Written by Jason Garbis on July 17, 2020
Simplicity, Automation and Zero Trust
Complexity is the enemy of security, yet enterprise IT is highly complex. Bringing automation to deployment, tasks and management of security infrastructure can simplify and reduce human error. Appgate’s SDP 5.2 release brings added simplicity in deployment and management.
Today’s Enterprise IT environments are diverse, distributed, and dynamic, and the job of securing these environments is complex and high-risk. It’s unlikely anyone would argue these aren’t complex problems – this is an inherent part of our world’s dependence on software, networks, and IT. As technical people, we embrace this complexity, and work hard to understand and secure it. However, an all too-frequent result is that our solutions end up being complex as well. And complex solutions risk being only marginally better than a complex problem.
Let’s put this in context of enterprise security. If I have a security problem, which requires 20% of someone’s time to manage and monitor a new solution, I’ve only “squeezed the balloon” and moved the problem somewhere else. This is why security teams are scrutinizing vendors about their solutions orchestration and automation capabilities. We support and applaud this approach; enterprise IT and security are only getting more complex, and security and operations teams need to prioritize solutions which can simplify and automate their environments.
These two goals connect well together, especially when viewed from the perspective of a Zero Trust initiative. Zero Trust is predicated on a set of distributed policy enforcement points, which automatically receive and enforce access policies from a centralized policy decision point. The Zero Trust policies are defined using descriptive, context-sensitive, and identity-centric terms which are all far simpler than traditional network firewall rules.
Zero Trust is a comprehensive vision and a strategic journey for enterprise and security teams, which requires the right platform to build on. We’re proud of the functionally rich Zero Trust security solution we’ve built – AppGate SDP – and the success that customers such as FINRA and The Third Floor have achieved.
AppGate's SDP ability to simplify and automate Zero Trust security is a big part of our customers’ success, and we’re committed to making things even easier for our them. As such, we’ve prioritized simplicity and automation as two big themes in the most recent release of AppGate SDP.
Enterprise networks are heterogenous and complex, but the Software-Defined Perimeter architecture, acting as a security overlay, helps normalize and unify the environment. By enforcing a single policy model across the environment, organizations can manage and secure a heterogenous infrastructure from within a single homogenous policy model. This can be applied equally well across different network topologies, whether it’s physical or virtual on-premises, cloud-based, or hybrid.
Complex enterprise network topologies are often difficult to secure, and the new Connector Express capability of AppGate SDP can help tame this. By utilizing this new feature, you can easily deploy a connector into a location such as a branch office, and immediately get secure remote access with fine-grained access control, context-sensitive policies, and identity provider integration. In addition, you can do so without any networking changes, or without requiring any inbound connections or changes to your DMZ. For branch offices, what today might require broad network access across a WAN can turn into fine-grained access with commodity ISP connectivity. This can save considerable costs, for example by retiring on-premises network or security hardware or software, or by eliminating WAN costs.
For cloud environments, this solution can easily provide fine-grained, secure access for users, with authentication and attributes driven by an enterprise identity system. And, by using AppGate SDP’s ability to dynamically resolve cloud workloads based on metadata, policies can be dynamically and automatically assigned – which brings us to our second main theme.
Manual activities are antithetical to security – today’s businesses, infrastructure, and people just operate too quickly to rely on them. If security cannot keep up, it will default to wide-open and put the business at risk. Securing enterprise environments requires a Zero Trust platform that’s designed to be adaptive and automated with a rich set of APIs and extension points. Not only that, but it needs to support a modern and automated approach to infrastructure: DevOps. In support of this initiative, we’re pleased to have released a Terraform provider as part of our commitment to open source add-ons to AppGate SDP – https://github.com/appgate/sdp. With this, customers can automate and achieve “infrastructure as code” for not only their access policies, but also their security infrastructure.
We’re excited about this latest release of AppGate SDP, and about the benefits it provides. With this, release, enterprises can eliminate VPNs and reduce manual integration tasks. They can simplify their WANs, and enable automated policy enforcement across a heterogenous infrastructure. And they can enable and embrace DevOps with automated deployments and configurations across their infrastructure.
Zero Trust is a rapidly growing and exciting part of infosec, but it can be a challenging journey. We’re pleased by the value that our customers have obtained, and excited about what the future holds in store.
A Few Ways to Learn More:
- Visit the AppGate SDP Webpage
- Read the Definitive Guide to SDP
- Talk to an Expert
- Test Drive AppGate SDP