In an earlier blog, "Remote Access no longer needs to be Complex and Cumbersome", I wrote about the new game-changing remote access solution available from Akamai called Enterprise Application Access (EAA). My thesis was that in our cloud-first, mobile-dominated world, providing access to behind-the-firewall applications need not be as complex as with today's traditional DMZ/VPNs infrastructure.
How can this seemingly counter-intuitive statement be true? While my intent is not to go into an EAA deep dive architectural discussion (there are other documents available that cover that in detail), it is important to understand that:
- EAA is a cloud based service with a unique dual-cloud architecture that closes all inbound firewall ports while providing authenticated end users access to only their specific applications. EAA integrates data-path protection, identity access, 2fa, application security, and management visibility and control into a single service. It is an integrated, globally-distributed service designed to eliminate the time and complexity of building a remote access solution out of component parts and can be deployed in every kind of data center or hybrid cloud infrastructure in minutes.
- By using this kind of architecture, an IT organization can eliminate much of the complexity, overhead and frustration associated with the hardware/software of traditional access architectures. In a 2016 survey conducted by Soha Systems (now part of Akamai Technologies), over 200 IT and InfoSec professionals said that enabling remote access to applications required them to touch up, on average, 9 to 14 different network components. (The survey's summary infographic can be found here.)
Still, some organizations are experimenting with their own, home-grown, cloud-based access architectures. While this is doable, it is a tremendously complex and expensive undertaking. A popular view is to build a traditional perimeter in the cloud using familiar data center network functions: Firewalls, Application Delivery Controllers (ADC), WAN optimization, VPNs, etc. Once you have applied the traditional DMZ to the cloud, you still must deal with mobile users, apps and devices the same old way (largely through setting up zones/VLANs but with the added complexity of integrating directory management, multi-factor authentication and other functions.) The cost of building just a simple perimeter in one cloud can easily reach $100,000. Usually companies have many clouds, across different providers, leading to the potential of investing millions of dollars for deploying and managing these cloud security perimeters.
Clearly, for most enterprises, building perimeters in the cloud should be approached with trepidation. Which is why eliminating infrastructure cost is such a strong tenant of Enterprise Application Access.
Want to know more? Here is a short Enterprise Application Access video that highlights why remote access no longer needs to be complex.