Read Zscaler for home workers here.
APN Cloud Security with URL filtering
Whether using a private APN, shared Internet APN or a data bundle, using GSM data for companies’ users to access the Internet and private applications is both hugely beneficial and simultaneously a high risk in both cost and security.
In November 2019 a single company user managed to spend R400 000 on their company mobility data sim proving again the serious risk of out of bundle usage in mobile data solutions. And today, the easiest way for hackers to find a way into the corporate network is to target the company user when they are connected to the Internet while outside the company’s secure perimeter.
Historically, large enterprise companies have turned to paying for analytical software that helps identify the user and manage or even limit their usage on GSM. These products have done well at providing much-needed transparency and post usage insight on individual usage allocation especially in private and shared APN services, but today are not doing enough to provide pro-active usage controls (l7) and equally important security.
The theory of “prevention is better than cure” can only be attributed to solutions that are able to manage user application level Internet access based on a GSM usage policy while simultaneously protecting that user from growing Internet threats when they are not behind the company’s network firewall. One could therefore argue then that the ideal mobility management capability would be a combination of user analytics and management tightly coupled with Internet usage policies and security.
URL Filtering for APN’s
In additional to, or as a replacement of analytics, companies need to build and enforce pro-active Internet usage policies for GSM data. This can be done by forwarding all APN traffic to a cloud based secure gateway, or by deploying an agent on the end point which forwards all device traffic to the secure web gateway.
These secure cloud getaway policies include URL filtering and Web 2.0 and can reduce the risk of network abuse or excessive spend dramatically. And while companies deploy these services to reduce risk, it inadvertently reduces APN data spend by as much as 50%.
Mobile security for APN/GSM
In addition to enforcing usage policies, secure cloud gateways deliver enterprise level security to users when they are outside the company network. Security includes ATP, SSL Inspection, AV, Malware, File Controls, Web application control and even DLP, sandboxing and L7 firewall.
Gartner’s SASE model advocates that with increasing mobility and cloud application delivery network access and security needs to move from the network to the end point. This is achieved through globally available, multi-tenant, cloud security architectures.
Forwarding all APN traffic to cloud security gateways or using an end point agent will eliminate Internet threats for mobile users.
Direct to Internet APN’s
For companies that have selected an Internet facing APN, locking down the APN to avoid abuse is critical. This can be done by blocking all ports on the APN except for the secure web gateway ensuring your Internet requests will be driven through the usage policy and will be simultaneously protected from Internet threats.
An option also exists to then seamlessly and securely connect to your companies’ private applications in their DC and directly in Cloud on a Zero Trust basis. This eliminates clumsy and direct to DC only VPN solutions in favor of a direct to multi cloud and DC approach.
Cloud secure gateway solutions today offer a holistic approach to managing APN abuse, while providing much needed Internet security and connecting users to private and cloud-based applications.
For more information contact Stuart Hardy.