What is Next-Gen Access?
Next-Gen Access (NGA) combines Identity-as-a-Service (IDaaS), Enterprise Mobility Management (EMM) and Privileged Access Management (PAM) in an integrated solution to provide access to applications, endpoints and infrastructure. It offers a collective set of mature and proven technologies and capabilities that recognizes every device, knows every user, limits access and privilege intelligently, and allows policies to learn and adapt without impacting user experiences.
Traditional Access vs. Next-Gen Access
As the name suggests, Next-Gen Access solutions are a more advanced version of traditional access management technologies. Traditional access management technologies consist of multiple software and hardware components and are complex to deploy. Furthermore, traditional access methodologies are frequently fragmented and only secure a subset of resources within an organization. They provide basic single sign-on (SSO), multi-factor authentication (MFA), and role-based access capabilities using various access control lists (ACLs). Access decisions are made by comparing a user’s credentials to one or more ACLs for authentication. Like traditional access controls, NGA solutions aim to provide the ability to securely ensure that only resources that are necessary and relevant are accessed, but the methodology differs greatly and has evolved more robustly than traditional approaches. The fundamental differences between traditional access controls and Next-Gen Access are defined below:
NGA Uses Adaptive and Risk-Aware MFA Everywhere to Verify the User
Unlike traditional access controls that use SSO and basic MFA enforcement capabilities, NGA couples SSO with context-based and risk-aware MFA to bolster access security and ensure user validity. Rather than implementing MFA as “on” or “off,” and potentially force an MFA challenge for every user in front of every resource, NGA solutions assess the context and behavior patterns of a user to formulate a risk score for each user. The risk score determines if a user gets SSO access to a resource, is challenged with MFA for further identity verification or if access to the resources is blocked until further investigation. Also, where traditional access management solutions offer SSO and MFA capabilities to a subset of resources – applications, endpoints or infrastructure, NGA solutions provide adaptive and risk aware capabilities across all enterprise resources, every time an access decision is being made.
NGA Includes Device Context through Integrated Identity + Enterprise Mobility Management to Validate their Device
95% of phishing attacks originate on endpoints and are followed by malicious software installations that compromise the device. NGA solutions recognize endpoints as gateways to an organization’s resources and thus, provide integrated identity and mobility management capabilities to protect endpoints while empowering mobile workforces. Secure access needs contextual trust — ensuring that granted access needs to come from a device that is known, managed and secured. Unlike traditional access management solutions that allow access to resources from any device, NGA solutions validate the device in every access decision; incorporating device context. NGA combines device posture as an access criterion and implements policy rules that define circumstances based on endpoint state, such as location of device, browser, or OS, ultimately determining if the device is secure or not.
NGA Limits Access & Privilege by combining IDaaS and Privilege Access Management (PAM)
At any given time, a user’s access should never be unconditional and unlimited. To reduce the risk of threats, users and systems should obtain access only to applications, systems, processes, or commands they need to perform their job — and for only a limited amount of time. This best practice of granting users the minimal amount of access they need for a limited period of time and only elevating privilege when they need it, limits the exposure in the case of credentials being compromised. Granting “just in time privilege” enables the user or system to do their job and removes the grant when they’re done. Granting “just enough privilege” and easing the process for privilege elevation, risk is reduced and security increased.
Benefits of Using Next-Gen Access
The distinguishing features of NGA produce unique benefits for the organizations using them. NGA is better equipped to enable Zero Trust Security, as it controls access correctly, tying together SSO, MFA, mobility management, privilege management and behavior analytics. The benefit is centralized visibility and control over every type of resource within the organization. NGA solutions are equipped with advanced capabilities that can intelligently determine the authenticity of a digital user, govern access and privilege across an organization’s resources and react when risky behavior is detected. NGA solutions not only bolster security and compliance posture, they also improve end user experience and enable productivity.
Another fundamental benefit is, NGA is not limited to deliver just one aspect of securing access: The concept of NGA is the ability to secure every user’s access – to any type of resource. NGA solutions secure identities for a broad range of users and systems that encompass end users, privilege users, customers, partners, outsourced IT, as well as systems and services. NGA solutions provide broad access management capabilities across the organization, which not only provides better value, but also centralized visibility, control and enforcement.
- Forrester Blog: Next Generation Access and Zero Trust: https://go.forrester.com/blogs/next-generation-access-and-zero-trust/
- Zero Trust X: Evolution of the Zero Trust Model (Dr. Cunningham, Forrester), 2018 ICIT Winter Summit: https://www.youtube.com/watch?v=OiXSA0JWH7M
- Centrify Earns Frost & Sullivan's North American Product Leadership Award for its Next-Gen Access Solutions: https://www.centrify.com/about-us/news/press-releases/2018/centrify-earns-frost-sullivans-na-product-leadership-award/
- Zero Trust Security https://www.centrify.com/zero-trust-security/