Overview of the VPN solution previously adopted by the local big data administration bureau of a first-tier city
The local big data administration bureau of a first-tier city is responsible for planning and promoting the construction of an e-government platform, government data management, and information security management as a whole within the territory. Before using DACS, the bureau resorted to VPN in staff telecommuting, collaborative development, system operation and maintenance, and other relevant works, but ended up being haunted by the concern of off-intranet data leakage to a third party.
Enterprise Data Exposed to Risks of Leakage
As soon as an employee is validated and connected via the VPN client, the employee is at liberty to access and download the enterprise's intranet data, raising concerns for the ineffective control of secondary data dissemination. This also hinders the enterprise from detecting endpoint risks, which further increases the control risk of data loss.
VPN’s Susceptibility to Functional Stability Issues As Well As Hardware Upgrading Inflexibility
VPN exerts a high demand on network quality but tends to be unstable and suffer a lot from abrupt network downtime. Moreover, due to a limit on the VPN connection quota, additional devices need to be purchased, and trial runs also need to be urgently carried out for capacity expansion, leading to high hardware expenditure as well as operation and maintenance costs.
Inflexible User Access Management
Managing a VPN service with complex settings is a daunting challenge, because it is possible that immediately after logging in, the users are granted with full unrestricted access. In addition, VPN cannot effectively group or make lean control of employees, outsourced employees, and suppliers.
DataCloak® Zero Trust Endpoint Secure Workspace (DACS)
During the outbreak of COVID-19 back in early 2020, the local big data administration bureau began using DACS due to its characteristics as a pure software-based solution. Since then, the bureau has quickly implemented remote access solution for secure stay-at-home working, which does not require the additional installation of any independent VPN device. After the bureau deployed the DACS server instances on the data center hosts (virtual machine), its employees only need to install the DACS client in their respective PCs at home and complete the dual authentication (device and identity). Once these are completed, DACS automatically generates a secure encrypted workspace that is immediately linked to the applications and resources located in the bureau, allowing access to the data within the secure space, whilst also preventing them from being taken away.
A More Flexible Zero Trust Architecture
Zero Trust architecture naturally facilitates office works to be conducted from multiple locations and realizes more flexible deployment and capacity expansion
Smooth Realization of Cross-Regional Office Automation (OA)
Our core concept in redefining security: "intranet is secure, and everywhere else isn’t", the enterprise's network perimeter is extended to trusted device endpoints through DACS secure workspace. In this sense, wherever the devices are accessed, they shall always remain in a secure space.
Fast Deployment and Convenient Capacity Expansion
Fast deployment requires no other dedicated hardware device apart from the X86 standard virtual machine server. Disaster recovery and redundancy are guaranteed by cross-regional data center development. In addition, each module is open to flexible parallel extension.
More Secure Zero Trust Endpoints
Core data remain secure and controllable, even if distributed into an employee's endpoint.
Prevention Sensitive Data Leakage
Applications and data access history, including network access records, within the secure workspace are under real-time dynamic surveillance, preventing any employee from replicating, cutting, or copying data into his/her private desktop at will. Data are encrypted and stored into a secure workspace, after which they will be locked down immediately once any threat is detected.
Software-Defined Enterprise Security Perimeter: Sensing Endpoint Security in Real Time
DACS client helps you monitor endpoint security at all times. Based on the records of every access authentication and real-time verification of single sign-on (SSO), intrusion and illegal access are automatically blocked, expanding the security perimeter from the enterprise’s network to the endpoints.
A More Stable Zero Trust Network
For the employees, DACS offers a simple and fool-proof operation threshold, as well as a secure and stable network to be in. For the IT department, configuration complexity are substantially reduced, so are the costs incurred.
A More Flexible Style of Fine-Grained Access Management
Users can be flexibly divided into groups by their roles, and each user group can also be assigned with a unique set of network policies and access authorities, facilitating the adaptation to the enterprise's architecture. Moreover, policy settings are also configurable from different dimensions, such as domain name, network segment, IP, and port, to name a few.
Mitigating the Workload of the IT Department, and Simplifying the Operation for Employees
As a pure-software-based solution, DACS substantially lowers operation and maintenance costs and eliminates repeated investments. Employees can get right into telecommuting after installing the client and logging in to their respective accounts.
Values Brought by the Solution
Safeguarding Enterprise Data Security
- Regardless of where the employees are located, they can quickly access the company's intranet and obtain the data and materials required for telecommuting
- Access will also only be restricted to the authorized materials and data, which will be stored in a secure workspace to facilitate the control of its secondary dissemination.
Flexible Response to Business Pressure
- The nature of DACS’ pure software-based solution simplifies deployment and accelerates capacity expansion, allowing enterprises to deal with massive business telecommuting requirements in time
- DACS can be immediately put into use owing to its simple deployment and quick settings, thereby incurring low management cost.
Ensures a Highly Stable Functional Stability
- DACS affects computer performance very minimally, hence guaranteeing smoothness throughout its runtime.
- DACS is user-friendly, requiring very minimal change in operational habits.