At NordLayer, we’re dedicated to empowering organizations to improve their network security. We’re excited to introduce our revamped Dashboard feature, now offering four new graphs that give admins a comprehensive view of network activity. 

From monitoring 2FA adoption to analyzing the distribution of operating systems, these Dashboard graphs deliver critical data. With enhanced transparency and data-driven metrics, you can make informed decisions and optimize your company’s security strategies. Note that this feature was previously known as “Server Usage Analytics,” reflecting our commitment to improving your experience.

Feature characteristics: What to expect

Here’s what’s new in this release of the Dashboard and how this update can benefit your organization:

1. Percentage of organization members who have 2FA enabled

Two-factor authentication (2FA) is essential for safeguarding user accounts and your company’s network. The new chart tracks the percentage of members within your organization who have completed the 2FA setup, whether enabled by an admin or by users themselves. With this data, admins can promote broader adoption of this security layer and take specific actions to reduce vulnerabilities.

2. Distribution of devices OS types

Knowing the distribution of OS types across your organization helps optimize IT resources, plan for compatibility with future updates, and identify potential security vulnerabilities specific to certain OS types. The OS Types Distribution Graph provides clear data to strengthen your network security practices and support proactive system management.

3. Distribution of NordLayer application versions

Regularly monitoring the NordLayer Application Versions Graph helps ensure that all devices run the latest version of Nordlayer. By tracking version distribution, you can quickly spot any devices that need updates, helping maintain optimal performance and security across your organization.

4. Browser types distribution (for NordLayer Browser Extension)

The Browser Types Distribution Graph tracks which browsers are being used with the NordLayer Browser Extension across your organization. This information is helpful for optimizing web applications, ensuring compatibility, and improving the overall user experience.

How it works: Dashboard in action

NordLayer’s Dashboard provides a detailed view of user connections, network devices, and your network’s server performance. Depending on your plan—Lite, Core, Premium, or Enterprise—certain charts and key metrics are available in near real-time, allowing IT admins to monitor and manage network security and service efficiently.

For example, the 2FA Chart can show that only 60% of your team has enabled two-factor authentication. With this information, you can run an internal campaign to encourage more team members to enable 2FA, thereby strengthening your overall network security.

Similarly, if the Application Versions Graph reveals that a significant number of users are running outdated versions of the NordLayer app, you can quickly address these security gaps by encouraging updates, ensuring that everyone has access to the most recent features and fixes.

Avoiding potential vulnerabilities

Let’s say you’re an IT admin of a growing company. You’ve recently onboarded several new employees, and you noticed a few inconsistencies in how different teams are using security protocols. With the new Dashboard, you can quickly assess the situation:

• The 2FA Chart shows a low adoption rate of two-factor authentication
• The OS Types Graph reveals that some teams are still using outdated operating systems
• The App Versions Graph highlights that several employees haven’t updated their NordLayer application in months

By gathering this data in close to real-time, you can make strategic decisions to improve your company’s security posture—whether it’s launching an internal security campaign or scheduling updates across devices.

Why do dashboards matter?

Dashboards are essential tools for organizations looking to maintain strong network security and service usage and streamline decision-making. By providing clear, real-time data into key metrics, they help IT admins monitor, manage, and optimize their security strategies effectively. Here’s why dashboards are crucial in general:

• Stronger network visibility: Dashboards offer a comprehensive view of your service and the network’s usage, security, and performance. Whether you’re tracking operating systems, 2FA usage, or app versions, these insights give you the clarity you need to secure your organization.
• Easier decision-making: The data provided by the Dashboard allows admins to make informed decisions quickly, improving security strategies and keeping the network running smoothly.
• Data-driven security: Close to real-time data directly impacts your organization’s security posture by making it easier to identify vulnerabilities and mitigate them before they become problems.

Conclusion

With these updates, NordLayer’s Dashboard provides the data for the clear insights you need to protect your organization—no matter its size. By providing close to real-time data on essential security and usage metrics, the Dashboard helps admins take action where it matters most, ensuring a safer, more efficient network for everyone.

Ready to optimize your network security and monitor NordLayer’s service usage? Check out the new Dashboard feature today and start making data-driven decisions that safeguard your organization.

Managing access to network assets is a critical part of cybersecurity. Two concepts constantly arise when discussing access management: Zero Trust and the principle of least privilege.

These are more than just buzzwords. What do these terms mean, and why are they vital in modern cybersecurity? Just as importantly, are Zero Trust and least privilege separate concepts or part of a larger whole?

This blog will explore how the principles differ and help you understand the conceptual basis of secure network access.

What is Zero Trust?

Zero Trust is a strategic security approach that follows the principle “never trust, always verify.”

In cybersecurity, organizations implement this principle via a set of technologies known as Zero Trust Network Access (ZTNA).

The Zero Trust concept requires a default position of mistrusting all connection requests and internal network activity. Every user and connection poses a potential threat. Systems should only grant access when organizations know for sure users are legitimate.

ZTNA’s main role is safeguarding work-related assets. For example, systems block access requests to documents from unauthorized devices or unusual locations. ZTNA technologies deny access to attackers with stolen credentials, keeping sensitive data safe.

The Zero Trust model departs from traditional security concepts by operating at the network edge and within the network perimeter.

• Only trusted users can enter the network perimeter. Identity verification happens via credential authentication and tools like device posture checks.
• Network managers monitor user activity within the network boundary. Access control measures block resources without appropriate permissions.
• Zero Trust architecture involves continuous security measures. Security tools monitor users continuously, requesting identity verification for each access request.

The idea behind Zero Trust is simple. With ZTNA safeguards in place, businesses make it harder for attackers to move within the network. By enforcing strict verification at each access point, ZTNA helps block any unauthorized access attempts.

Access controls and monitoring shrink the attack surface, limit lateral movement, and give security teams time to take quarantine measures.

The ZTNA framework evolved to suit modern business needs. The rise of distributed workforces and cloud computing made traditional perimeter defense obsolete. Identity-based security makes more as network boundaries become increasingly vague.

What is the principle of least privilege?

The principle of least privilege (PoLP) is related to privilege management.

PoLP requires network admins to limit the devices or applications users can access. Users should only enjoy access to resources they need to carry out authorized tasks.

Companies often apply PoLP via role-based access control (RBAC) measures. For example, medical researchers may need access to data sources and reports relevant to their research. Physicians should have access to individual medical records but may not need access to aggregated medical data. This approach ensures that each role has only the permission necessary for its specific responsibilities.

In other cases, PoLP applies dynamically, using just-in-time access, where permissions are granted only for a limited period. For example, DevOps teams at financial institutions may need to escalate privileges for database maintenance temporarily.

With just-in-time access, teams receive the necessary permissions only for the duration of the task, and access to confidential records is automatically revoked once the specific period ends. This way, sensitive access is strictly limited to when it’s needed, reducing long-term exposure to potential security risks.

Least privilege access allows teams to carry out maintenance tasks, before revoking access to confidential records when the task is done.

PoLP aims to reduce the harm caused by malicious actors by minimizing user privileges at all times. If cyber attackers breach network defenses, the principle of least privilege limits their access to sensitive data and critical systems.

When properly applied, PoLP ensures that users only have minimal permissions necessary for their roles. This means that even if attackers gain control of a user’s device, they’ll face restrictions on what actions they can take, reducing the risk of major data breaches or unauthorized access to critical information.

Cutting data breach risks has another important benefit. The principle of least privilege aids compliance with regulations like GDPR, PCI-DSS, and HIPAA. Companies handling confidential information can limit access to those with a legitimate business reason – in line with regulatory requirements.

Least privilege access applies to all network users, from junior staffers to administrators. Nobody should have the freedom to roam across all network resources. Controls include non-human users such as APIs and virtual machines as well.

Privileged access applies to all users within the network directory, requiring a comprehensive analysis of network resources and user identities. Admins must assign privileges accurately and update access rights as needed.

Zero Trust vs. least privilege

The principle of least privilege and ZTNA play complementary roles in digital security architecture, but their scope and how they handle security risks differ.

Let’s start with the similarities. Both frameworks aim to protect data and shrink the attack surface.

ZTNA and least privilege access also use similar tools to achieve this goal. Both frameworks advise using identity and access management (IAM) systems, segmentation, and network monitoring.

Are there any important differences between ZTNA and least privilege access?

ZTNA and least privilege are far from identical. However, the key takeaway is the two concepts complement each other in network security setups.

The Zero Trust model is concerned with how organizations authorize user activity. ZTNA-based systems authenticate users, discovering whether they are who they claim to be. Systems verify identities whenever they receive access requests. As a result, ZTNA is generally more resource-intensive and complex. Security teams must verify every activity and access request.

Least privilege access focuses narrowly on how users relate to network assets. In this sense, the principle of least privilege is an essential component of all Zero Trust solutions.

Applied on its own, PoLP is a useful foundation for data protection and privileges management. However, ZTNA delivers greater in-depth protection to meet urgent security needs.

Should you choose between Zero Trust and least privilege models?

The key takeaway is this: There is no natural opposition between Zero Trust vs. least privilege concepts.

Most companies would benefit from using both approaches when designing security measures. PLOP and ZTNA are critical components of Defense-in-Depth (DiD) strategies. You can’t lock down data effectively without considering both frameworks.

Companies can choose how extensively they deploy Zero Trust and least privilege-based access controls. However, in-depth access controls are vital in a world of endemic data breaches and phishing threats.

Key components of Zero Trust and least privilege

Robust network security setups leverage Zero Trust Network Access and the principle of least privilege to safeguard resources. We generally find the following components in both security models:

• Network asset classification. Companies must identify critical assets before defining access rights. Admins identify assets requiring protection, including data storage, applications, and hardware systems. Access policies define user permissions, enabling precise access control measures.
• Access controls at the network edge. Traditional access controls filter requests at the network edge. Tools like multi-factor authentication (MFA) and next-generation firewalls admit legitimate users and block unauthorized access requests.
• Software-defined perimeters. ZTNA deployments often use a software-defined perimeter (SDP) that accommodates today’s flexible network architecture. SDP verifies user identities via credentials, posture checks, and data like user location and access times. Users can then access approved resources without the need for add-ons like VPNs or wholesale network access.
• Identity and Access Management. Privileged access tools assign permissions, determining which resources users can access and the types of activity they can carry out. For instance, some users may have read privileges, while access rights for others include editing or deleting data.
• Network segmentation. Network segmentation divides network resources by robust internal walls. Admins define segments via firewalls, software-defined networking (SDN), access control lists, or a combination of measures.
• Network monitoring. The Zero Trust security models require continuous monitoring of access requests. Systems must check device statuses, user activity, and network traffic patterns. Monitoring ensures users remain at the appropriate privileged access level. Alerts also allow rapid responses to potential data breaches.
• Threat response. Security teams must shrink the attack surface rapidly when attacks materialize. Zero Trust security advises companies to plan for worst-case scenarios and adopt a proactive approach to quarantining threats.

How do ZTNA and least privilege fit into security systems?

PoLP and ZTNA security measures often complement Virtual Private Networks (VPNs) and encryption to maximize security. VPNs allow remote workers to connect securely and anonymously. ZTNA and least privilege controls limit their access to relevant resources, adding another layer of security protection.

Zero Trust security may also form part of Secure Access Service Edge (SASE) solutions. In this case, adaptive ZTNA controls work with next-generation firewalls and software-defined networking to defend network resources.

SASE is a good model for globally distributed remote workforces. It does not rely on fixed infrastructure or single work locations. Identity verification occurs wherever users connect, so you may not need legacy tools like VPNs.

How NordLayer can help

Implementing Zero Trust solutions or the principle of least privilege can be challenging.

Zero Trust requires companies to cover every asset and user, install reliable monitoring and authentication systems, and handle lengthy periods of disruption. PoLP requires tight privileges management and access controls.

The good news is that expert partners like NordLayer help you manage these problems.

Nordlayer enables you to create virtual private gateways to safeguard access to your sensitive resources, enhanced by additional layers of security.

For example:

• The Cloud Firewall enables easy network segmentation to strengthen resource protection.
• IAM solutions like multiple MFA options, single sign-on (SSO), and user provisioning ensure identities are triple-checked.
• Robust network access control measures such as Device Posture security make sure that only authorized devices or users from allowed locations can connect to the network.

NordLayer can help with whichever approach you adopt. We provide a simple route to implement Zero Trust and the principle of least privilege. To find out more, contact our team to arrange a demo today.

Cloud computing has revolutionized business networks, cutting the need for hardware and maintenance tasks while making network design more flexible than ever.

On the other hand, the public cloud can feel a little exposed. Sharing space with other users increases security risks – and those risks may be unacceptable when storing or processing client data.

Virtual Private Cloud (VPC) deployments offer a practical solution.

VPCs create private zones within the public cloud, blending the pros of cloud computing with robust security. Even so, using VPCs safely is essential. Let’s explore the subject and understand how private cloud technology can work for you.

What is Virtual Private Cloud infrastructure?

A Virtual Private Cloud is a private virtualized domain within the public cloud. VPCs contrast with public cloud computing, where tenants share cloud space with other users. VPC deployments use single-tenant architecture, creating private spaces within the public cloud.

VPCs allow companies to benefit from cloud computing’s flexibility and easy scaling while securing critical resources via logical isolation.

How does a Virtual Private Cloud work?

Unlike public cloud solutions, VPC cloud infrastructure is owned and maintained by the organization that uses it.

A VPC resides in a standard public cloud data center. Owners source software and cloud hosting facilities and may hire additional IT management professionals. However, the VPC is effectively private. Isolation minimizes links to other publicly hosted assets.

Technicians use logical isolation to separate VPC resources from the public cloud. This technique uses Virtual Local Area Networking (VLAN) technology and private IP subnets to create barriers and protect private assets.

Private subnets make local IP addresses inaccessible from the public internet. VLANs isolate types of traffic, prevent access from unauthorized devices, and ensure all traffic relates to the VPC owner.

Most VPC instances also use Virtual Private Network coverage (VPNs). A VPN connection creates an encrypted zone around the shared public cloud. Users log into the VPC via their VPN gateway. The VPN conceals their identities and activity when using the Virtual Private Cloud.

VPC components and architecture

VPC networks tend to have elements in common. As the VPC diagram below shows, core components include:

• Web gateways: These create a connection between the VPC environment and the public cloud or the Internet. Each VPC requires a separate internet gateway, which serves as a location for access control measures. Best practices advise users to guard every web gateway with a VPN.
• NAT gateways: One-way gateways that enable outward connections from the VPC to the public internet.
• Subnets: A subnet is a group of IP addresses linking assets within your VPC. VPC subnets can be public or private. Public subnets define resources users can connect with inside the internet gateway. Private cloud subnets are off-limits to public web users and connect to the NAT gateway.
• Routers and route tables: Route tables define the movement of VPC network traffic. Routers use route tables to direct traffic to apps or data containers. Without a properly configured route table, elements of the VPC cannot communicate.
• Security groups: VPC security groups operate like firewall rules at the instance level, regulating traffic between the private and public cloud.
• Network access control lists (NACLs) provide security at the subnet level. They set rules for traffic that enters or leaves a subnet and block unauthorized users.
• VPC peering: Sometimes, users need to connect resources on different Virtual Private Clouds. Peering uses IPv4 or IPv6 addresses to safely link VPC resources and ensure smooth data flows.

Benefits of using a Virtual Private Cloud

There are many reasons to deploy a VPC instead of relying on public cloud infrastructure or locally-hosted network resources. For instance, Virtual Private Cloud benefits include:

• Easy scaling: Users can add VPC capacity as needed. They don’t need to install hardware or software solutions; they can purchase cloud space from vendors when needed.
• Improved performance: Well-designed VPCs generally perform better than equivalent on-premises networks or public cloud resources.
• Flexibility: Users can connect VPC infrastructure to the public cloud or on-premises assets. They can accommodate remote working arrangements and communicate across geographical regions without relying on public internet connections.
• Security: VPCs provide secure work and data storage environments, provided cloud vendors update their infrastructure regularly. Logical isolation also makes VPCs more secure than relying on public cloud computing.
• Value for money: Deploying a Virtual Private Cloud is cost-effective. Installation requires little human labor, and you can often rely on off-the-shelf solutions. Hardware overheads are low, while your cloud vendor should handle most maintenance needs.

Security challenges associated with using VPCs

One of the main benefits of virtual private cloud systems is that VPC deployments are usually more secure than public cloud alternatives and traditional networking.

However, using VPC in cloud infrastructure can create security vulnerabilities. Users should understand the risks before permanently moving assets to private cloud services.

1. Improper configuration allows paths from the public internet

Generally, attackers find it difficult to hop from a public cloud provider to private cloud assets. Isolation by VLANs and subnets minimizes the risk of unauthorized infiltration.

However, default subnet configurations can leave open routes to and from the external internet. Administrators may also fail to secure subnets via network access control lists. Hence, VPC best practices always include changing default configurations to reflect your cloud architecture.

Adding access control lists is also recommended. The absence of ACLs makes it easier for attackers to access subnets that should be restricted within the VPC.

2. Preventing lateral movement within the VPC

Malicious actors accessing VPC infrastructure can move between peered resources and seek compromised applications or storage containers. For instance, infrequently updated security rules may not cover virtual machines, raising the risk of data breach attacks.

Similarly, access control lists and subnets can become misaligned, enabling lateral access to resources that should be off-limits.

3. Ensuring secure access

The issues above are important, but unauthorized access is the most significant VPC cybersecurity risk.

Problems often arise when cyber attackers obtain credentials or breach firewall protection. Insecure service endpoints may enable easy access to the entire deployment. Weak access controls and privileges management can allow excessive access – exposing customer records or financial data.

When that happens, attackers can roam freely within a virtual private cloud and cause chaos. So, how should you secure access to your VPC and prevent unauthorized intrusions?

VPN coverage is essential. Site-to-site VPNs create secure connections between offices or remote work locations and your VPC gateway. When users log in, the VPN shields their activity, making credential theft attacks much less likely.

NordLayer enables users to connect directly to AWS or another cloud provider via a dedicated VPN. We recommend adding this security feature to ensure watertight private cloud security.

Major Virtual Private Cloud providers

VPCs are not mom-and-pop operations. Big global corporations usually host virtual cloud infrastructure and offer diverse products to suit client needs. Let’s run through popular cloud provider options before exploring how to perfect your VPC setup.

• Amazon Web Services (AWS). AWS is the market leader in VPC services, claiming around 32% of all cloud hosting revenues. Users can rent virtual machines via the Amazon Elastic Compute Cloud (EC2) and use Amazon Relational Database Service (RDS) to manage databases in the cloud. Basic VPC is free, but extra costs apply for services like NAT gateways.
• IBM Cloud. IBM’s VPC offering uses a Software-Defined Network (SDN) model to deliver VPC solutions. Users mix and match computing, storage, and networking architecture. Pay-as-you-use billing allows flexibility and cost-effective scaling.
• Google Cloud. Google’s VPC is similarly flexible and covers every geographical region. Features include flow logs, peering, central firewall management, and free credits to get smaller businesses started.
• Microsoft Azure. Azure is Amazon AWS’ main competitor. Microsoft’s VPC includes a built-in IPSec VPN, granular controls over communication between subnets, and peering and NAT gateways for maximum flexibility.

Securing access to a VPC with NordLayer

If you decide to use a VPC, you must also implement the right security options to safeguard your data and applications. NordLayer is compatible with the most popular VPC solutions and can enhance your security by protecting who can access the information stored there.

To secure your VPC, consider implementing the following measures:

• Secure remote access: Users need secure access to resources and applications inside the VPC. NordLayer’s Site-to-Site VPN provides an encrypted tunnel. This allows secure access to the VPC without exposing data to public internet threats.
• Preventing unauthorized access: NordLayer’s Cloud Firewall adds an extra security layer by allowing you to control who can access the VPC. You can restrict VPC access to authorized users, prevent accidental data leaks, and implement multilayered authentication methods with SSO and MFA. That way, you can double or triple-check identities before granting access.
• Device Posture Security: NordLayer’s Device Posture Security ensures that only approved devices that meet company security policies can connect to the VPC. This reduces the risk of compromised or non-compliant devices accessing sensitive data.

NordLayer’s powerful suite of security tools makes it easy to protect your VPV and ensure that only the right users and the right devices can access your resources. We can help you benefit from VPC architecture without putting critical information at risk. To find out more, contact the NordLayer team today.

ITC Compliance, based in the UK, helps car dealerships and other retailers meet the standards of the UK’s Financial Services Regulator. By becoming appointed representatives of ITC Compliance, these businesses rely on the organization to handle their compliance. This way, clients stay compliant with the Financial Conduct Authority (FCA), without dealing with complex rules, allowing them to focus on their main work. 

James Snell, IT Director at ITC Compliance, manages technology strategy and vision, technology teams, cybersecurity, IT infrastructure, and operations. He is also responsible for vendor and stakeholder management. He needs to secure remote access to sensitive internal systems while maintaining regulatory compliance.

The challenge

Securing remote access while meeting regulatory compliance

The COVID-19 pandemic led ITC Compliance to shift to remote and hybrid work. This required a secure way for employees to access internal systems with sensitive data from various locations.

“COVID changed how companies work,” explains James Snell. “Only ITC Compliance employees can access our systems, so we needed secure remote access to internal resources.” Managing individual IP whitelisting for all remote employees was impractical.

As a regulated company working towards SOX compliance, ITC Compliance also needed strict access controls, which are crucial for certification.

The solution

Using NordLayer for secure and simple remote access

To tackle these issues, ITC Compliance adopted NordLayer as their business VPN in 2020. Routing all employee traffic through NordLayer allowed for a consistent IP address, which simplified security.

NordLayer also offered essential security tools, like multi-factor authentication (MFA). This met ITC Compliance’s security needs and supported their SOX compliance goals.

Why choose NordLayer

During renewal, James considered other options but decided to keep NordLayer. The solution felt reliable, and the pricing suited their needs, so switching wasn’t necessary.

NordLayer offered scalability and flexibility, with easy server setup and team routing through different IPs. From a cybersecurity standpoint, NordLayer provided essential tools, including ease of use, strong security features, and simple management with MFA options.

One key feature enabling ITC Compliance to maintain a fixed IP is NordLayer’s Dedicated IP. It ensures online traffic stays private and secure, helps control permissions, and prevents unauthorized access. With NordLayer, a fixed IP allows smooth, secure access to business data from any location. You can control who accesses resources by allowlisting specific IPs. Dedicated servers with fixed IPs cost $40/month and are available on all plans except Lite.

The outcome

Enhanced security and compliance support

NordLayer helped ITC Compliance secure remote access to internal systems. Using a single IP address simplified security management and reduced workload.

The NordLayer rollout was smooth, and the team found it easy to use. Scaling is simple, and adding licenses is hassle-free.

Pro cybersecurity tips

Protecting sensitive information is crucial, especially for regulated businesses. James Snell shares three essential tips for enhancing security.

With NordLayer, ITC Compliance simplified remote access, strengthened security, and met compliance needs. Try NordLayer to secure your team’s access, no matter where they work.