOD) model. With clientless ZTNA, network administrators can secure their environments through policy, allowing BYOD users to access resources set up by policy. Company systems are protected from potential malware on the employees' personal devices by isolating their interaction with applications in a cloud container.

Clientless ZTNA solutions are ideal for companies working to secure and support large numbers of IoT and OT devices.  These devices are increasingly connecting to 4G and 5G wireless WANs. Companies are looking to contractors to manage and monitor these devices as already overburdened IT teams typically lack specific knowledge to manage IoT and OT devices.  A clientless ZTNA solutions is a big advantage to the IT team. It creates an avenue through which the enterprise can leverage all the benefits of IoT devices while enabling secure connectivity to these resources by third parties.   

Safely preparing for the future

The scale of IoT deployments won't diminish anytime soon. In fact, data points to a boom in the number and scale of IoT deployments across multiple industries. Clientless ZTNA enables third parties and contractors to securely connect to IoT and OT devices through an isolated portal.  With this approach, enterprise network administrators can offload management of IoT and OT devices while reducing the risk of lateral movement and malware.  Whether its contractors managing and monitoring IoT devices or employees using their own devices for network access, clientless ZTNA lays the groundwork for successful and secure device deployments in the future.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
AI and robotics drive global transformation in manufacturing
BlackFog unveils AI update to detect dormant cyber attackers
GenAI promises manufacturing boost but firms lack readiness
Netgear unveils new business strategy with AI & AV growth
Cloudflare & Anthropic team up to power secure AI app links
Top stories
AI arms race fuels surge in cybercrime & deepfake scams
Wavelink partners with Honeywell to expand mobility solutions
SAP appoints Peter Moore as head of APAC partner ecosystem
Datadog acquires Eppo to enhance feature flagging analytics
Software Combined acquires Removify to boost global expansion