Software-defined perimeter (SDP), also known as Zero Trust Network Access (ZTNA), is a new approach for securing remote access to business applications both on-premises and in the cloud. SDP is an integral part of Gartner’s Secure Access Service Edge (SASE) framework.
Enterprises have long relied on virtual private networks (VPNs) to connect mobile or remote users to applications and other network resources. But, traditional VPNs are poorly suited for the shift to the cloud and to the increase in work-from-home users. VPNs rely on appliances, such as firewalls or VPN concentrators, forcing remote users’ traffic to specific physical locations. This architecture adds latency and creates capacity constraints. Once connected through a VPN, users are trusted with access to all resources on the network, increasing the risk of malware propagation and data breach. And, to reach the VPN gateways, users must rely on the unpredictable. Overall, legacy VPN architectures expose the enterprise to attacks and adversely impact the user experience, especially when accessing cloud applications.
Cloud-native SDP delivers secure remote access as an integral part of a company’s global network and security infrastructure. A global, cloud-scale platform supports any number of remote users within their geographical regions. Performance improves with end-to-end optimized access to any application using a global private backbone. Risk is minimized before and after users access the network through strong authentication and continuous traffic inspection for threat prevention. Cloud-native SDP makes mobile access easy — easy to deploy, easy to use, and easy to secure.
“Mobile VPN is my secret BCP [business continuity plan] in my back pocket. If my global network goes down, I can be like Batman and whip this thing out.”
- Stuart Gail, Infrastructure Architect, Network and Systems Group
Remote and mobile access to on premises and cloud applications is challenging legacy VPN appliance-based architectures. Cloud traffic is forced through chokepoints at physical locations adding latency. VPN concentrators are needed for global coverage, scale, and load balancing. And, unrestricted network access creates excessive security risk.
ICG provides an integrated client-based and clientless remote access solutions as part of the ICG SD-WAN. Users benefit from optimized and secure access to all applications on-premises and in the cloud while at home or on the road. ICG enforces strong authentication and granular access control as well as deep packet inspection of all traffic against threats. ICG's global cloud-scale platform seamlessly supports any number of users and applications globally.
Legacy VPN requires specialized hardware appliances and regional concentrators, to cover a global workforce. Because the architecture is appliance-based, it is subject to capacity constraints, especially with a sudden increase in work-from-home users.
SDP is an integral part of ICG Cloud Connect SD-WAN, a global, cloud-native architecture. ICG seamlessly scales to support optimized and secure access to any number of globally distributed users without requiring setting up any additional infrastructure.
Legacy VPN provides secure access to whole networks. This expands the attack surface and enables excessive access that increases the risk of compromise and data breach.
ICG SD-WAN enforces multi-factor authentication and granular application access policies that restrict access to approved applications, on premise and in the cloud. The user never gets unrestricted access to the network layer.
Legacy VPN rarely includes continuous deep packet inspection (DPI) to protect against threats post authentication. This enables propagation of threats inside corporate networks that emanate from compromised endpoints.
ICG provides continuous protection against threats, applying deep packet inspection (DPI) for threat prevention to all traffic regardless of source and destination. Protection is seamlessly extended to Internet access, as well as application access on-premises and in the cloud.
Legacy VPN requires mobile users to access resources across the public Internet. The increased latency and packet loss of public Internet routing undermines the user experience.
With ICG remote users access resources, on-premises and in the cloud, through ICG's global private backbone which delivers a consistent and optimized user experience.
Legacy VPN is designed to enable access for a subset of users over short periods of time. It’s not designed for 24×7 access to all users that are needed in business continuity scenarios.
ICG provides a globally distributed, cloud-scale platform to enable continuous access to all employees in the office, on the road, or at home.
Learn more about SD-WAN Secure Remote Access
Face to face or over Zoom, we are here to help you.