As many organizations are discovering today, it can become very costly to expand VPN licenses, especially on little or no notice. That leads to shortcuts, where a temptation is a one-size-fits-all approach that groups everyone together, or segments them into far-too-broad permission categories. That leaves a gaping hole across your attack surface. Also note that right now phishing attacks are up dramatically over the past 30 days, so hackers are increasingly getting valid credentials to attack organizations with their own usernames and passwords.
But ask yourself: If your end users were on site, would you want them to have access to everything, anyway? The answer, or course, is no. And that’s where the nightmares of managing all these permission levels for VPNs becomes even more grave.
TAC takes a much more effective approach. It examines a person’s entire context of access and takes that into account when examining the remote access request. TAC’s multi-dimensional context of access enables organizations to:
- Validate user’s credentials
- Use multifactor authentication
- Verify the user’s type of device and the security status of that device
- Confirm that patch levels are up to date
- Validate certificates
- And much more
From there, TAC compares the access request to the organization’s own security policies for each resource, and then provides access to only those resources for which the end user has the proper permissions. TAC also makes it much easier for the end users by providing Single Sign-On (SSO) to resources regardless of whether they are locally based or hosted in the cloud.
