In the past year, IT services have gone through a world of change. There are more remote workers, hybrid work models, cloud services, and mobile devices. It is finally safe to say that the classic perimeter no longer exists. In fact, you might go one step further and say that identity is the new perimeter.
The ability for end-users to access any applications from any device from anywhere has put securing identities and their access privileges near the top of any Zero Trust security strategy. But the term “identity” does not just apply to the user. It also applies to the device that is used to access corporate services and data.
Infinipoint and Netskope have partnered to enable the application and enforcement of a true Zero Trust user and device access policy. The joint solution integrates Infinipoint Device-Identity-as-a-Service (DIaaS) with Netskope to deliver a comprehensive security solution for Zero Trust device access.
Device Identity meets Zero Trust access
Zero Trust reference architectures from U.S. Department of Defense (DOD), NIST, and others are prioritizing more granular security controls for user devices to protect critical data and services. For example, the U.S. DOD Zero Trust Reference Architecture specifically calls out “the ability to identify, authenticate, authorize, inventory, isolate, secure, remediate, and control all devices” as “essential in a Zero Trust approach”.
The DOD recommends device security posture checks that include “examinations of compromise state, anomaly detection, software versions, protection status, encryption enablement” and also the ability to provide real-time remediation options for out-of-compliance devices.
This is where the Infinipoint and Netskope integration comes into play. Infinipoint complements Netskope by integrating device state, risk-based policies, and one-click remediation for non-compliant devices. This allows network and security operations teams to verify a predefined device security posture, extend adaptive access and enable auto-remediation as part of the user access flow.
Adaptive access control – The key to business continuity
Moving to a more granular, Zero Trust approach for user and device access is a solid strategy to reduce the attack surface and protect critical corporate services and data. But any security policy model has to balance the need to protect with the need to maintain business continuity. Simply put, you can’t just block access to users and devices every time a policy requirement has not been met.
Infinpoint extends Netskope adaptive access controls, enabling governed access permissions in real-time based on device context. For example, you can allow read-only access to services, or prevent files from being downloaded for users connecting via non-compliant devices. This provides an adaptive Zero Trust approach in a productive way that maintains business continuity with no disruption of access to the workforce.
In addition, Infinipoint combined with Netskope can enable conditional access, where only compliant devices access sensitive services and data. For example, you can create a device identity policy where only devices with the latest Windows security update are allowed access to confidential files and sensitive data.
Lastly, for unmanaged Netskope devices, Infinipoint enables a posture check and one-click remediation for installation of the Netskope client.
Infinipoint Device-Identity-as-a-Service (DIaaS) integration with Netskope delivers a comprehensive security solution for Zero Trust device access. Infinipoint complements Netskope by integrating device state, risk-based policies, and one-click remediation for non-compliant devices. This integration enables you to verify device security posture, extend adaptive access and enable auto-remediation as part of Netskope user access flow.
Enabling device compliance with uninterrupted user access with one-click remediation not only enables user productivity but also prevents potential breaches due to vulnerable and non-compliant devices accessing corporate services and data. The result is an adaptive Zero Trust approach to device access while maintaining business continuity with no disruption to the workforce.