Companies need to provide their employees with secure access to corporate applications deployed behind the firewall. In parallel, access is often provided to contractors, suppliers, partners, customers or developers. However, this access to internal applications also potentially opens the way for attackers to gain access to the entire network, exposing companies to a wide range of security risks.
A new course for application access?
Regardless of whether applications are hosted in a public cloud or in a private data centre, providing secure access is a challenging task that usually requires extensive hardware and software on site. Typically, solutions such as application delivery controllers (ADC), virtual private networks (VPN) or identity and access management (IAM) systems are used here.
A contemporary alternative to these classic access technologies is a zero-trust architecture, in which access takes place at the application level instead of the network level, so that not all users can access the entire corporate network. Other access management requirements typically include reduced IT complexity, shielding your applications' IP addresses from the internet, and integrating user authentication as easily as possible.
Akamai Enterprise Application Access (EAA) addresses these very issues, helping organisations adapt application access to current requirements while improving overall security. This solution integrates data path protection, IAM, application security, seamless single sign-on (SSO) and transparent management and control into a unified service for all application types: on-premises, IaaS and SaaS. The solution can be implemented in minutes, and onboarding new applications and users is also a breeze thanks to a central portal – and all this at significantly lower costs than classic solutions. The result is a deployment model that creates a zero-trust framework for business-critical workloads in any environment.
Some key benefits of EAA:
- Application-level access instead of network-level access: not all users can access the entire
- corporate network or larger areas of it
- The corporate firewall remains closed to all inbound traffic
- Easy integration of multi-factor authentication into any application with just one click
- Reduced IT complexity thanks to seamless single sign-on, a combination of ADCs, WAN optimisation, VPN and MFA
- No need for internal hardware or network changes such as firewall rules, IP whitelists, etc.
- Users can access applications from any device – without additional software such as VPNs or browser plug-in
- Management via a central web portal and fast and intuitive access to applications with a significantly improved user experience
How does EAA work?
Enterprise Application Access provides secure access as an "as a service" model so you don't have to soften your network protection. Applications are accessed via the cloud, so unauthorised access attempts are stopped remotely from your network. With Enterprise Application Access, there is no direct path to your applications. Instead, they are delivered directly to the user via a secure, mutually authenticated TLS connection to your network or cloud.
An Enterprise Application Access Connector connects to your application server and then dials the EAA service via TCP port 443, which is usually open for outbound communication on most corporate firewalls. No additional hardware or software is required.
The service architecture is based on three basic components:
Data Edge: Forms the data layer between the user and the application while providing data security, application performance and component optimisation.
Management Edge: Provides functions for administration, logging, reporting and configuration. The management and data edges are based on a secure multi-tenant architecture. In addition to the multi-tenant data cloud, you can select a dedicated single-tenant data cloud that can be configured to handle only a single user's traffic.
Enterprise Connectors: Your users connect to the Enterprise Application Access single sign-on (SSO) server via a URL they enter into their browser. To access your applications, they simply need to enter their credentials. You also have the option of integrating existing SSO solutions.
Since there are no connection tunnels, there is also no direct path for malware to sneak into your network and potentially spread to critical or privileged systems. All unauthorised user connections are terminated in the cloud on secure proxies. Reliable authentication and security measures are used. If you need even more protection for all critical applications, you can also integrate your own security measures into the solution. Enterprise Application Access provides end users with fast and intuitive application access. Complaints about poor application performance, VPN connection problems and incompatible devices are a thing of the past. Enterprise Application Access optimises applications and delivers them to users through any browser on any device. And with SSO and intelligent multi-factor authentication (MFA), security is no longer a burden for users and IT departments.
Further resources on EAA:
- Akamai product overview – features, use cases, resources and case studies
- Executive Summary: Providing Simple, Safe Contractor Access to Internal Applications
- Quick start guide – How to set up Enterprise Application Access (EAA) as a first time user
- What is 2FA? Two-factor authentication with EAA
- Download the White paper with the most important key data and features
Interested in Enterprise Application Access?
We can currently offer you a free trial of EAA to suit your existing infrastructure. Just contact us informally. The test is valid for up to 2 applications and 500 users. We will of course be happy to advise you on detailed questions and make recommendations as to which of your company applications are suitable for a test.