View our webinar to see how Microsoft and Zscaler are teaming up to keep your users and data safe
In a world of ever-increasing cyberthreats, keeping your organization, its employees, and your data safe is becoming even more difficult than it was before. As you look for the best ways to improve security, the success stories from peers and industry best practices can often offer actionable help.
MAN Energy Solutions, a leader in the marine, energy, and industrial sectors, has been driving cloud transformation across its business to support its increasingly mobile workforce of 16,000 employees. As with any transformation, there were challenges—as the company began to adopt cloud services, the IT teams quickly realized that the benefits of the cloud could be offset by poor user experience, increasing appliance and networking costs, and an expanded attack surface.
So, as an alternative to the traditional cloud adoption approach, in 2017, MAN Energy Solutions implemented “Blackcloud,” an initiative that left all privately managed apps with a zero-attack surface. A virtual private network (VPN) was no longer necessary to connect to these apps. Instead, when a user—mobile or HQ-based—needs access to an application, an outbound connection is created from the app to the authenticated user. App IP addresses are never exposed to the internet, eliminating DDoS attacks. And since the user is never placed on the corporate network, there can be no lateral movement of bad actors or malware.
MAN Energy’s Blackcloud approach is based on the concept of zero trust. In our recent webinar with Microsoft, Powering Fast and Secure Access to All Apps, Dhawal Sharma, Sr. Director of Product Management at Zscaler, and Jairo Cadena, Principal Program Manager at Microsoft, discussed zero trust access to hybrid applications, and addressed the three key areas around the implementation of such access. These are:
Conditional access: Today, apps are in hybrid, multicloud environments, and users are increasingly mobile. In this world, enterprises need to deliver varying levels of access privileges to these users depending on user identity, the location a user is requesting access from, the application being accessed, and the real-time risk. Based on these assessments, the enterprise must be able to either allow access, request for additional authentication, or limit or deny access. Microsoft’s Azure Active Directory offers the intelligence needed to establish allow/limit/deny access based on user identity and real-time context. Compared to legacy approaches in which each user gets access to the entire corporate network, the concept of conditional access uses identity and real-time context, thus granting just-in-time and just-enough access to each user. This enables the enterprise to minimize:
- Risk/probability of a breach
- Lateral impact in case a breach does occur
Security and policy enforcement: Once identity and real-time context have been established, end-to-end secure access must be set up between each user and each application. So, when a user needs access to applications, an individual encrypted tunnel is created for each application the user needs and is allowed to access. This individualized access is made possible with Zscaler Private Access. Applications connect to users via inside-out connectivity—app to Zscaler and user to Zscaler—Zscaler then stitches the connections together. Users are never placed on the network (meaning there’s no possibility of the lateral spread of malware). This approach supports managed and unmanaged devices and any private application (not just web apps).
User and administrator experience: For any security model to be adopted by the end user, it must offer a frictionless user experience. Here are a few benefits you can offer your users:
- Passwordless authentication
- The absence of a VPN client login, no matter the user’s location when requesting access
- Low-latency connectivity via a direct path (vs. backhauled) to the application
The result is that your security model is adopted without complaints. To make administration easy for you, Zscaler’s integration with Microsoft Intune allows you to push the Zscaler agent onto endpoint devices and set conditional access policies via the Intune console itself. Check out the webinar recording for more details about this workflow.
The integrations for secure access to hybrid applications are part of a much larger Zscaler partnership with Microsoft—a partnership that is growing deeper by the day. As the zero trust model evolves and your enterprise continues to invest in Microsoft technologies, Zscaler will prove to be the ideal cloud security platform for you.
Want to learn more?
If you’d like to learn more about the MAN Energy zero trust deployment, read the case study.
Akshay Kakar is the Zscaler Head of Partner Marketing