Leonardo DaVinci was right – about IT security

By Tim Boivin

“Simplicity is the ultimate sophistication.” – Leonardo DaVinci

Long before your IT infrastructure evolved into the complex, overly complicated, perimeterless world of today, the most famous polymath of them all, Leonardo Da Vinci, shared these words of wisdom. His philosophy has never rung so true as it does today. 

Simplicity, indeed, is the ultimate sophistication – especially when it comes to providing secure access for your end users.

Making access to your applications and resources easier – instead of harder – and making that access more secure, challenges even the most advanced IT organizations today. That’s because security has been cobbled together over the past three or four decades as more security technologies and more applications in more locations were tossed into the hybrid enterprise mix – a trend that doesn’t show any evidence of relenting anytime soon. 

Every time a new local application, a cloud app or a web service is introduced into your infrastructure, your IT team must provide secure access to that resource. That is severely taxing for even the most well-resourced IT teams – especially when you take into account that the Cloud Security Alliance estimates the average enterprise deploys 464 custom applications. Complexity is also a challenge even for SMB organizations, whose employees use an average of 22 custom applications. 

To increase your IT security challenges even more, the COVID pandemic accelerated the adoption of legacy security tools, like VPN, and boosted Shadow IT across the enterprise. Today, on average, 56% of an organization’s portfolio applications are of the Shadow IT variety, according to a recent report from Productiv. Your IT team realizes that Shadow IT exists, so they present a risk Donald Rumsfeld would call “known unknowns” – access control challenges that “you think you know, that you don’t know you know.”

The conundrum your IT team faces because of this type of Rube Goldberg-esque complexity is that if they get their access approach wrong, your risk of being hacked ramps up exponentially. Contrary to conventional wisdom in the corporate IT world, installing even more security solutions is not necessarily the answer. In fact, that can and often does make end user access much, much less secure.

Each different access solution you put in place, each port you open to the outside world, increases your attack surface and your risk of being hacked significantly. The more difficult you make it for end users to access the resources they need, the more chance there is that they will find workarounds to get what they need to do their jobs. And those workarounds – including those Shadow IT approaches – open even more holes across your already pockmarked attack surface for hackers to exploit.

The more advanced “known unknown” attacks we’ve seen lately – attacks hackers continue to evolve with even more sophistication – only serve to exacerbate the “known known” vulnerabilities your IT team already fights a constant battle against. 

Yes, there are certain things you want to educate your end users on – the importance of not clicking on suspicious links in emails, things like that. You want to provide the beneficial security training to them that helps your organization’s overall security profile. But what you don’t want to do is put most of the burden of security on their shoulders. And you certainly don’t want to make their jobs even harder. 

If, instead, you make their lives easier – if you give them a better, straightforward access experience regardless of where they come in from, and regardless of the device they use – you will achieve that sophisticated simplicity that DaVinci so admired. And what you may not realize is that you will bolster your security posture along the way.

Does that sound contradictory? It really shouldn’t. A Zero Trust Access approach to access control enables your IT team to paint its own sophisticated, yet amazingly simple, security masterpiece.

How? With a Zero Trust Access solution such as Total Access Control (TAC). TAC includes Single Sign On (SSO) technologies as well as a central portal for easy access to resources for your end users.  At the same time, your security team can inspect every connection to evaluate the end user’s full context – including robust endpoint inspection, credentials verification, device validation, location of the end user and more – prior to granting access to your resources, whether they exist in your local datacenter or in the cloud.  These verifications take place behind the scenes without disruption to your end users experience.

With a Zero Trust approach to access control, each connection to each resource must pass the security policies you have set – not those set by some third party such as a cloud provider – before that access is granted. 

Microsegmentation is also a critical component of a Zero Trust strategy as well. Rather than being given access to your network infrastructure, TAC users are granted access only to the specific resources they are authorized to access, effectively making the users captive within the application resources.  Also, each of your resources can have its own rules for access. This advanced level of microsegmentation allows for variable or even partial secure access to resources, based on the user’s context of access for each request.

A Zero Trust Access solution such as TAC enables your IT team to securely – and seamlessly, in real time, to the end user – evaluate and react to each request for access based on that specific user’s context of access and the criteria you set for those resources. TAC also provides continuous, customized authentication based on the risk presented by the user’s full context – for example, prompting for extra authentication for more sensitive applications, or only allowing managed corporate devices to access the more critical resources within your infrastructure that require enhanced protection.

What does all this mean? You no longer need to put barriers in front of your end users in the name of security.  You can make it easier for them to get access to the resources they need to do their jobs. And you can accomplish all this while improving your organization’s security posture.

With the Zero Trust Access provided through TAC, end users no longer must remember a dizzying array of different passwords for dozens of different applications – credentials that constantly change and may differ based on whether the end users are logging in from the corporate office, the coffee shop down the street, or their living rooms. 

The lives of your end users – and the lives of your administrators as well – become much, much simpler, so they can focus on doing their jobs instead of trying to remember what password works where for which application. Along the way, your security becomes much more sophisticated in its ability to close the gaps across your infrastructure and keep hackers out. 

And that’s an IT security masterpiece that Leonardo DaVinci would be proud to paint.