Zscaler Blog
Get the latest Zscaler blog updates in your inbox
SubscribeWhy and How You Should Secure Third-Party Access to Apps
In response to today’s sophisticated threat landscape, organizations around the world are prioritizing cybersecurity more and more. However, these organizations often overlook a critical part of the picture when it comes to bolstering their security postures and reducing risk.
When organizations think about cybersecurity, they tend to think of securing their workforce. While this is important, it isn’t just internal users that access their IT applications—there are also third-party or B2B users throughout the supply chain who have legitimate reasons for connecting to corporate apps. Examples of these external entities include channel partners, technology partners, vendors, customers, and more.
Why you should secure third-party access to apps
Extending app access to third parties enhances interorganizational collaboration and allows organizations to operate more productively. However, B2B access also exposes organizations to increased risk.
Naturally, allowing a third party into your environment means that their security posture is going to impact your security posture. That is, if their organization doesn’t do the best job of preventing cyberattacks, then it is more likely that they will bring threats with them into your ecosystem. But even if that is not the case, and a B2B partner has an immaculate security posture, one of their users can still cause damage either maliciously or carelessly.
How not to secure third-party access to apps
Historically, organizations have used a few go-to methods in an attempt to provide secure access to third parties:
- Site-to-site VPNs can offer network connectivity between the office locations of separate organizations so that their resources can be accessed by each other’s users.
- Server-to-server connectivity involves leveraging the internet to provide third-party access to EDI and ERP servers.
- Traditional “supplier portals” provide a consolidated interface that offers access to multiple applications via the internet.
- Backend application access via API (application programming interface) offers yet another way for third parties to interact with IT resources.
Unfortunately, these “solutions” create more problems than they solve. That’s because they are underpinned by the philosophical assumptions of what is known as castle-and-moat security (you can read more about this architectural approach here). So, what are these problems?
- They expand the attack surface: The above tactics entail the use of inbound demilitarized zones (DMZs), open firewall ports, and apps and servers that are exposed to the internet. But this does more than facilitate access for business partners—cybercriminals can also traverse the web and find these entry points into the organization. This gives them an attack surface that they are all too eager to assault.
- They enable lateral threat movement: Castle-and-moat methodologies are intended to defend access to the network. But once an attacker gets past the moat (the secure perimeter) and into the castle (the network), it means they overcame the organization’s primary defense. As a result, they can move laterally, across the connected IT resources within that network, and expand the reaches of their breaches.
- They increase complexity and cost: Building hub-and-spoke networks and castle-and-moat security architectures is a complex endeavor that involves expensive labor and countless costly appliances. Additionally, the ongoing management of these complex environments is a massive undertaking that requires significant amounts of time from administrators and, as a result, continuously leads to extensive overhead costs.
Organizations around the world have been grappling with these issues for decades. Clearly, the status quo must go.
How to secure third-party access to apps
Unlike traditional tools built upon perimeter-based architectures, zero trust is ideal for extending secure app access to B2B partners. That’s because zero trust is a distinct architecture that is based upon the principle of least-privileged access, whereby users get access only to what they need and excessive permissions are avoided. This approach is ideal in manufacturing, banking, consumer goods, and other industry verticals where there are complex supply chains and third parties regularly accessing IT resources.
Zscaler for B2B
With Zscaler, organizations get zero trust architecture delivered as a service from the world’s largest inline security cloud, the Zscaler Zero Trust Exchange. To put it simply, Zscaler acts as an intelligent switchboard to provide secure any-to-any connectivity in a one-to-one fashion that does not extend the network to anyone or anything. Embracing this architecture and departing from the traditional castle-and-moat model of security allows organizations to securely facilitate B2B app access. With Zscaler, you can:
- Minimize your attack surface: Zero trust eliminates the need for inbound DMZs, firewalls and their open ports, and the exposing of apps, servers, and portals to the public internet. Instead of allowing inbound connections, you can leverage inside-out connections and hide your IT resources behind a zero trust cloud.
- Prevent lateral threat movement: Unlike castle-and-moat architectures and legacy tools that extend access to the network as a whole, zero trust architecture provides direct-to-app connectivity. That means attackers, third parties, and internal users are unable to abuse network access to reach resources connected to that network.
- Decrease complexity and cost: Embracing cloud-delivered zero trust means retiring yesterday’s tools and the perimeter-based architectures they presuppose. As a result, you can avoid the complexity of hub-and-spoke networks and castle-and-moat security models, drastically reducing both hardware costs and management overhead.
To learn more information about Zscaler for B2B and how it can help your organization secure third-party access, visit our webpage here.
Or, if you would like to hear more about zero trust architecture in general, register for our webinar, “Start Here: An Introduction to Zero Trust.”
Was this post useful?
Get the latest Zscaler blog updates in your inbox
By submitting the form, you are agreeing to our privacy policy.