Securing the Corporate Intranet with Access Policy Manager
Fire doors are used to minimize damage to a structure during a fire. In the event of a fire, a central monitoring system will trigger the release of the doors isolating flames and smoke at the epicenter of the disaster while protecting adjacent sectors. While most of our office buildings are built in this fashion, corporate IT environments are largely built like multi-story stick-built mansions with no segregation mechanisms. Someone playing with fire in the tool shed can bring the entire house to the foundation. Does your infrastructure have any such safety net?
When engineers hear ‘VPN’ or access management, they think of a device that sits on the edge between the corporate intranet and the Internet. All too often, internal corporate traffic is allowed to bypass these barriers and access corporate resources directly. While there may be authentication mechanisms protecting these services, it is almost impossible to secure them all without placing some barrier between them and the users. Enter APM.
APM is well suited as a demarcation point not only for access from the Internet, but also from the corporate user space. In any organization, users are inherently your largest security risk. Whether a user is accessing the intranet from a non-corporate sponsored machine from their house or a workstation in their cubicle, they should be expected to adhere to the same security standards.
In a “flat” security model, all corporate users can see any resource (even if it is just a login page) whether or not they meet the authorization requirements. Is there really any reason why John in product development should ever be able to see the corporate payroll system? Even if he can’t access the information, he can still see it. That means if John’s workstation is compromised, an attacker may be able to use his access to execute an exploit against this system thereby gaining access to precious corporate information. This may be a far-fetched example, but such things have happened and in many cases they’ve made major news headlines. This is not the kind of press any large corporation wants.
In terms of physical security, we can use APM to ensure that every packet that is exchanged between our user subnets and the secure corporate space is encrypted. This protects any insecure data from being compromised by an eaves dropping attack and does so at a fraction of the cost of fiber.
If properly implemented, Access Policy Manager should not present any hurdles to the end user. In fact, with single sign-on (SSO) credential mapping features, APM should actually improve user experience. This means when Joan in human resources logs into her Edge Client in the morning and receives her session for the day, APM will cache her credentials. She won’t have to type her credentials every time she access the payroll system because APM will enter them for her.
The end result of securing your corporate resources with APM is increased security for your environment and improved accessibility for your users. While nothing can protect against every potential security breach, APM can go a long way in ensuring that a single attack will not bring your organization to its knees.
