Requirements for Building a Secure Remote Workforce with Cloud-Based Infrastructure
Question
A company plans to build an entirely remote workforce that utilizes a cloud-based infrastructure.
The Chief Information Security Officer asks the security engineer to design connectivity to meet the following requirements: -> Only users with corporate-owned devices can directly access servers hosted by the cloud provider.
-> The company can control what SaaS applications each individual user can access.
-> User browser activity can be monitored.
Which of the following solutions would BEST meet these requirements?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.B.
The requirements of the company to allow only corporate-owned devices to access servers hosted by the cloud provider, control access to SaaS applications, and monitor user browser activity can be met by implementing a combination of security solutions.
Option A: IAM gateway, MDM, and reverse proxy IAM (Identity and Access Management) gateway is a solution that manages user authentication and authorization for accessing applications and resources. MDM (Mobile Device Management) allows the company to control and manage corporate-owned devices remotely. Reverse proxy acts as an intermediary between the users and the cloud provider's servers, providing an additional layer of security. This solution can fulfill the requirement of allowing only corporate-owned devices to access the cloud provider's servers. However, it does not provide a solution for controlling access to SaaS applications and monitoring user browser activity.
Option B: VPN, CASB, and secure web gateway VPN (Virtual Private Network) allows remote users to securely access the company's network and resources. CASB (Cloud Access Security Broker) is a solution that provides visibility and control over cloud applications and data. A secure web gateway is a solution that inspects web traffic for threats and malicious content. This solution can fulfill all the requirements mentioned in the question, including controlling access to SaaS applications and monitoring user browser activity. However, it may not be the most efficient solution for large-scale remote workforce.
Option C: SSL tunnel, DLP, and host-based firewall An SSL tunnel provides secure communication between remote users and the cloud provider's servers. DLP (Data Loss Prevention) is a solution that identifies and prevents sensitive data from leaving the company's network. A host-based firewall is a solution that controls incoming and outgoing traffic from a specific device. This solution may fulfill the requirement of securing communication between remote users and the cloud provider's servers. However, it does not provide a solution for controlling access to SaaS applications and may not be an efficient solution for a large-scale remote workforce.
Option D: API gateway, UEM, and forward proxy API gateway is a solution that manages and secures communication between different applications and services. UEM (Unified Endpoint Management) allows the company to manage and control all endpoints, including corporate-owned devices. Forward proxy is a solution that intercepts and filters web traffic. This solution can fulfill the requirement of allowing only corporate-owned devices to access the cloud provider's servers and controlling access to SaaS applications. However, it may not provide a solution for monitoring user browser activity.
Considering the above analysis, the BEST solution that meets all the requirements mentioned in the question is option B: VPN, CASB, and secure web gateway.
