ARTICLES

Manage and Scale Network Access with Zero Trust

Every company today is a software company. Smaller organizations might outsource development to dedicated firms, while large enterprises might employ dozens (or more) of full-time engineers and developers. Regardless of company size and resource availability, even non-tech industries like financial services, retail, and healthcare are building both internal and customer-facing apps at such a rapid pace that it’s hard to decouple software development from the core business. A retailer or restaurant that doesn’t have an online ordering app? So 2008. A car dealership without an app for scheduling service? Which other dealerships are nearby? A sales rep who can’t access the customer/prospect database from France or Fiji or...their living room? Just try deploying that monolithic piece of locked down software in 2020.

Businesses run on software. Between collaboration platforms and databases, project management and HR tracking tools, applications are organizations' lifeblood. Users need unfettered access to the apps for which they are authorized, regardless of time of day, geographic location, or device in use. The key here, though, is the authorization piece. Especially given the remote nature of today’s workforce, it’s imperative for organizations to ensure that only legitimate users can access the applications they need and for which they are authorized, thereby preventing unauthorized access, misuse, data loss, or system disruption.

However, between remote workers, hybrid environments, ephemeral cloud and container instances, DevOps deployment cycles, and more, providing the right level of access to the right users is highly complex. Without a fixed perimeter, and the definition of “insider” changing every day, the only way to properly manage access is through a zero trust security model. Implementing zero trust means that only authorized and verified software and users can communicate on the network, governed by the principle of least privilege access, and that every access request is analyzed prior to successful connection. True zero trust implies that controls are set at every layer, from data up through application.

Zero trust across hybrid environments

Odo Security, a startup out of Tel Aviv, Israel, was founded to support zero trust network access across hybrid architectures and in companies building, deploying, and supporting access to hundreds—if not thousands—of applications daily. The idea behind the technology, said Or Zilberman, CEO and Co-founder, was that “network access must be simple and secure but able to respond to the demands of the modern business. People need to connect from anywhere, on any device they choose, without exposing resources and increasing risk. That can only be done through zero trust.”

Odo’s access control platform is built to support large, agile environments. Instead of applying policy at the device level, which is common with many of the well-known zero trust identity and access management platforms on the market, Odo moves the control plane and data plane to the cloud. Because there is no overlap on the endpoint, Odo is complementary to many endpoint IAM providers’ solutions, thus providing an additional layer of security.

Deployment

To deploy, organizations need only set up a Docker container and connect to the Odo cloud. The next step is for admins to add internal assets and applications, like Active Directory, PostgreSQL, or Jenkins to the platform. This can be accomplished in just a few clicks. Next, admins specify which users have access to which assets. User provisioning can happen in Odo or through the customer’s preferred identity provider. While the latter takes a little extra time on the front end, if an ID solution is already deployed in the customer environment, new users will be added to the system when a request is first seen or through an automated sync.

From the user side, deployment is seamless; once configured, user requests are routed through a controller, which is configured to administer the organization’s desired access policies including role-based access control and privileged access management. Because the platform is predicated on zero trust, users are only permitted access to those assets for which they are provisioned, and only after successful verification, thus mitigating risk of lateral movement and full network access.

On the back end, admins receive alerts on suspicious activity and can instantly block potentially harmful activity. And since every user request flows through the software-defined perimeter gateway controller, admins have an audit trail of all activity, including executed commands, fully recorded sessions, and queries. Importantly, user data collected and processed through the Odo platform is encrypted in transit and at rest, which means that data is never exposed.

Protecting the business

In today’s world, any disruption to business-critical applications could result in loss of productivity, revenue, and ability to meet customer demand. Software and network services are the coveted “crown jewels” of the modern organization, and they therefore require the highest level of protection security teams can provide. Zero trust is the framework upon which today's most capable solutions are built, and layering tools and techniques that enforce zero trust at every point—at the endpoint, during communication, upon access request—is a solid strategy for success. Odo offers a reliable piece of the zero trust network access puzzle, and their technology is definitely worth a look.