McAfee has announced a product designed to protect private applications and their associated data running in the cloud.
Based on the concept of zero trust network access (ZTNA), MVISION Private Access enables granular zero trust access to private applications from both managed and personal unmanaged devices. It does this by integrating data loss prevention and remote browser isolation, which together provide full control over data accessed during private access sessions. It helps block malicious files, prevent inappropriate handling of sensitive data and secure unknown traffic activity.
While companies want to enable their employees to be able to get their work done from any location or device, they are finding that it’s no longer sufficient for a user to just have the right username and password, said Naveen Palavalli, McAfee’s vice president of product marketing. Instead, it has become important to make more informed decisions on what resources to allow users to access based on the relative perceived safety of the requestor.
For example, a user working from home might be trying to access the company’s proprietary customer relationship management (CRM) solution, located in its headquarters' data center. In the past, the user would only have been able to access it from a corporate device with a VPN client installed.
In contrast, when a user initiates a ZTNA connection to a private app, MVISION Private Access gathers a broad range of information, including the operating system version and patch level. The cloud-based ZTNA service then authenticates the user and runs a posture check to determine the device’s compliance level and access credentials.
If the user passes, he or she can access the application and its associated data and threat protection, but won’t be able to browse the network for other applications or data that the user isn't authorized to see.
MVISION Private Access can also ensure that personal unmanaged devices, like a user’s private iPad, can have limited access to certain private apps. For example, users might be allowed “read-only” mode so they can still do work from these devices while posing minimal security risk.
The Secret Sauce
Part of the solution’s secret sauce is that it is “data-aware,” which means that it can track the same files and data in the cloud as it can on the endpoints.
“When users access the web or public SaaS applications, companies can use secure web gateways [SWGs] and cloud access security brokers [CASBs] with built-in DLP capabilities to protect company data from being exfiltrated or unlawfully accessed,” Palavalli said. “But most ZTNA solutions today have little or no data protection in place, so the private applications being accessed by ZTNA can present greater security and compliance risk.”
That’s true as far as it goes, noted Christopher Rodriguez, research director for network security at IDC. There are others that do as well, he said, including Perimeter 81, Netskope and Zscaler. But that doesn’t mean there isn’t real value in McAfee's solution. It does have a collection of capabilities that make it worth considering, especially as a complement to the company’s other security protection products.
McAfee said that in addition to integrating with its CASB and secure web gateway, MVISION Private Access also integrates with the company’s identity and access management (IAM) and multifactor authentication solutions.