What is the most effective way to provide users with secure access to all the apps they need to work remotely?

Implementing a cloud-based access management and multi-factor authentication solution to secure access to both cloud services and on-premises apps can protect enterprise and cloud applications at the access point by keeping the bad guys out, while still offering your employees an easy way to log into the applications they need – from home, or any other location outside the office.

The most effective way to provide users with secure access to all the apps they need is to rely on a cloud-based IDaaS solution, such as SafeNet Trusted Access, instead of relying on a VPN, WAM, or on-premise access management and single sign on solutions. Cloud-based access management and authentication services offer tangible advantages over on-premises solutions such as a VPN, WAM, or on-premises SSO, including:

  • They are easier, faster and simpler to deploy than on-premise solutions
  • User access is achieved from the cloud to the cloud, meaning you are avoiding any on-premises bottlenecks
  • They don’t have the complexity of a VPN which typically requires client software to be installed and configured which is not easy to do in case of emergency
  • The user experience is more intuitive and better than with a VPN, since authentication is part of the login workflow

When you need to get a new system up and running quickly in a crisis, selecting an IDaaS solution can be stressful. Below are a few basic considerations when assessing an access management and authentication service so your employees can work remotely and securely from home.

Efficiency and deployment

A cloud-based solution will allow you to get up and running quickly without the need for heavy on premises installations. When assessing your solution, it is advisable to check how many on-premises components you will need to install, and how many servers you will need, and how the additional servers you’ll need in order to maintain redundancy. In this regard, a solution’s support for cloud-based RADIUS, and a cloud-based IDP are significant factors in your ability to get up and running quickly. Likewise, solutions that require the installation of on-premises gateways will require additional implementation lead time, servers and maintenance.

Automation

Especially in a crisis, you need to enroll users quickly, with minimum friction and help desk calls. By subscribing to a service that provides automated token enrollment workflows and one-click token installment for end users, your organization will be able to self-enroll quickly and reduce IT burdens. Instead, businesses should avoid a multi-step, manual token enrollment which is error prone and resource consuming.

Authentication and token flexibility

Software and token-less authentication methods are ideal for remote employees. Combined with easy, automated token enrollment will ensure your users have a seamless log-in experience. To support all users’ needs, look for a solution that can offer a range of authentication methods that can accommodate varying needs and security levels. These include: Push OTP app (which can be installed on a mobile device or desktop); SMS or email code sent to a mobile device or email address; pattern-based authentication, a token-less method that does not require users to install any software on an end device. Look for a solution that can centrally manage and provision a variety of software and token-less authentication methods to users remotely. Avoid any solution that offers only one or two methods of user authentication.

Ability to access all apps and cloud services

Does the remote cloud access management service support the applications your enterprise regularly uses? While working from home, you might need to access Salesforce, Dropbox, Confluence or other services. Consider implementing an access management service that can manage several apps within the same platform and secure your VPN with remote access. Look for a solution that can secure access to apps via SAML, RADIUS and non-standards-based apps and avoid any solution that can only secure cloud and web-based apps. This way you will be able to protect all apps with a single solution and offer convenience with single-sign-on.

Smart SSO for optimal security and convenience

To offer the most frictionless experience possible without sacrificing security, organizations can leverage cloud SSO combined with contextual information and step-up authentication. This allows users to access all their cloud and web applications with a single identity, while IT only needs to enforce stronger access security in high-risk situations. Therefore, look for a solution that offers step up and conditional access based on access policies, while avoiding any solution that offers broad SSO allowing access to all apps with the same credential. With smart SSO, end users can maintain business productivity and reduce the hassle of having to re-authenticate to multiple apps.

Provide flexible policies

While you will want your employees to be able to work at home, your access management service might not consider their remote IP addresses or geographical regions as a trusted network. By subscribing to a cloud access management service with flexible policies, you can whitelist or blacklist groups of users according to IPs and receive reports regarding login activities.  Such a service will be able to step up authentication for untrusted networks and ease the level of authentication method required for the whitelisted networks. Similarly, you can establish policies that will vary authentication rules according to application.

Transparent licensing model

Many services on the market today have very complicated pricing models. Some vendors’ licensing packages are bundled with numerous services that you may not need–meaning you will be paying a premium for capabilities that won’t be used. Other vendors use a ‘pay per feature’ model that turn out to be very costly. Both approaches make it difficult to calculate how much you will be paying at the end of the day, and what features you will get. When under pressure to purchase and implement a solution quickly, you don’t have the time for in-depth cost projections. Therefore, you should look for a dedicated access management and authentication solution with a transparent pricing model and the features you need.

In the last part of our series we will focus on considerations to secure your corporate data while they are being accessed remote by your employees.

Learn more about how Thales can help your organization prepare to respond in a crisis by contacting our specialists.