Australia / New Zealand | Azure | Blog | Security
What is Microsoft’s Global Secure Access & The 4 Criteria Your Org Needs to Meet

If you are adopting a Microsoft cloud-first strategy, you may be looking for ways to reduce your on-premise technical debt. You may have wondered how you can eliminate the dependency on a conventional VPN, while enabling secure and seamless access to on-premise files, endpoints and line of business applications. This is where Global Secure Access, a new in-preview solution from Microsoft can assist you.  

Lee Stevenson, Senior Consultant at Rapid Circle, has created this guide for organisations that want to safeguard their data, remote workers and on-premise resources with a unified solution by Microsoft. 

What is Global Secure Access? 

At its core, Global Secure Access (GSA) is the consolidation and improvement of Microsoft’s existing service ‘Application Proxy’ now allowing more than just HTTPS traffic traversal, alongside new cloud-focused tunneling solutions, under the single umbrella term of Global Secure Access.  

Microsoft has created a single solution to manage secure web access, and remote connectivity solutions, giving IT teams the capability to secure existing assets in a straight forward way. It also allows organisations to use cloud-only joined devices for authentication to on-premise virtual machines and SMB shares. 

Global Secure Access

What problem is it fixing? 

Traditionally, access to on-premise endpoints and file-shares would require VPN solutions, necessitating configuration of firewalls, routers and servers to allow inbound traffic on open ports. With GSA private access however, this method is simplified – requiring only a single agent on a endpoint within the network perimeter, and an agent on the user’s PC, offering per-app adaptive access based on Conditional Access policies, for more granular security than a VPN. 

Between those two agents, you can broker a data connection which allows seamless access to your on-premise assets without needing to punch a hole in the firewall, and without needing to set up VPN servers. This also has the added benefit of not needing to set up potentially costly VPN subscriptions with existing providers. 

With GSA, you could achieve the following benefits for your organisation: 

  • You can enhance your security posture by applying granular and context-aware policies to your users’ access to both on-premise and cloud resources. 
  • You can reduce the complexity and cost of managing multiple VPNs, firewalls, and other network devices by consolidating them into a single cloud-based solution that integrates with Microsoft 365 and Azure. 
  • You can improve the user experience and productivity by enabling seamless and secure access to any application or service from any device and location, without compromising performance or reliability. 
  • You can gain more visibility and control over your network traffic by leveraging Microsoft’s global network and advanced threat protection capabilities to monitor, filter, and block malicious or unwanted content. 

Who can benefit from GSA? 

GSA is designed for organisations that have a hybrid cloud strategy, using both cloud and on-premise resources to run their business. These organisations may face various challenges and risks when it comes to securing and accessing their resources across different environments and locations. Some examples of organisations that can benefit from GSA are: 

  • Organisations that have legacy or custom applications that run on their on-premise servers and need to be accessed by their remote workers 
  • Organisations that have sensitive or regulated data that is stored on their on-premise network and need to be protected from unauthorised or malicious access 
  • Organisations that have a distributed or mobile workforce that needs to access their cloud and on-premise resources from different devices and locations 

If your organisation falls into any of these categories, or if you have other hybrid cloud scenarios that require a secure and seamless access solution, GSA could be a suitable option for you, but you also need to meet some specific criteria. 

To use GSA for your organisation, you need to meet the following criteria: 

  1. You have Entra ID or Hybrid Entra ID  joined devices for all of your employees (and contractors).  
  1. You have on-premise infrastructure or legacy applications that you want to access securely and seamlessly from anywhere.  
  1. You want to consolidate your security, identity, and remote connectivity solutions under one platform.  
  1. You want to have granular control and monitoring of your internet traffic and apply conditional access policies based on user and device attributes.  

If you meet these criteria, GSA might be a suitable solution for your organisation.  

You should also be aware of some limitations and challenges, such as: 

  1. GSA does not support unmanaged devices or contractors using their own devices.  
  1. GSA is still in preview and pricing has not been released yet.  
  1. GSA might not be compatible or cost-effective with your existing VPN or firewall solutions.  

How to get started with GSA:

If you are interested in exploring how GSA can benefit your organisation, you can contact Rapid Circle, a trusted Microsoft partner, to help you with the following steps: 

  • Assess your current security posture and identify your security needs and goals 
  • Design and plan your GSA implementation and migration strategy 
  • Deploy and configure GSA on your devices and on-premise network 
  • Train and support your IT staff and users on how to use GSA 
  • Review and evaluate your GSA performance and outcomes 

Rapid Circle has extensive experience and expertise in helping organisations to adopt and leverage Microsoft security solutions. We can help you to achieve a secure, seamless and user-friendly hybrid cloud environment with GSA. 

To get started with Global Secure Access, contact us today and schedule a free consultation with our security experts. 

Want to learn more about Microsoft’s Global Secure Access?

Let’s go a bit deeper…

How GSA can reduce complexity and cost 

Many organisations that have a hybrid cloud strategy rely on a variety of security solutions and vendors to protect their remote workers and on-premise resources. For example, they may use a VPN to access their on-premise servers and applications, a firewall to filter their network traffic, a web proxy to monitor their web activity, and a cloud access security broker (CASB) to secure their cloud applications. 

However, managing multiple security solutions and vendors can introduce complexity and cost to the organisation. They may have to deal with compatibility issues, integration challenges, licensing fees, maintenance costs, and vendor lock-in. They may also have to train their IT staff and users on how to use different tools and interfaces. 

GSA can help organisations to reduce complexity and cost by providing a unified solution that covers all their security needs. GSA can replace or complement their existing VPN, firewall, web proxy, and CASB solutions with a single agent, a single portal, and a single vendor. GSA can also leverage their existing investments in AAD and MEM, which are part of the Microsoft 365 suite, to simplify their identity and device management. 

How GSA can enhance security and compliance 

Organisations that have a hybrid cloud strategy face various security and compliance challenges when it comes to their remote workers and on-premise resources. For example, they may have to deal with: 

  • Unauthorised or malicious access to their on-premise servers and applications 
  • Unprotected or compromised devices that connect to their network 
  • Unencrypted or intercepted data in transit or at rest 
  • Unregulated or inappropriate web activity by their users 
  • Unaudited or unreported security incidents or breaches 

GSA can help organisations to enhance security and compliance by providing a comprehensive and granular solution that addresses all these challenges. GSA can: 

  • Enable conditional access policies based on user identity, device compliance, location, time, and other factors 
  • Enforce multi-factor authentication (MFA), device encryption, antivirus, and other security features on the devices 
  • Encrypt and secure the data connection between the device and the on-premise network 
  • Filter and block the web traffic and web activity based on categories, domains, or keywords 
  • Monitor and log the network traffic and web activity for auditing and reporting purposes 

How GSA can improve user experience and productivity 

Organisations that have a hybrid cloud strategy want to provide their remote workers and contractors with a smooth and efficient way to access their cloud and on-premise resources. However, some of the security solutions and vendors they use may compromise the user experience and productivity of their users. For example, they may cause: 

  • Slow or unreliable network performance due to VPN overhead or congestion 
  • Complex or cumbersome login processes due to multiple authentication methods or interfaces 
  • Limited or restricted access to certain resources or applications due to firewall rules or policies 
  • Confusing or inconsistent user interfaces due to different tools or vendors 

GSA can help organisations to improve user experience and productivity by providing a fast, seamless and consistent solution that enhances their access to their cloud and on-premise resources. GSA can: 

  • Optimise the network performance by using Azure’s global network and intelligent routing 
  • Simplify the login process by using single sign-on (SSO) and MFA with AAD 
  • Expand the access to any resource or application on the on-premise network without VPN or firewall configuration 
  • Streamline the user interface by using a single agent and a single portal for all security features 

How GSA can increase visibility and control 

Organisations that have a hybrid cloud strategy want to have more visibility and control over their network traffic and web activity of their remote workers and on-premise resources. However, some of the security solutions and vendors they use may limit their visibility and control over their network and web activity. For example, they may: 

  • Lack real-time or granular data on their network traffic or web activity 
  • Miss or overlook security incidents or breaches due to insufficient or delayed alerts or notifications 
  • Fail or struggle to enforce or update their security policies or rules due to complex or incompatible tools or interfaces 
  • Depend or rely on third-party vendors or providers to manage or monitor their security solutions or data 

GSA can help organisations to increase visibility and control by providing a real-time and detailed solution that empowers them to manage and monitor their network traffic and web activity. GSA can: 

  • Provide real-time and granular data on their network traffic and web activity, including source, destination, protocol, category, domain, and keyword 
  • Alert and notify them of any security incidents or breaches, such as malware infections, data leaks, or policy violations 
  • Enable and update their security policies or rules easily and quickly using a single portal and a single interface 
  • Retain and own their security solutions and data without relying on third-party vendors or providers 

Written by Lee Stevenson, Senior Consultant at Rapid Circle

Related Posts

Handpicked content
Want to go deeper? Talk to one of the Rapid Circle team

Wilco Turnhout

Co-Founder (NL/EU)

wilco.turnhout@rapidcircle.com

Daniel McPherson

Chief Technology Officer

daniel.mcpherson@rapidcircle.com

Discover more from Rapid Circle

Subscribe now to keep reading and get access to the full archive.

Continue reading