Akamai Diversity

The Akamai Blog

Zero Trust Security Protects Businesses while Enabling Growth

Many companies have their own applications, internal domains, and local area network (LAN). But when it comes to business applications, organizations are increasingly dependent on cloud-based resources. These may include email servers, customer relationship management (CRM) software, or other applications. However, when access to internal machines by external users is necessary, the most common solutions are centered on virtual private networks (VPNs).

VPNs provide remote access from machines to networks, and between networks -- but when it comes to security, VPNs are not an ideal solution. User access needs to be controlled to keep VPNs secure. For example, a firewall behind a VPN can be used to create rules that block access to different machines and subnetworks from varying origins. Additionally, to ensure high availability that keeps businesses up and running, add-on services that guarantee zero downtime are a necessity.

Companies using cloud-based apps and resources or data centers in multiple geographic locations need well-defined perimeters and backup systems. They also need to invest in ongoing system updates. A lack of internal resources or solid technology growth plan can derail best efforts and create substantial security risks. The good news is that external networking and security vendors can provide cost-effective solutions to help business entities grow in a clean, easy-to-manage, and secure way. 

Akamai is well-known for its content delivery network (CDN) and products that improve performance, customer experience, and conversion. Akamai enterprise solutions are designed to position our customers for sustainable growth and offer the increased security necessary for today's digital transformation consistent with the zero trust security model. 

In 2010, as applications began to migrate from data centers to the cloud, Forrester defined zero trust architecture for IT security. This transition has meant users access applications from everywhere, using many different types of systems, which is how the zero trust model of "never trust and always verify" was born. At Akamai, we believe the best growth strategies for web and cloud-based computing include improved security measures that save companies time and effort while reducing organizational infrastructure complexity. By providing secure, high-performing user experiences on any device, from any location, the Akamai Intelligent Edge Platform reaches globally and delivers locally, offering unmatched reliability, security, and visibility into business conducted online.

Seamlessly transition to a world of cloud applications

Secure Internet Gateway (SIG) platforms can help enterprises make the shift to a globally distributed digital ecosystem, where the Internet becomes the corporate network. SIG platforms are scalable and cloud-native, and consolidate security gateway functions that can be consumed as a service. They can be set up in minutes, versus the hours and days of training classes and certifications associated with legacy solutions. SIG provides DNS security with optional URL inspection and payload analysis that can be activated by pointing the DNS to our recursive DNS in the cloud. With our world network of PoPs, companies can be protected at all layers (including DNS, content filtering, and payload analysis) with a simple configuration that takes about five minutes to set up -- keeping users safe, both on and off the corporate network. SIG detects any attempt of infection in the first point of the chain via DNS requests, and works to help machines stay infection-free from malware, phishing, or command-and-control (CnC) software. In addition, while viewing the DNS protocol, Akamai's solutions are designed to prevent DNS attacks like domain generation algorithms (DGA), fast flux, DNS exfiltration, and other techniques that typical security products don't investigate. 

Defense in depth, security at scale

Our Cloud Security Intelligence is Akamai Big Data, where patterns, lists, and security measures are contained. Thanks to the visibility into Internet traffic through our CDN, third-party feeds, logs from other customers, and public data via registrar and WHOIS, detections are updated continuously. This vastly reduces false positives and improves the detection of zero-day advanced threats. An added benefit includes an indicator of compromise (IOC) for any domain an organization may want to test, along with a historical timeline of that domain.

Proactive protection against zero-day malware

Enterprise Threat Protector is a powerful monitoring system with open APIs that are customizable to the distinct needs of any enterprise. The solution is designed to provide companies quick-to-deploy and easy-to-manage cloud-based protection against the impact of complex targeted threats such as malware, ransomware, phishing, and DNS-based data exfiltration.

Application access redefined: secure, simple, fast

Akamai's cloud-based Enterprise Application Access (EAA) provides multi-factor authentication to increase security when a user logs in, and single sign-on (SSO) to avoid redundancy of credential introduction when accessing multiple applications. Based in the Cloud Identity-Aware Proxy (Cloud IAP) architecture of zero trust, EAA provides remote access to applications, increasing security without the use of VPNs, or costly new hardware or software. EAA consists of a worldwide network of servers that contain the intelligence to provide authentication, acting as an identity provider (IdP) while providing a portal for remote user access to specific applications. EAA Connector software is installed to talk to internal applications and communicate via callouts with Transport Layer Security (TLS) to the EAA cloud servers. This communication mechanism makes it possible to close firewalls to any inbound traffic, while the connector creates outgoing connections to the cloud server. Remote users only need to open a browser and enter the URL of the application they need to access. EAA wraps the applications in a Secure Sockets Layer (SSL) for a secure connection for both the outside user and the enterprise.

The Akamai Intelligent Edge

When you're ready to make your jump to the cloud -- or are looking to switch to a truly seamless digital transformation -- consider Akamai's suite of easy-to-use, nonintrusive solutions. Our intelligent edge platform surrounds everything, from the enterprise to the cloud, so your business and customers can be fast, smart, and secure.

Leave a comment