Ninety percent of organizations around the world today deploy a DMZ in order to provide customers, partners and suppliers with controlled access to corporate data. As more and more sensitive data from the internal network is duplicated in the DMZ, this perimeter network designed to be a buffer zone has become a prime target for hackers, providing IT departments with the following challenges:
- Risk of Sensitive Data Breach – the DMZ is now a hub of external facing services containing large amounts of sensitive data, SSL keys and certificates, and personally identifiable information resulting in greater risk of data breaches.
- Hacking into the Internal Network from the DMZ – most front-end servers located in the DMZ communicate with servers within the LAN through an incoming port in the firewall, which hackers can utilize to launch attacks into the internal network. In addition such servers are accessible from the Internet and can be compromised by hackers, providing a second means of attacking the internal network.
- Increased Capital Costs – the DMZ network configuration also imposes a costly burden on the enterprise’s capital expenses requiring additional hardware and software licenses as a result of duplicating sensitive data in the DMZ.
- Higher Operational Costs – This additional hosting and synchronization of duplicated data between the LAN and DMZ requires a complex layer of data and network operations which can be complicated.
Safe-T Secure Data Access (SDA) offers a unique secure front-end solution for enterprises and software vendors a like. Utilizing SDA’s disruptive and breakthrough secure reverse-access technology as well as the Safe-T’s Integrated Data Security Platform, organizations can provide secure application access and data protection.
Safe-T SDA allows to easily and securely publish external facing applications, achieving the following:
- Closing incoming ports in the firewall
- Removing sensitive data from their DMZ
- Authenticating the user
- Scanning the traffic for malware and viruses
Safe-T SDA is a dual node patented technology, which removes the need to open any ports within a firewall, while allowing secure application access between networks (through the firewall).
Located in the organization’s DMZ (on-premise or cloud), the role of the external SDA node is to act as a front-end to all services/applications published to the Internet. It operates without the need to open any ports within the internal firewall and ensures that only legitimate session data can pass through into the internal network. The external SDA nodes performs TCP offloading, allowing it to support any TCP based application without the need to perform SSL decryption.
The role of the internal SDA node it to pull the session data into the internal network from the external SDA node, decrypt the SSL traffic, authenticate the user, scan the data for malware and viruses, pass the data to 3rd party security solutions for scanning, and only if the session is legitimate, pass it to the destination application server.
Safe-T SDA is also suitable for software vendors as part of their application. By deploying Safe-T SDA as part of the application (in the form of an OEM) in the DMZ, software vendors are now free to develop only their client side and internal side application. Thus, removing the need to cope with the hassles derived by developing and deploying a front-end for secure application access.