Bryan Embrey

-March 22, 2019

Zero Trust Secure Access for Hybrid IT


Significant market and technology trends continue to define the new landscape of hybrid IT as users access resources in both public and private clouds as well as the data center. These trends include:

  • A mobile workforce accessing corporate resources from a variety of mobile and/or IoT devices
  • Multi-cloud application migration, though some applications remain in the data center
  • An expanded attack surface susceptible to increasingly sophisticated malware
  • An ever-changing and increasingly amorphous network perimeter


At the same time, enterprises need the ability to see what’s on the network – who is connecting, what is the state of the device connecting, where, when, and how are they connecting – all with compliance being top of mind. The good news is, when companies take a strategic approach, they can deploy technologies that will keep their security profiles ahead of the game in 2019 and beyond.

Hybrid IT Challenges

  • Visibility: A myriad of devices presents visibility challenges as it’s important to know both what is on the network and what is not on the network. It’s critical to know information like device parameters, OS version, and applications being accessed to reduce the chance of threat actors accessing your network.
  • Compliance: With the influx of devices connecting to an enterprise’s network, compliance issues get raised. One concerning fact from the mobile world: only 29% of Android phones are on the latest OS while only 3% of these are on the latest patch — leading to the possibility of data leakage, or worse an outright breach.
  • User Experience: It’s simple: when security is hard to use, people will find a way around it. This leads to potential data leakage or loss, and stolen credentials. Multiple login and access points become problematic and stand in the way of user experience and thus security.
  • Scale and Reliability: Enterprises must be able to scale security solutions without infrastructure issues — issues around things like load balancing can hinder the delivery of applications to users. Infrastructures must be able to handle heavy loads.


What about IT Operational Challenges?

  • Disparate Toolset: IT teams tend to have a multitude of solutions at hand, creating security gaps due to the varying levels of controls within these tools.
  • Susceptible to Threats: Unauthenticated users, devices, connections, and security states mean resources are vulnerable to security threats.
  • Hard to Manage: Cloud and app dynamics, like connecting or removing users quickly, becomes hard to manage with those same disparate toolsets.
  • Tough to Adapt: Complex integrations, where resources are spread across cloud and the data center, can result in an IT nightmare.


Solving These Challenges

It’s Pulse Secure’s primary mission to provide users, devices, and things with secure and seamless connection to hybrid IT regardless of where applications or users reside. We accomplish this with Zero Trust Secure Access – encompassing a single user client, unified policy and compliance, centralized visibility, a single pane of glass for management and analytics, and of course, a solution that is flexible, scalable, and reliable.

Below is a typical deployment our customers implement today. This illustrates our Zero Trust model that validates users and devices, controls access through policy, and protects data transactions.


Pulse Secure Zero Trust Methodologies

  • Verify User: With Single Sign-On (SSO) and multi-factor authentication (MFA), we ensure that all users are authorized before connecting.
  • Verify Device: From a device standpoint, we enable host checking and location awareness to validate the device before it connects.
  • Protect Data: Technologies like Always-On and On-Demand VPN along with Per-App VPN tunneling ensures every transaction is encrypted to reduce data leakage and increase security compliance.
  • Control Access: We control access to the data center, cloud and SaaS with centralized policy management, ensuring users are accessing only the appropriate resources they’re entitled to.


But Wait, There’s More: Software Defined Perimeter Extends Zero Trust

Zero Trust takes an approach of ensuring authentication is established closest to the resource before the connection is made — and at the same time makes sure there is policy access for a user and device.

So where does SDP come in? Pulse SDP enhances Zero Trust by centralizing the authentication and policy deployment processes, strictly governing which users and devices can access applications. This separation of the control and data planes ensures scalability, performance, and flexibility.  It also reduces the attack surface by providing per-application network segmentation and direct access to applications. Access to cloud applications, like Salesforce or Office 365, is quick, direct, and efficient – no VPN is established, reducing network bandwidth and traffic.

Pulse SDP also offers extensive multi-factor authentication and authorization options, ensuring users, their devices, and the applications they access are continuously verified before – and during – the session. Access responsiveness is improved, too: Pulse’s Optimal Gateway Selector technology ensures that users connect to the best access gateway with performance to expedite  application delivery.

Finally, Pulse Secure is the only vendor to offer dual-mode VPN and SDP functionality.  This provides enterprises a single pane of glass to manage secure access and gain operational visibility across public and private cloud and data center applications. Pulse SDP is offered as a licensed component within the Pulse Secure product suites –  and as you can see below, a software upgrade to existing deployments makes it possible to enable Pulse SDP.

Find out more about Pulse Secure’s Zero Trust and SDP solution by registering for this webinar: Dual Mode Secure Access with What, Why, and How to Leverage VPN and SDP.

Check out more resources on Pulse SDP™:

Pulse SDP Blog

Pulse SDP Press Release

Pulse SDP Datasheet