Insights
Customer Identity & Access Management Decentralized Identity Fraud Prevention Identity & Access Management Identity Governance and Administration Passwordless Authentication Privileged Access Management Zero Trust
Research
Leadership Compass Whitepaper Executive View Advisory Note Leadership Brief Buyer's Compass Rising Star Blog
Advisory
Advisory Services Meet our Advisors Strategy Navigator Success Stories
Events
EIC 2025 Webinars
Videos
All latest videos cyberevolution 2024 European Identity and Cloud Conference 2024 KuppingerCole Webinars KuppingerCole Analyst Chat
Membership
About Professional Expert Corporate
KC Open Select
Policy Based Access Management Intelligent SIEM Platforms Data Governance Cloud-Native Application Protection Platforms Zero Trust Network Access Unified Endpoint Management Attack Surface Management API Security & Management
Company
About us Success Stories People Jobs Newsroom Cybersecurity Council Contact us
Become a Member
Insights
Customer Identity & Access Management
Decentralized Identity
Fraud Prevention
Identity & Access Management
Identity Governance and Administration
Passwordless Authentication
Privileged Access Management
Zero Trust
See all insights
Research
Leadership Compass
Whitepaper
Executive View
Advisory Note
Leadership Brief
Buyer's Compass
Rising Star
Blog
See all research
Videos
All latest videos
cyberevolution 2024
European Identity and Cloud Conference 2024
KuppingerCole Webinars
KuppingerCole Analyst Chat
See all videos
Advisory
Advisory Services Success stories
Advisory Services

KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.

See Advisory Services
Contact our advisors

E-mail info@kuppingercole.com

Meet our Advisors
Boehringer Ingelheim, a leading pharmaceutical company, sought to enhance its Identity and Access Management (IAM) capabilities in the digital age. We collaborated to develop a strategic IAM roadmap in just five months, aligning their IT infrastructure with their global leadership position.
View Case Study
Global chemical company revamped its Identity and Access Management with KuppingerCole's IAM strategy: guidance, assessment, roadmap. Enhanced security and efficiency.


View Case Study
Membership
About Professional Expert Corporate
Your gateway to Identity Security excellence

Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.

Learn More
Your Free 7-Day Trial: Power Up Your IAM & Cybersecurity Expertise

Get instant access to our complete research library.

Get Started for Free
Stay ahead of industry trends and make informed decisions

Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.

Learn More
Your Free 7-Day Trial: Power Up Your IAM & Cybersecurity Expertise

Get instant access to our complete research library.

Get Started for Free
Elevate your expertise and expand your professional network

Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.

Learn More
Your Free 7-Day Trial: Power Up Your IAM & Cybersecurity Expertise

Get instant access to our complete research library.

Get Started for Free
Empower your team with the knowledge and connections to drive change

Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.

Learn More
Your Free 7-Day Trial: Power Up Your IAM & Cybersecurity Expertise

Get instant access to our complete research library.

Get Started for Free
KC Open Select
Policy Based Access Management
Intelligent SIEM Platforms
Data Governance
Cloud-Native Application Protection Platforms
Zero Trust Network Access
Unified Endpoint Management
Attack Surface Management
API Security & Management
See all topics
Discover and compare cybersecurity solutions

Goodbye guesswork, hello confident decisions

Optimize your decision-making process with the most comprehensive and up-to-date market data available.

Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.

Configure your individual requirements to discover the ideal solution for your business.

Visit KC Open Select
Company
About us Success Stories People Newsroom Cybersecurity Council Contact us
Discover Our Passion for Advancing Identity and Security
We are specialized in the strategic management of digital identities, privileges, authentication, and access control as well as cybersecurity and business resilience.​
Read more about our philosophy
Analysts & Advisors

Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.

Business Team

Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.

Meet the Team
Cybersecurity Council
With the Cybersecurity Council, we bring together world-class information security professionals in leading positions from across many industries and schools of thought to exchange and discuss how to secure the rapidly growing cyber economy. The results of these fruitful discussions will flow into every of our services.
Learn more
Basic contact information
KuppingerCole Analysts AG
Wilhelmstr. 20-22
65185 Wiesbaden
Germany
info@kuppingercole.com
Linkedin Linkedin
Twitter Twitter
Facebook Facebook
YouTube YouTube
Instagram Instagram
Contact us
See all locations
All Research
Whitepaper

Why don't you like this?

I like this
I don't like this

Global Remote Access for the Modern Organization

Anne Bailey
Description
This KuppingerCole Whitepaper explores the challenges of managing third-party and remote access in today’s cloud-centric work environments. As organizations increasingly rely on external contractors, vendors, and other third parties, they face growing complexity in administering secure access to systems and resources. This paper emphasizes the need for robust access controls, highlights the limitations of traditional technologies like VPNs and VDIs, and discusses the advantages of fit-to-purpose solutions like ARCON’s Global Remote Access, which offers secure and flexible access to both internal and external users.
Short Summary

The future of work is heavily dependent on collaboration with external parties such as third-party contractors, vendors, and suppliers, as well as the flexibility to support a global internal workforce. As companies navigate this evolution, secure remote access management becomes paramount to maintaining productivity and protecting corporate assets. The traditional technologies like VPNs and VDIs are increasingly inadequate in addressing the security needs of modern hybrid and cloud-based environments. These tools are vulnerable to inefficiencies, performance issues, and heightened cyber risks, necessitating the adoption of fit-to-purpose solutions. Technologies such as secure web gateways offer better control over data protection, authentication, and advanced web filtering, addressing the complexities of a distributed workforce. ARCON Global Remote Access is specifically designed to provide secure and flexible remote access to organizational resources, integrating advanced security features like role-based access control, real-time monitoring, and comprehensive audits. As remote work solidifies its place in business operations, organizations must invest in robust, scalable remote access frameworks that meet the dynamic demands of today's digital work environments.

Interesting Facts
  • Traditional VPNs can create potential bottlenecks by routing remote traffic through a central location.
  • VPNs often grant full network access, posing significant security risks.
  • The rise of remote work due to the COVID-19 pandemic fundamentally changed access management.
  • Modern web gateways offer features like data loss prevention and malware protection.
  • ARCON GRA integrates with Active Directory and provides end-to-end secure privileged sessions.
  • Secure web gateways reduce operational friction compared to legacy access technologies.
  • GRA offers a flexible platform accommodating different levels of user access.
  • Real-time scanning and enforcement help protect against cyber threats.
  • ARCON GRA employs secure gateways to ensure encrypted data transmission.
  • Advanced monitoring solutions are required to maintain security in a geographically distributed workforce.
Notable Quotes
  • "The future of work requires collaboration with third-party contractors, vendors, suppliers, and other external personnel."
  • "Traditional technologies like VPNs and VDIs are increasingly unsuited to modern hybrid and cloud environments."
  • "Secure web gateways streamline the remote access process, making it more efficient for dispersed workforces."
  • "Organizations must take a modern approach that accounts for the diverse needs of external users."
  • "VPN appliances sometimes grant users full, uncontrolled access to entire local area networks."
  • "As remote work becomes a permanent fixture, fit-to-purpose remote access solutions are essential."
  • "The principle of least privilege and segregation of duties are also standard best practices."
  • "Organizations should seek unified solutions to maintain a consistent security posture."
  • "Secure web gateways support secure third-party access with role-based access control."
  • "The rise of remote work fundamentally altered the access management landscape.
Recommendations
  • Adopt fit-to-purpose remote access solutions tailored to specific organizational needs.
  • Leverage unified, secure access points for external and remote users.
  • Use secure web gateways for enhanced control and security in remote access.
  • Assign roles and access rights based on user responsibilities to minimize security risks.
  • Regularly review and update user access permissions in line with business changes.
  • Ensure compliance and control through robust security measures.
  • Reduce reliance on outdated, resource-heavy technologies.
  • Implement role-based access control to limit unauthorized access.
  • Secure access links and prevent unauthorized sharing through controlled mechanisms.
  • Use dynamic dashboards for real-time visibility and monitoring.
Takeaways
  • The importance of secure remote and third-party access is growing in modern work environments.
  • Traditional remote access technologies are inadequate for new cloud and hybrid work setups.
  • Secure web gateways offer a modern, efficient approach to remote access.
  • ARCON GRA provides flexible, secure access solutions using advanced technologies.
  • Organizations need to adopt dynamic and scalable remote access solutions for distributed workforces.
Description
Short Summary
Interesting Facts
Notable Quotes
Recommendations
Takeaways

1 Introduction / Executive Summary

The future of work requires collaboration with third parties, evidenced by the increasing reliance on third-party contractors, vendors, suppliers, and other external personnel to support key operations, often from remote locations. This comes in addition to the already strong presence of internal employees who work from anywhere. This shift brings both opportunities and challenges, particularly when it comes to ensuring secure access to sensitive data and critical IT infrastructure. To maintain productivity and collaboration while safeguarding corporate assets, businesses must take a modern approach to remote access management that accounts for the diverse needs of external users and the complex environments in which they operate.

The future of work requires collaboration with third parties, and flexibility to support the internal workforce that is spread across the world. To maintain productivity and collaboration while safeguarding corporate assets, business must take a modern approach to remote and third-party access management that accounts for the diverse needs of those users.

The increased reliance on cloud-based infrastructure and hybrid working models has rendered traditional remote access technologies like Virtual Private Networks (VPNs) and Virtual Desktop Infrastructures (VDIs) less effective. These tools were not designed to accommodate the security requirements and complexity of modern cloud-based and globally distributed organizations. These tools, traditionally used to address remote access, are becoming more and more unsuited to handle the current needs.

Fit-to-purpose solutions like ARCON’s Global Remote Access (GRA) utilize technology like secure web gateways that offer a robust set of security features, such as user authentication and authorization, data loss prevention (DLP), and advanced web filtering. The use cases to support internal administrative tasks for remote workers as well as facilitate third-party remote access demonstrates the flexible and secure means of supporting modern organizations manage their varied workforce.

2 Highlights

  • The future of work increasingly depends on collaboration with external parties and enabling work from anywhere, making secure third-party and remote access crucial for organizations.

  • Robust security measures are needed to ensure secure access for third-party workers, wherever they are located while keeping appropriate safeguards in place.

  • Traditional technologies like VPNs and VDIs are increasingly inadequate for modern hybrid and cloud environments due to operational inefficiencies, performance issues, and increased vulnerability to cyber threats.

  • Modern remote access solutions such as secure web gateways are lighter than more traditional technology, offering better control and security features such as user authentication, data loss prevention, and advanced web filtering.

  • ARCON Global Remote Access (GRA) provides secure remote administrative access and third-party access to machines, systems, and resources.

  • Organizations should adopt fit-to-purpose remote access solutions to handle the complexities of modern, distributed workforces.

3 Third-Party and Remote Access Management

The future of work requires collaboration with third-party contractors, vendors, suppliers, and other external personnel. Access management systems must be intentionally designed to accommodate all identities and enable work by anyone, from anywhere.

Organizations today increasingly rely on third-party contractors, vendors, suppliers, and other external personnel who contribute critical functions without being directly employed by the organization. This growing ecosystem of external stakeholders introduces new complexities in managing access to sensitive systems and data. As businesses aim to collaborate effectively with these third-party workers, they must implement robust access controls that ensure security without hindering productivity. The diverse roles and responsibilities of these external users mean that organizations must tailor their access management strategies to account for varying levels of system interaction, data sensitivity, and compliance requirements.

The organization must come to terms with the fact that everyone and everything has an identity. KuppingerCole’s Identity Fabric, depicted below, highlights this phenomenon with the identity types listed in the far-left column; consumers, customers, partners, the workforce, services, devices, and things all must have identities that interact with digital services, applications, platforms, infrastructure, backend services, and legacy IT as seen in the far-right column. These identities of everyone and everything, to everywhere must be managed in a cohesive IAM strategy, depicted by the capabilities, services, and tools in the center of the Identity Fabric.

The KuppingerCole Identity Fabric

Figure 1: The KuppingerCole Identity Fabric

This is a staggering amount of complexity that must be managed securely, but allow the flexibility for each of the personas, including third-party workers, to have the adequate access to work and do business.

To maintain operational efficiency, third-party workers must be granted secure access from the appropriate location, wherever that may be. However, this access must be meticulously controlled to prevent unauthorized activities and minimize the risk of data breaches. Appropriate security measures are crucial to striking a balance between security and efficiency. As external users often work from locations outside of the organization’s primary networks, the controls must be flexible enough to accommodate remote access while maintaining a high standard of security. This requires advanced solutions that monitor and enforce access policies in real time, ensuring compliance without creating bottlenecks.

The rise of remote work, accelerated by the COVID-19 pandemic in 2020 and 2021, has fundamentally altered the access management landscape. A large portion of the workforce remains remote, and this shift is unlikely to be reversed. For organizations operating across multiple geographies, managing privileged access becomes even more challenging, as time zone and geolocation can obscure malicious activities. Traditional methods of monitoring access may fail to detect suspicious behavior in such a distributed workforce. Therefore, organizations must invest in solutions that can accommodate the administrative needs despite varied locations, time zones, and work patterns, to ensure workers are enabled but appropriate security is enforced.

4 Familiar Technologies Do Not Meet Organizational Needs

Familiar technologies like VPNs and VDIs that have been used to address remote and third-party access are not adequate for modern organizational requirements.

Traditional solutions like Virtual Private Networks (VPNs) and Virtual Desktop Infrastructures (VDIs) have long been the backbone of secure remote access. However, these technologies are increasingly showing their limitations in today's cloud-centric environment.

VPNs are a typical example of technology that was never designed for the purposes it is often used for. Besides creating potential bottlenecks by forcing companies to backhaul remote user’ traffic to a central location and thus negatively affecting performance and productivity, VPN appliances sometimes grant those users full, uncontrolled access to entire local area networks (LANs). Traditional network segmentation does apply some limitations to VPN access, but not the level of detail or control that is needed for appropriate security. This dramatically expands the attack surface of corporate networks, provides easy lateral movement for potential attackers, and enables uncontrolled access to internal resources with implicit trust. To make up for this, VPNs then often require intricate configuration of access control lists (ACLs) and authentication mechanisms to ensure secure connectivity, making them cumbersome to manage. They are also highly vulnerable to credential compromise, where stolen or weak passwords can grant unauthorized users access to the network.

VDIs, while providing centralized control, suffer from performance issues, especially when dealing with large, distributed workforces accessing resource-heavy applications. Additionally, both VPNs and VDIs struggle to keep pace with the dynamic scalability and elasticity that modern cloud environments demand, further exposing operational inefficiencies.

As organizations migrate to cloud-based and hybrid infrastructures, their legacy solutions fall short in addressing the complexities and speed of these environments. Traditional tools were not designed for the distributed, multi-cloud setups that have become the norm, and they are ill-suited for handling the vast array of endpoints, devices, and applications that make up today’s digital ecosystems. This results in significant management overhead and higher operational risk. The sheer volume of users and devices interacting with cloud resources makes it difficult for VPNs and VDIs to effectively enforce consistent security policies, leading to fragmented oversight and increased vulnerability to cyber threats. Moreover, these legacy technologies often lack the advanced capabilities required to monitor real-time user behavior, detect anomalies, and respond quickly to evolving threats, particularly in fast-paced, cloud-first environments.

To meet the needs of a modern, distributed workforce, organizations require solutions that are purpose-built for cloud and hybrid environments. These solutions must go beyond the static, perimeter-based security model of VPNs and VDIs, offering dynamic, identity-driven access controls that can adapt to a wide variety of user scenarios and device configurations.

5 Modern Remote Access

Secure web gateways are lighter than traditional technologies, provide more controls, and enable more secure remote access.

Modern remote access solutions have evolved to address the limitations of traditional technologies. Secure web gateways (SWGs) are a leading technology method to enable secure remote access. Secure web gateways are designed to provide more comprehensive control over remote access while being lighter and more agile than their legacy counterparts.

Unlike VPNs and VDIs, which are often complex to configure and manage, secure web gateways streamline the remote access process, making it more efficient for organizations with dispersed workforces. These gateways act as an intermediary between users and the network, allowing secure access to corporate resources without the overhead of maintaining a full virtual desktop environment or tunnel-based network access. By handling access through a secure gateway, fast, controlled access to cloud applications and services while reducing operational friction and enhancing performance is possible.

In addition to streamlining access, secure web gateways offer a robust set of security features, such as user authentication and authorization, data loss prevention (DLP), and advanced web filtering. These features ensure that users can access the information they need while adhering to security policies and preventing the exfiltration of sensitive data. Secure web gateways also integrate malware protection, application control, and network traffic monitoring, which together provide a multi-layered defense against cyber threats. Through real-time scanning and enforcement, these gateways help protect organizations from malicious content, inappropriate web usage, and potential attacks. Compliance and reporting capabilities built into secure web gateways also allow organizations to maintain visibility and control over remote access, ensuring that regulatory requirements are met and potential risks are flagged in a timely manner.

As organizations continue to expand their remote and hybrid workforces, secure web gateways should be considered to build a robust remote access framework. By incorporating secure web gateways, organizations can reduce their reliance on outdated, resource-heavy technologies and better support remote productivity and security posture.

6 ARCON Global Remote Access

ARCON Global Remote Access is a fit-to-purpose solution for global, modern organizations, Using secure web gateways, it is able to serve both internal and external work forces distributed across different locations.

ARCON is a global technology company specializing in risk control solutions. Founded in 2006, ARCON is headquartered in Houston, Texas in the US, with offices, support, and development centers around the world. Global Remote Access (GRA) is one solution in a suite of offerings spanning privileged access management (PAM), endpoint privilege management (EPM), converged identity, and automation of governance, risk, and compliance (GRC). GRA is tailored to address the growing needs of remote administrative access in today’s hybrid IT environments.

The ARCON GRA solution is designed for IT administrators and users who require secure, remote access to the organization's IT infrastructure. Whether users need full remote access or view-only privileges, GRA provides a flexible and secure platform that accommodates various levels of access, ensuring that administrative functions can be performed remotely without compromising security.

The solution’s key features include an integrated ticketing flow for managing access requests, end-to-end secure privileged sessions, comprehensive audits and reporting capabilities, a dynamic dashboard for real-time visibility, and seamless integration with Active Directory. Additionally, GRA employs role-based access control (RBAC) to ensure that users have appropriate access to only the resources and applications necessary for their roles, reducing the risk of unauthorized access or privilege misuse.

Central to GRA’s security model are secure web gateways, which act as the single point of access to an organization's devices and infrastructure. Secure gateways create an encrypted tunnel from the end-user's device to the targeted IT assets, ensuring that all data transmission is protected from potential interception or manipulation.

Secure web gateways support secure third-party access by providing the external user with a platform that, using RBAC, limits access to only the applications and resources that they have been granted permission to use. The fine-grained access control enables the external and remote workers to access the resources needed and nothing more, as VPNs and VDIs can do.

To onboard an external user, a designated person from the internal organization sends an invitation to the external user from an approved external vendor to register themselves via email. Registration is supported with user vetting to give a highly controlled external user onboarding process. After the registration process, the external user comes to the organization via GRA already authenticated. There are multiple authentication options for external users, including geolocation controls.

There are additional security controls that ensure that sensitive resources cannot be accessed through insecure channels. The secure web gateway’s tunneling mechanism prevents the user from generating and sharing access links to unauthorized users, and even prevents access from alternative browsers. While these measures prevent unauthorized sharing and access to resources, the user can still collaborate with internal team members as well as with other approved externals.

Overall, ARCON Global Remote Access equips organizations with the tools to securely give access to remote and external users and to support administrative tasks for those remote users. With its more modern architecture, geographically-spread organizations can control access to resources with a made-to-purpose solution.

7 Recommendations

As remote work becomes a permanent fixture in modern business operations, organizations must adopt fit-to-purpose remote access solutions that are tailored to their specific needs. The approach of traditional access tools, such as VPNs, is no longer sufficient to meet the demands of today’s workforce. Businesses must implement flexible, scalable remote access solutions that not only provide secure connections but also accommodate the diverse range of devices, users, and access requirements present in modern work environments.

Take steps to adopt a unified, secure access point for external and remote users. This approach allows organizations to consolidate access management, simplifying the process for employees and IT teams alike. Secure web gateways and similar technologies will become central to this strategy, offering a single, encrypted access point for all users—whether they are working remotely, in the office, or leveraging a Bring Your Own Device (BYOD) model. These unified solutions enable businesses to maintain a consistent security posture across all user access points while reducing the need for costly hardware investments.

Don’t ignore the basics of assigning appropriate roles and access rights to users and groups, as well as following the principle of least privilege and segregation of duties. To minimize security risks, organizations must ensure that users are assigned roles or grouped based on their specific responsibilities, with corresponding access rights that reflect their level of need. This not only limits exposure to sensitive systems but also reduces the risk of insider threats or accidental data breaches. The principle of least privilege and segregation of duties are also standard best practice. Regularly reviewing and updating these roles is equally important, especially as the organization grows and changes. By auditing access rights and adjusting permissions in line with evolving business needs, companies can maintain an agile and secure access management framework that continues to protect against emerging threats.

Overall, organizations should seek fit-to-purpose remote access solutions, utilize secure access points for external and remote users such as secure web gateways, and applying the best practices on limiting access rights to the non-typical employees like external workers and those who need remote access.

8 Related Research

Leadership Compass: Privileged Access Management

Leadership Compass: Cloud Infrastructure Entitlement Management (CIEM)

Whitepaper: Cloud Access Governance

Whitepaper: IAM Convergence: Integrated Perspective Beyond Just IAM

Executive View: ARCON Security Compliance Management

Executive View: ARCON drut. Robotics GRC and Process Automation Platform

Executive View: ARCON Endpoint Privilege Management

Executive View: ARCON PAM SaaS

Webinar: IAM meets ITDR: A Recipe for Robust Cybersecurity Posture

9 Copyright

© 2025 KuppingerCole Analysts AG. All rights reserved. Reproducing or distributing this publication in any form is prohibited without prior written permission. The conclusions, recommendations, and predictions in this document reflect KuppingerCole's initial views. As we gather more information and conduct deeper analysis, the positions presented here may undergo refinements or significant changes. KuppingerCole disclaims all warranties regarding the completeness, accuracy, and adequacy of this information. Although KuppingerCole research documents may discuss legal issues related to information security and technology, we do not provide legal services or advice, and our publications should not be used as such. KuppingerCole assumes no liability for errors or inadequacies in the information contained in this document. Any expressed opinion may change without notice. All product and company names are trademarks™ or registered® trademarks of their respective holders. Their use does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts supports IT professionals with exceptional expertise to define IT strategies and make relevant decisions. As a leading analyst firm, KuppingerCole offers firsthand, vendor-neutral information. Our services enable you to make decisions crucial to your business with confidence and security.

Founded in 2004, KuppingerCole is a global, independent analyst organization headquartered in Europe. We specialize in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity, Digital Identity & IAM (Identity and Access Management), Cloud Risk and Security, and Artificial Intelligence, as well as technologies enabling Digital Transformation. We assist companies, corporate users, integrators, and software manufacturers to address both tactical and strategic challenges by making better decisions for their business success. Balancing immediate implementation with long-term viability is central to our philosophy.

For further information, please contact clients@kuppingercole.com.