Security Program Controls/Technologies

Securing Third-Party Remote Access: Where APA Fits In


Securing access anywhere, anytime. This simple idea, which we have been passionate about since the founding of Fishtech Group, has taken on new urgency amid the coronavirus pandemic.

With the recent worldwide shift of a large portion of the global workforce to social distancing by way of working from home, issues and challenges around remote access, business continuity, and even disaster recovery have become a priority.

Solutions around securing remote access like multi-factor authentication, VDI, and even VPN solutions only solve part of the problem. Thinking holistically on the remote access challenge is key. Organizations should start by asking themselves the following:

  • Are users still using corporate-owned devices from their home or are they now using their own personal remote devices?
  • Are we able to enforce patch management and push our DLP strategies to the remote devices?
  • Are we still able to enforce authorization after authentication to the user?
  • Have we validated the network segmentation strategy including cloud access from the remote access address pool?
  • Are there concerns with latency issues for the remote workers and the data they are working on or accessing?

These are just a sample of the basic questions to ask as you deploy your remote strategies. Another challenge we are seeing our customers face is regarding 3rd party contractors who may not use corporate-owned devices. In our case, we were able to secure their access previously, because they were probably coming from corporate networks with corporate security standards and images being enforced.

Contractors and Outsourced Support: Who Has Access?

As 3rd party contractors, or otherwise outsourced support, now move to work remote, how are we able to enforce who they are, what they can access, and make sure their endpoints are secure?

Fortunately, there is technology available to take advantage of the cloud for access. For example, pushing controls down to “per application” level security and integrating with VPN or SSO technologies to create an “Application Private Access” layer for security.  This may become a newer and easier way of pushing out a layer of defense in-depth since physical access to systems is now limited.

The “APA” model allows for security controls to be built into this new type of remote access, with requirements such as DLP, endpoint enforcement, and even open API’s for log management and integration into Authentication and Authorization systems. Furthermore, in deploying a cloud-based solution, another added benefit is the ability to build this “APA” tunnel to the closest GEO location, solving general latency issues as they connect back to main corporate datacenters.

Many businesses are needing to adapt to a “new normal” with the increased amount of remote work needed from their employees as we all work to adapt to the curveball that has been sent our way. This also becomes a perfect time to refine how you do business and overcome challenges as they present themselves, like securing third party remote access.

Blog courtesy of Fishtech Group, a data-driven cybersecurity services provider. Read more Fishtech Group blogs here.