Cyolo: Delivering Seamless Zero Trust Access
The industrial control system (ICS) / operational technology (OT) security community is seeing attacks that go beyond traditional attacks on enterprise networks. Given the impacts to ICS/OT, fighting these attacks requires a different set of security skills, technologies, processes, and methods to manage the different risks and risk surfaces, setting ICS apart from traditional IT enterprise networks. This is what Cyolo is pioneering. Cyolo deliver seamless zero trust access to all assets for all users within an organization – third party, remote, onsite – without the fear of introducing cyber risks to the network. “Third-party vendors and workers who access critical systems are likely a small subset of your overall user base, but they generally pose the greatest risk. The good news is that ensuring their ability to access applications securely will give your organization the biggest security boost. This is precisely why Cyolo recommends beginning your zero-trust journey by focusing on high-risk users.”
In a nutshell, Cyolo is a next-gen zero-trust access platform with a focus on ease of use and ability to protect entire organization. Transform secure access strategy with an agentless solution that can protect all applications natively – and simplify existing workflows for users and admins. Cyolo provides the only true Zero Trust solution for OT systems, ensuring secure, frictionless access for employees as well as third party users like contractors and maintenance teams.Special features, including supervised access and session recording, allow all activity to be approved, monitored and even recorded and audited to ensure complete visibility as well as regulatory compliance. The Cyolo solution also enables secure, zero trust access to isolated or offline networks, which is critical in OT and IIoT environments. Finally, because no customer data ever leaves the customer’s own sensitive environment, there’s no risk of exposure – either accidental or malicious.
Enabling Secure Connections
The logistics of forcing a third party to comply by own security controls and processes are simply unmanageable. In addition, businesses most likely do not have the right to require vendors or contractors to install security applications onto their devices instead of using the security measures they already have in place. Some organizations solve this scenario by sending managed corporate devices out to third-party users, but this is a costly and difficult solution. Many others depend on virtual private networks (VPNs), but these are inefficient and have serious security shortcomings. This leaves businesses looking for an affordable secure access solution that can easily be implemented for third-party users and high-risk internal employees.
Identity-based zero-trust access is the best way to enable secure connections for high-risk users. By definition, ZTNA enforces least privilege access whether or not users are internal or external and whether or not they’re using managed or unmanaged devices. Simply put, every user is verified according to their identity and then granted access to only the necessary applications, with no access ever given to the network itself.Still, it is important to recognize that many ZTNA providers require their applications to be downloaded on every device, which is problematic for third-party users. Cyolo avoids this issue with its agentless-first approach. Unlike other ZTNA products, the Cyolo platform can be easily accessed in the user’s web browser using on-prem, native, or cloud clients.
Supervisory Controls
Cyolo also differs from other zero-trust access tools in that it provides supervisory controls that can be applied to specific high risk critical applications and third-party users. These capabilities include real-time monitoring and live session recording, which are essential for auditing purposes as well as many compliance mandates. Another key feature offered by Cyolo is supervised access, which requires users to request access from an administrator before connecting to sensitive systems or applications. Once approval is granted, the admin can interact with that user’s session and terminate it immediately if unusual activity is suspected.
Migrating high risk users from VPNs and other traditional access solutions that provide full network access without any real-time monitoring will dramatically reduce an organization’s attack surface. Once these users are connecting via secure, identity-based zero-trust access, organizations can move on to step 2, securing access for remote users.
Cyolo empowers organizations to first strengthen the security features of their VPN with identity-based Zero-Trust Network Access (ZTNA) and then, when they are ready, to turn off the VPN altogether. Since Cyolo does not require change management, it is quick and easy to stand up this additional layer of security to support your existing remote connectivity solution. During the VPN-augmentation period, the Cyolo platform will enable not just multi-factor Authentication (MFA) but also continuous authorization of all users, based on identity. In addition, Cyolo delivers users directly to applications, not to the full network. This adheres to the zero-trust principle of least privilege access and significantly limits the potential attack surface for bad actors. The Cyolo identity access controller (IDAC) is an an application connector that connects remote workers to the applications they need. The Cyolo IDAC supports any application protocol and can be implemented on-prem or in a cloud provider, like AWS or Google, and can be deployed anywhere, even without internet connection.
Identity-Based Zero-Trust Access
The overhead to manage and deploy the Cyolo platform is much simpler than a VPN and doesn’t need firewalls, VPN agents, licenses or credentials. VPNs played a pioneering role in the history of remote access, but they were never intended to support entire organizations or ensure the level of security that modern businesses demand. Today, identity-based zero-trust access is the best way to allow remote users to connect to the resources they need seamlessly and securely.
A gradual transition from VPN to ZTNA, possibly even including a period when the two run side by side, will reduce pressure and allow stakeholders to see the security benefits of identity-based access before turning the VPN off once and for all. At this point businesses will be ready for the third and final step of Cyolo’s recommended zero-trust journey, securing hybrid and on-premises users.
Since opening its door, Cyolo has been a pioneer in delivering cutting-edge cybersecurity solutions to a range of customers around the globe. Today, the company envisions to expand its footprint, while delivering innovative offerings that could redefine the way cybersecurity works today.