- 5 minutes to read
- 5 minutes to read
The Domum module is a Remote Privileged Access solution that offers the possibility for external hosts to gain access to an organization's internal resources, as well as providing a more secure home office environment for all of the organization's devices, controlling access by third parties and customers.
Without this kind of control and monitoring, one of the potential risks that organizations are vulnerable to is unauthorized access to enterprise resources, as a compromised server, for example, could be used to intercept communications and be a point of attack for other hosts within the organization.
Domum provides security for external access for the organization and an easy and fast procedure to grant external access to third-party users and employees through a VPN-Less solution. So, is not needed setting up networks and VPNs for each user that needs to access the secure network from an external network.
Domum can assist an organization in the following scenarios:
- User origin management
- Definition of remote access policies separate from other PAM users
- Secure authentication with a dedicated link and token requirement
- Visibility of remote activities
- IT (Just In Time) accesses for third parties
- Flexibility and possibility to expand operations around the world with governance through geolocation
Domum provides secure access to Web sessions coming from third-party desktops, which in turn will connect to the senhasegura gateway through the HTTPS protocol without the need for a VPN, which will then secure and provide access to the organization's internal resources.
The Domum module allows you to create your own Privileged Remote Access rules and execute and monitor them according to the needs of your respective operations.
The figure below shows how different organizations can use the Host senhasegura to reach their institutional senhasegura instances without any conflict between the gateways.
Domum Gateway regions
Domum uses the Google Cloud Platform (GCP) structure and to best perform during the access, senhasegura Domum Gateway instances are provisioned in the nearest region from you.
The available current regions are:
- Frankfurt, Germany
- Sydney, Australia
- São Paulo, Brazil
This section brings together the concepts presented in the previous sections and exemplifies how they can be adopted by the organization as needed for its policy and operations. The section refers to operating models to help the organization determine what types of external access approaches can be implemented. The approaches are as follows:
- Third-party users: With the organizational network being such a critical asset, it is not ideal to grant external users access to it when their activities are restricted to only using the senhasegura. Even using methods such as VPN is still difficult to control and restrict access to just a few applications.
- VPN-Less and Principle of Least Privilege: this type of user can have his access restricted to the Domum platform only, without ever having to be registered with senhasegura , receiving a link dedicated to his user for access to the platform. He will be able to visualize passwords and carry out remote access to the credentials assigned to him while working from home, from his own company's space, or even from the organization where he provides his service, in an isolated manner from the network where the senhasegura is operating, using an access profile of an external user and minimal privileges.
- External Access Policy: the organization must configure which assets the user must access and how this access can be carried out, respecting the days and times determined in the policy.
- Geo-location Blocking: Using the policy, the organization can determine from which locations the request for access to Domum will be considered a secure request. For example, the access permission can be restricted only to the regions of the partner company where the third-party user works and the organization where the user is providing the service. If the access to Domum comes from a region that is not authorized by the external access policy settings, the access will be blocked, regardless of whether the user has access permission or not.
- Employees: this type of user may need access to the senhasegura to perform his activities when he is in a working model that allows him to be outside his organization's premises, such as in his home environment or on a business trip. Users whose access to senhasegura is sufficient to perform their activities can be instructed to access the system through Domum when they are not in the organizational environment, to save VPN resources, as well as restrict access only to the solution they need to use, senhasegura. In this way, the organization guarantees total access to your system through a safe and secure path, with a dedicated link that only that user can authenticate.
- External Access Policy: For employees of the organization that are performing their activities in an external network, the access group policies already applied in the PAM Core module are used during the access to the platform, ensuring that the policy already defined continues to be respected even in external access, i.e., when the user accesses the senhasegura through Domum the permissions and access group rules applied to his user remain the same.
- Geo-location Blocking: Using the policy, the organization can determine from which locations the request to use the Domum link will be considered a secure request. For example, the organization can determine that only the region where the employee lives or will travel for business is allowed regions. If the user comes from a region not authorized by the external access policy settings, the use of Domum will be blocked, regardless of whether this user has a registered user in the application and authentic permission.
Check below the main advantages for the main types of users:
- Only one gateway to configure access to the senhasegura, instead of multiple VPN configurations for each remote user
- Central monitoring of external access logs performed by third-party users and employees
- Dashboard to assist a vendor KPI Analysis
- Segregation of access management for third-party users and employees
- Management of all allowed accesses for remote users
- Real-time monitoring of all sessions in use
- Video recording of the session
- User behavior
- Restrictions by location
- No need to configure VPN (VPN-Less)
- No Agent installation is required (agentless)
- No password is required. Use of dedicated token.
- Works from anywhere as long as it is allowed by the administrator
- Proxy Session through Web Browsers
- Unique desktop screen with all necessary information
- Dashboard with an overview of all the accesses made to Domum and the activities performed through it
- Dashboards by Vendor, specific Third Party User, Employee Group, and specific Employee.
- Third-party user and employee access logs to determine if permissions and credentials have been granted as determined in the external access policy
- Remote sessions held through Domum recorded and with the possibility of downloading the video file for auditing.