Greg Keller, CTO at JumpCloud talks about how in order to respond to the global shift to remote work, IT admins should eliminate antiquated IAM and directory challenges and provide end-users with secure and easier access to IT resources through a domainless enterprise approach.
COVID-19 has altered the IT landscape – immediately and forever. Because the pandemic has forced millions of people to work from home, IT organizations have been put to the test to ensure their organizations can keep running. For many, the challenge of dealing with a ‘new normal’ is creating opportunities for new ways of thinking and approaching IT. In fact, manypredict the acceleration of the domainless enterprise due to the pandemicOpens a new window .
The term “‘domainless enterprise†may be new to some; others have connected it to the concept of zero trust, though with some key additions. Essentially, a domainless enterprise is one that doesn’t require a user to connect to the domain controller to control and authorize access to corporate resources essentially. Rather, end users simply connect directly to whatever resources they need – whether in the cloud, on-prem, or remote.Â
As with zero trust networks, each transaction is treated as its own atomic unit, verifying the user’s identity and role, the device’s posture from which the access request is coming, ensuring the network is trusted, and authorizing access to an end resource (whether an application, data, or server, etc). But unlike zero trust networks, VPNs or access gateways aren’t required. In short, IT adminsOpens a new window can eliminate an antiquated approach while simultaneously providing end users with easier access to their IT Resources.
Learn More: Cloud Security: What Every SME Needs To Know
The Domain-Bound Model
Traditionally, IT environments have been built on the concept of a ‘domain’, which was generally patterned after a physical environment. A user would enter the office and connect to the network. Once inside the building and the network, that user would have access to authorized IT resources. Remote employees would need to deploy a VPNOpens a new window client, essentially establishing their virtual presence and connecting to the network. Of course, this approach worked well when everything was on-prem and Windows-based.
As the IT landscape has changed with web applications, mobile technology, infrastructure-as-a- service, diverse operating systems, and, now, ubiquitous remote work, IT organizations have outgrown the concept of the domain. IT admins are seeing this first-hand during the global pandemic. Their end users are now forced to VPN into an empty network, just to essentially authenticate their system and update passwords and policies. Their IT resources are web applications such as Salesforce, GitHub, Slack, and thousands of others; cloud servers hosted at AWS or Google Cloud Platform; data stored in cloud storage platforms; and more. Workers are accessing all of these resources from the confines of their homes or remote work locations, not their office. Often there is no reason to virtually access their on-prem network and, of course, many aren’t allowed to physically be there anyway.
Learn More: Embracing Open Standards: Why We Must Work More Like Cyber Attackers to Beat ThemOpens a new window
The Domainless Model
The domainless enterprise embraces the present moment in IT. Rather than forcing users to VPN into their on-prem network, the domainless approach enables end-users to directly access the resources they need. Every step of the access process is meticulously verified to ensure security and trust. In some domainless enterprise implementations, end users can access resources without the use of passwords and do so in an entirely frictionless manner. With the advent of new authentication approaches, going passwordless can be far more secure than traditional password-based methods.
Regardless of the authentication protocols being used, the domainless enterprise process includes the following steps:
â— Start with the user. Verify that the individuals really are who they say they are. In domainless environments, this often leverages two factors because the physical location of a user in an office may not be available or reliable.
â— Make certain that the device is secure and trusted. This process can include verifying that the device belongs to the organization, has the proper security policies, and has only the proper (and up-to-date) software on the system. Because the system is the conduit to a user’s IT resources, ensuring that it is secure and uncompromised is paramount.
â— Ensure that the user traverses the network security to access the target ITresource. Essentially, the domainless enterprise approach looks for transport layersecurity (TLS) or point-to-point secure tunnels to protect the transport of data back and forth between the user’s device and the IT resource being utilized.
â— Authenticate and authorize each IT resource. Take this step for resources includingapplications, files, and servers. Each individual resource should be tightly controlled toensure that only the right people have the right levels of access. This is the ultimate goalof the network.
Learn More: Â How to Securely Scale Insider Threat Management Without Putting Data at Risk: CTO ViewOpens a new window
Wrapping UpÂ
Traditionally some of these steps were accomplished by the domain controller and the fact that IT resources were inside of the protected network enclave. Of course, today that isn’t true, but many have not been able to completely transition to this new domainless enterprise approach because of their core infrastructure elements.
Perhaps the most critical element is the identity provider which controls access to IT resources and verifies that users are who they say they are. Modern identity providers are also deeply involved in ensuring that systems are protected and can serve as a secure gateway to IT resources. Further, a modern IdP also helps secure network access and provides control over the IT target being accessed. These next-generation directory solutions work in the cloud without any resources on-prem, yet control the entire domainless enterprise.
There’s no doubt that the world has changed permanently. The question now is how will IT organizations adapt to the next generation of digital networks and environments. The domainless enterprise is a core, foundational approach that enables a frictionless end-user experience – while being easier for IT admins to manage and dramatically more secure.
Comment below to let us know if you liked this article or tell us on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!