File Access the Zero Trust Way
Accessing Windows & Linux file shares securely without the VPN
Remote file access has always been a major use case for enterprise IT. In the 20th century (yes last century!) when VPNs were invented, they were used to solve pain points associated with offsite workers having to copy files from onsite computers to offsite. At the time floppy disks, CDs and USB sticks were the leading-edge technologies of choice.
Fast forward to today. Along with the dramatic increase in offsite workers, different file sharing problems have arisen: tracking changes, preventing data leaks, BYOD devices accessing corporate files etc. Companies like Box.com or Dropbox.com focus on solving these problems. While they do solve certain pain points, there is a trade-off: corporate files/data must be moved to their cloud.
Windows and Linux file shares are still used in many enterprise workflows. But do they have a place in today’s modern zero trust solution architectures? After all, out of box, they have several issues that conflict with zero trust concepts:
1- VPN required: In order to facilitate access to file shares, a solution usually needs to have a VPN. Just like last century! VPN is an antonym for zero trust.
2- No MFA support: As a legacy technology, access to file shares is not secured by modern MF authentication mechanisms out of the box.
3- Access is permanent: Once the VPN connection is established, the access to the file share is permanent and untethered. A user will be able to access the files but so will ransomware if the PC is infected.
4 – BYOD/BYOPC and 3rd Party access issues: Allowing access from unmanaged devices, devices that are not corporate owned or managed e.g. BYOPC or contractors/affiliates and their devices, is a recipe for disaster. Data leak disasters, ransomware infections etc.
With TransientAccess, we implemented a true zero trust solution architecture for accessing Windows & Linux file shares, something unique in the market.
The basic solution architecture is outlined below. This architecture is not specific to file sharing and suitable for any other access scenario.
With TransientAccess, access to file shares is zero trust because:
1- No VPN is Required. While accessing the file share, even IP address or hostname of the file server are hidden to the users.
2- Built-in MFA Support. If an enterprise doesn’t have a modern IdP that supports MFA, TransientAccess has built-in support.
3- Access is Transient (i.e. Temporary). TransientX networks are application networks that are built and dissolved on demand, as opposed to VPNs. Even the data (i.e. files transferred to the accessing device) can be temporary if admins choose that configuration option.
4- BYOPC and 3rd-Party Friendly: Access to the network, shares and file data is temporary and not broad. Even if the PC is infected with a ransomware, shares wont be visible to the ransomware but only to the file manager.
5 – Zero Friction Solution: Security is delivered without compromising usability. TransientAccess also simplifies the use of file shares for end users as well as administrators. From IT teams’ perspective, the solution can be implemented in as little as 30 mins. From the end-user’s perspective, there is no need for advanced training on how to access file shares. It is as simple as logging into a web based portal and clicking on a link.
Below is a video of how it works from the end user’s perspective:
With TransientAccess, even a legacy use case like Windows file shares can be easily implemented in a zero trust way! Additional security comes hand-in-hand with enhanced usability. It’s simpler to use Windows file shares with TransientAccess.
Ready to try for yourself? Contact us.