Zero Trust | How Employees at the Branches of an Enterprise Can Securely Access Internal Resources

With the expansion of business, more and more enterprises have chosen to set up branches around the world; and their employees in different regions can access their internal resources anywhere and anytime. However, problems such as employee identity verification for remote access, endpoint protection in distributed regions, and complex access environment also bring a series of challenges to the security of enterprises. Therefore, many enterprises have prioritized finding appropriate security protection to manage their branches.

Corporate Network Risks at the Branches

1. Inadequate security

   As building a dedicated network is costly, many branches have connected the network through a public VPN. In the traditional architecture, the Intranet is secure by default, so headquarters and branches are connected to the same Intranet that only employees can access. However, this network security architecture is not adapted to modern needs. Exposed service ports make the core business and data of the enterprise vulnerable to external attacks and leakage, which undoubtedly brings many security risks to the enterprise.

   For M&A and collaborative companies, it is difficult to keep the network security management mechanism consistent with the headquarters. Therefore, when the employees need to access the internal resources of the group, they often encounter problems such as employee identity verification, security and reliability of the devices.

   Nowadays, cloud-based business deployment has become critical to promoting enterprises’ digital transformation, and business systems are gradually separating the business system from the Intranet, but the security devices deployed locally by enterprises cannot protect their cloud-based business.

2. Low Access Efficiency

   When branch office employees want to access an enterprise’s SaaS services, the access process is transmitted to the headquarters and then back to the endpoint, resulting in a poor user experience.

3. Maintenance difficulties

   Such problems as a large number of branches disperse across regions, complicated endpoint devices, and employee identity verification for remote access make the access environment increasingly complex, and also cause difficulties in subsequent management and tracing by O&M staff.

In this case, it is difficult for the traditional security protection system to provide comprehensive protection for branches. The application trusted remote access solution (Access) based on the concept of Zero Trust of BaishanCloud suits the rapid business growth of enterprises and the remote office needs of branches. Based on the architecture concept of Zero Trust, BaishanCloud Access builds a trusted access entity that integrates “access end, identity, and application end” to achieve secure, stable, and efficient access to business resources and data, so that users are protected by a very flexible security architecture no matter where they are and what applications they want to access.

So, what advantages does  BaishanCloud Access have in dealing with the above scenarios?

1. Integration with Traditional Security Capabilities

Zero Trust does not overturn the past network architecture but performs “brick sealing” of the upper layer based on the underlying foundation. For example, Zero Trust supports the dual protection by Web application firewall and network firewall to provide DDoS defense, vulnerability attack protection, behavior management audit, and other security services to protect enterprises’ Web applications from attacks.

2. “Hidden” Enterprise Resources

Multiple authentications and authorization verification ensure that only authenticated users can access the enterprise’s business system, thus reducing the exposure of enterprise resources and making them “hidden”.

3. Application Layer Access

For branch employees, enterprises can authorize employees to try the Zero Trust application layer access mode, which only provides employees with access to Web pages without exposing the protocol and port resources; besides, employees do not need to install the client, which improves the user experience and reduces the difficulty of the promotion.

4. Fast Access Speed

Based on BaishanCloud’s “all in one” platform concept, BaishanCloud Access provides a Pay-As-You-Go WAN acceleration service network that improves the speed of remote access by intelligently scheduling proximity access and path optimization algorithms on global edge nodes.

5. Easy Maintenance and Management

The Zero Trust network architecture no longer distinguishes access methods such as corporate Intranet, private line, and public network. Instead, the entire access process is based on the Internet, achieving a very simple network structure. This not only improves network security, but also increases the productivity of headquarters and each branch, and standardizes the access control for users and resources. Meanwhile, BaishanCloud Access provides identity-based access links, so that enterprises can easily maintain and manage branches.

Branches can help enterprises expand their business on a larger scale, but there are many risks in the security protection of branches. To meet the challenges of security risks, poor user experience, and difficult resource control during business development, and to help enterprises’ digital transformation, BaishanCloud Access is released.

BaishanCloud Access provides an identity authentication system, efficient and convenient access method, standardized resource control, reduced IT complexity, and comprehensive security enhancement. In the future, BaishanCloud will continue to explore the Zero Trust security architecture and gradually realize a true “Never Trust, Always Verify” network security architecture.