...

Third-Party Access

Compared to employee access, the challenges of third-party access (aka, "BYOD" or "unmanaged access") are unique. Embrace unmanaged, third-party access for key business initiatives without sacrificing security, visibility, or control with CrossLink ZTNA.

It's Time to Rethink Third-Party Access

Over-privileged access puts the enterprise at risk.

Third-party vendors and contractors present an increasingly attractive opportunity for malicious attackers trying to gain access to an enterprise. Over-privileged third-party accounts provide an easy avenue for unrestricted access into the enterprise network. By contrast, CrossLink ZTNA follows the principle of "least privilege" to only grant access to what is needed.

"Spend at depth" does not equal better security.

To try to contain the chaos of third-party access, enterprises often opt for an alphabet soup of acronyms as part of their security strategy: VPN, NGFW (next-generation firewall), PAM (privileged access management), NAC (network access control), and others. But this "spend at depth" strategy does not address the fundamental problem. With CrossLink ZTNA, third-party users never have more access rights than they should.

Unmanaged environments should not be trusted.

Third-party vendors are unmanaged environments subject to their own security protocols and practices; an enterprise does not control the security policies of their vendors. As such, these third-party environments should not be trusted. Any access system that does not adhere to this fundamental tenet exposes the enterprise to risk. CrossLink ZTNA ensures that an enterprise-defined security policy is applied on third-party access before granting any access.

Why CrossLink for Third-Party Access

...

Zero-Trust

Uncontrolled third-party access presents an enormous risk to an enterprise. CrossLink ZTNA is zero-trust by definition, meaning that a third-party is denied access by default, and access must be explicitly granted. CrossLink applies zero-trust not just to IP and DNS-based resources, but also to web sites, file shares, and even printers. Unlike other ZTNA vendors, CrossLink protects all enterprise resources and applications via a zero-trust fabric.

Learn more

Device Health Attestation

CrossLink ensures that only healthy third-party devices are granted access to enterprise resources and applications—a critical requirement since third-party vendors are subject to their own security policies and should not be trusted by default. CrossLink gives control back to the enterprise by ensuring that third-party devices meet enterprise-defined security policies both before and during the access lifecycle.

Learn more

...
...

Agentless Deployment

Third-party devices are unmanaged: requiring a third-party to install a VPN or system-level agent is often impossible. ZTNA vendors that require an agent installation are simply unsuitable for third-parties. CrossLink provides a fully agentless option that requires no client installation. Unlike other vendors that require a web browser for agentless access, CrossLink is able to provide agentless access through any application on the device via its AppTunnel technology.

Learn more

Embraces Complex Environments

Third-party environments are often incredibly complex, with all manners of strange proxy/network configurations, security constraints, and device policies. CrossLink is designed to operate within these complex and restricted environments, requiring no elevated privileges to do so. Vendors that fail to fully embrace this complexity open the door to IT support nightmares or, even worst, limit the third-party environments and use cases that can be supported.

Learn more

...

Not All ZTNA Solutions are Created Equal

ZTNA products that fail to address the following criteria are inadequate for third-party access:

 
CrossLink
Other Vendors
Zero-trust access model that prevents unrestricted lateral access within the enterprise network.
?
Zero-trust access applied to all enterprise resources, from IP and DNS-based resources all the way down to a single URL or file share.
?
Fine-grained device health attestation both before and during the entire access lifecycle, ensuring dangerous third-party devices never have access to the enterprise network.
?
Agentless deployment option that requires no client installation or administrative access rights on third-party devices.
?
Agentless deployment option that is not limited simply to reverse-proxy style access over a web browser.
?
Support for complex third-party environments, including complex proxy configuration, restrictive security constraints, and non-standard policies.
?
Cloud-based solution with a globally distributed point-of-presence (PoP) fabric that embraces the global nature of third-party access.
?

Ready to see how CrossLink can transform third-party access?