Enforce Zero Trust Access
Cloud networks and a mobile workforce are integral to today’s business operations. But these bring with them modern security challenges that demand a layered approach for protection. That approach should include Zero Trust Access: never trust, always verify.
An advanced network implements Zero Trust Access as part of its security posture. You need to ensure that your organization doesn’t associate trust with networks — trust must be established with every connection, every time.
OpenVPN Solutions for Enforce Zero Trust Access
Enforcing Zero Trust Access is an important layer of a good business security plan. You can configure this with OpenVPN Access Server.
- Never trust based solely on the network perimeter. Define identity-driven policies within the Admin Web UI. Then, enforce VPN use in order to access app resources. Isolate those resources such that they can only be accessed through VPN clients, regardless of LAN or remote access.
- Set up strong identity authentication. With Access Server you can integrate with Google Authenticator as well as LDAP/RADIUS/Active Directory, or IDaaS providers such as JumpCloud.
- Define access controls based on user groups. Create these access control lists (ACL) with accessible resources defined by only what they need to access for their work.
- Map roles and departments to ACLs and enforce those at the network level. Our VPN solution works with centralized identity directories.
- Finally, maintain strict control over allowed internet destinations to protect users from unknowingly becoming a risk. Route all client internet traffic through the VPN and then through an external security appliance to enforce destination policies and protect against phishing sites and malware installations.
Enforcing Zero Trust Access is an important layer of a good business security plan. OpenVPN Cloud can be configured to enforce zero trust at the group level.
- Never trust based solely on the network perimeter. Define identity-driven policies in the OpenVPN Cloud administrator portal. Then, enforce VPN use in order to access app resources. Isolate those resources such that they can only be accessed through VPN clients, regardless of LAN or remote access.
- You can prevent lateral movement on your network by setting up strong identity authentication and network-level authorization for access to private services. OpenVPN Cloud provides its own Connect Auth feature that you can use to enforce authentication on every connection attempt. OpenVPN Cloud also integrates with leading SAML identity provider platforms. Your identity authentication policies are further bolstered through group-level access control.
- You can enforce a policy that ensures network resources can only be accessed by users when they are authenticated with a VPN connection. You can map roles or departments to a group access list, and authorization is enforced at the network level.
- Should you need to prevent intentional and unintentional internet misuse on your network and devices, you can enforce narrowly defined access to public destinations using domain names. With OpenVPN Cloud, you can allow access to only authorized internet destinations to lock down access on specific devices, in sensitive departments, or to provide strong protection against malicious links and online threats.