Akamai Diversity

The Akamai Blog

Walk/Don't Walk: Secure, Intelligent Application Access with Enhanced Security Signals

Digital business transformation has meant a continued shift in the way organizations think about secure access. The focus on security has moved away from data centers and toward users. Workforce productivity, flexibility, and application performance are driving the demand to give users cloud-delivered secure access from the edge.

The ability to create robust risk profiles for users, with as much information as possible, is critical. There is a delicate balance between users wanting to access any application, from any location, at any time, and administrators being required to deliver applications securely. A multitude of security signals are required for smarter decisions to allow the users, on any device, access to the correct application, at the right time, safely. However, signals must be meaningful and work together to add additional context for secure application access control.

Walk/Don't Walk crosswalk signs are a great example of this. They are an evolution of what was once thought of as a binary decision -- to walk across the street or not -- and what are now understood to be a larger set of decisions. Such as:

  • How much time before the light turns from green to red?
  • What information do I need to cross the street if I can't read or see the light change?

More signals and inputs are needed to make what was once thought to be a straightforward stop-or-go decision. Previously, many crosswalks simply had a verbal Walk/Don't Walk notification and written directions -- decisions about safety had to be made based on limited security signals.


walk one.jpg

Now, pedestrian signs have additional context such as pictures; a countdown clock showing how many more seconds there are left to safely cross the street; and a verbal countdown, warning, command, or chirping sound. These signals enhance security and provide context based on user attributes. And there are many different signals -- to meet many different users' needs -- that give input into a decision that is more complex and less binary than previously thought.

Just as Walk/Don't Walk signs have multiple signals working together to ensure safe passage, Akamai's Enterprise Application Access provides context. It has the ability to capture user authenticity and identification signals, as well as device security and threat intelligence signals, to allow safe access to corporate applications. Securing access to applications, like crossing the street, needs more signals for better adaptive decision-making -- antithetical to the binary "allow or block" decision-making of the past.

Enterprise Application Access (EAA) is an easy-to-deploy, cloud-delivered service that empowers secure, high-performance access to applications, bypassing the need for network access. It provides secure identity, single sign-on, multi-factor authentication, and monitoring capabilities for applications. EAA enables access decisions based on user identity and contextual signals such as time of day, location, specific URL, and HTTP method, among others. However, it also has device posture capabilities that allow for the capture of device vulnerability signals as well as threat intelligence signals.

walk two.png

A risk profile can be created for users based on these criteria that will assist with secure access decision-making. For example, device vulnerability signals such as OS versions, patches, and endpoint firewall status are incorporated into the user risk assessment. Additionally, threat intelligence signals about device compromise status can be collected from Akamai's Enterprise Threat Protector (ETP). Lastly, threat signals such as whether third-party endpoint detection policies have been enabled, like those from Carbon Black, are also captured. This risk assessment information enriches existing context and delivers more intelligence for enhanced secure access to corporate applications.

Furthermore, all of these signals -- user identity, context, device vulnerability, and threat intelligence -- are incorporated into a risk assessment database. This information can then be used to create rules and policies. Users can be categorized as low, medium, or high risk, giving administrators the ability to finely tune application access rules based on user context.

Assessing users based on risk profile allows administrators better and more granular control to ensure security requirements are met before application access is granted. Administrators can further simplify intelligent access decisions with risk assessment device tags. Rules can be written to classify a set of devices with a defined set of requirements into a specific tag.

walk three.png

These safeguards can also enhance workforce productivity and application performance for end users. Employees can be categorized into set groups that seamlessly allow access to the applications they need, wherever and whenever they want to work.

To learn more about Enterprise Application Access, Akamai's cloud-based secure access solution delivered at the edge, go to www.akamai.com/eaa.

walk four.png

Leave a comment