Compared to employee access, the challenges of third-party access (aka, "BYOD" or "unmanaged access") are unique. Embrace unmanaged, third-party access for key business initiatives without sacrificing security, visibility, or control with CrossLink ZTNA.
Over-privileged access puts the enterprise at risk.
Third-party vendors and contractors present an increasingly attractive opportunity for malicious attackers trying to gain access to an enterprise. Over-privileged third-party accounts provide an easy avenue for unrestricted access into the enterprise network. By contrast, CrossLink ZTNA follows the principle of "least privilege" to only grant access to what is needed.
"Spend at depth" does not equal better security.
To try to contain the chaos of third-party access, enterprises often opt for an alphabet soup of acronyms as part of their security strategy: VPN, NGFW (next-generation firewall), PAM (privileged access management), NAC (network access control), and others. But this "spend at depth" strategy does not address the fundamental problem. With CrossLink ZTNA, third-party users never have more access rights than they should.
Unmanaged environments should not be trusted.
Third-party vendors are unmanaged environments subject to their own security protocols and practices; an enterprise does not control the security policies of their vendors. As such, these third-party environments should not be trusted. Any access system that does not adhere to this fundamental tenet exposes the enterprise to risk. CrossLink ZTNA ensures that an enterprise-defined security policy is applied on third-party access before granting any access.
Source: Gartner — Market Guide for Zero Trust Network Access (2019)
ZTNA products that fail to address the following criteria are inadequate for third-party access:
CrossLink |
Other Vendors |
|
Zero-trust access model that prevents unrestricted lateral access within the enterprise network.
|
|
?
|
Zero-trust access applied to all enterprise resources, from IP and DNS-based resources all the way down
to a single URL or file share.
|
|
?
|
Fine-grained device health attestation both before and during the entire access lifecycle,
ensuring dangerous third-party devices never have access to the enterprise network.
|
|
?
|
Agentless deployment option that requires no client installation or administrative access rights on third-party devices.
|
|
?
|
Agentless deployment option that is not limited simply to reverse-proxy style access over a web browser.
|
|
?
|
Support for complex third-party environments, including complex proxy configuration, restrictive security
constraints, and non-standard policies.
|
|
?
|
Cloud-based solution with a globally distributed point-of-presence (PoP) fabric that embraces the global
nature of third-party access.
|
|
?
|