The 80% increase in cybercrime over the past year was directly caused by the global shift to remote working. Having a work from home policy presents unique challenges for network architects. At the forefront of these challenges is security. There needs to be a way for network architects to satisfy the demand for safe and secure remote access.
Is Zero Trust the Answer?
The term “Zero Trust” has been getting thrown around as a solution to all our network architecture issues. But what is it?
Zero Trust is an idea that no one, internal or external, should be granted complete access to your sensitive data. In practice Zero Trust architects do their best to limit the network access of everyone in their business, from their interns to their C-level executives, to only the machines or servers that they need to complete their day-to-day tasks.
The idea of Zero Trust is not novel to the Pandemic, the idea has been around since 2009 when Google was accredited for deploying the first true Zero Trust network architecture, BeyondCorp.
Support for Zero Trust networks has only grown. Unfortunately, most privileged access management solutions are not optimized to function in a remote work environment. If only there was a solution that enabled remote access and could be built into a Zero Trust environment!
Introducing the Leostream Platform
The Leostream Platform is a remote access and connection management suite of tools that delivers discrete and secure connections from anywhere, to anything, at any time. And it is built to satisfy the demands of the strictest Zero Trust network architect!
For $7 dollars a month/per user Leostream customers can enjoy an unlimited number of Leostream Gateways, Clustered Connection Brokers, Leostream Agents, and Leostream Connect clients.
So how does it work?
Building a Zero Trust Environment with Leostream
Zero Trust enthusiasts love the Leostream Platform for its authentication and connection management.
The Leostream Platform integrates directly with your Active Directory, OpenLDAP based directory services, and even NIS if you are a Linux shop. Any login information from any of these services can be used with the Leostream Connection Broker for authentication. However, AD authentication alone will not satisfy any Zero Trust network architects. You also need Multi-Factor Authentication.
Lucky for you the Leostream Platform integrates with SAML, RADIUS, and DUO, which together enable a wide range of MFA options from Azure MFA to Okta. Zero Trust architects advocate for the use of MFA because it adds another protection layer into your architecture. This added layer of protection is designed to create an additional step to verify that the user logging in is who they are supposed to be and can be a strong deterrent for opportunistic cybercriminals.
Authentication is important, but Zero Trust network architects do not stop there. After a user has access to their resources, it is important that access to those resources is appropriately managed. You can use the Leostream Platform to create time sensitive access to your resources, further securing them.
Leostream pools, release plans, power control plans, and policies work in concert to narrowly define when resources are available, and for how long.You can configure your release plans to determine what happens when a user disconnects or logs out from their resource and what happens after a desktop is first assigned, goes idle, or is released. Similarly, power control plans can be used to control the power state of a machine based on these events.
Configuring your pools is the next place where you can add time-based security. You can provision pools for users based on time of day. If you only want your employees to be able to access a resource during the afternoon on Mondays and Wednesdays from 3:15 – 5:50, that level of detail is available in the Connection Broker.
After a user disconnects from their resource, release plans determine what happens next, for example, the user’s resource could be released to the pool after a set amount of time. Pools and release plans come together in the Policies section of the Connection Broker. Policies are where you can define what pools a user has access to and what release plans are associated with that pool and determine what actions are taking when a user logs our or is idle.
Audit Level Logging
Lastly, all of this information is recorded in the Leostream logs. The Leostream Platform can be the central repository for all the information about what is going on in your remote access environment. Additional information can be queried by accessing the Resources section of the Connection Broker. This information can also be accessed with any tool that can search a Microsoft SQL Server or PostgreSQL database, so scripting for information visualization can easily be accomplished. This way the Leostream Platform doubles as a great audit-level recording solution in addition to managing secure Zero Trust remote access to your network.
Try it Yourself!
We are currently offering a free 30-day trial of the full Leostream Platform. If you are interested in testing our solution, please reach out to [email protected]