With the increase of threats and other malicious activities targeted at organizations today, the need for a layered security model providing the least privileged access has never been more essential. As most modern applications provide level protection, there are often some gaps that limit the ability to address specific security needs. The Progress Kemp load balancer is in a privileged position and, with its native capabilities, is empowered to apply security in ways other solutions fall short.

The Zero Trust Access Gateway (ZTAG) delivers a simple, flexible, and secure approach for providing the necessary access for users and applications to access backend systems while greatly reducing the exposure to today's threats.

The Zero Trust Access Gateway delivers secure publishing of workloads using the following attributes:

  • Authentication – Leveraging an organization's existing identity provider (iDP), Zero Trust Access Gateway can authenticate users to determine the proper credentials provided before allowing access to the published applications. Using the Edge Security Pack, several authentication methods, including Multi-Factor Authentication (MFA), can be leveraged to pre-authenticate users before allowing access to the published application.
  • Group Membership – Building off the authentication delivered as part of Zero Trust Access Gateway, group membership assignment can be required as part of access policies. This approach can allow or deny access to an application dependent on group membership or enforce additional authentication methods (i.e., Multi-Factor Authentication).
  • Location – The load balancer can identify the source address of who or what is accessing the backend systems. Granular access control policies can be applied along with other characteristics to permit or deny access to portions of an application. Additional authentication methods can also be required based on location.
  • HTTP Header – Publishing workloads at layer 7 provides full visibility of application traffic, which can be leveraged to identify intent and apply necessary security policies to ensure the least privileged access.
  • Path/ S3 Bucket – Business-critical workloads, including web application and object storage solutions, require permissions to be applied based on what portion of the application or storage is accessed.