GoodAccess

Overview

GoodAccess is a cybersecurity provider that enables IT teams to secure remote access to digital resources in the cloud and on-prem. GoodAccess’ cloud-based platform establishes a secure, software-defined perimeter around network resources and enables admins to implement identity-based access controls and network segmentation. This ensures only legitimate, authorized users can access company systems and applications.

GoodAccess is delivered as-a-Service. It requires a software application to be installed on all users’ endpoints; once installed, users can quickly and seamlessly connect to the corporate network from anywhere. This application is available for Windows, MacOS, iOS, Android, and Chrome OS devices; Linux devices must be connected manually via a script. Admins can manage the platform—including onboarding and offboarding users, creating individual and role-based access policies, and viewing user access logs—via an intuitive, central web management portal.

Key Features

Zero Trust Network Access

GoodAccess creates a software-defined perimeter around digital corporate resources with a dedicated VPN gateway for each organization they serve. They have over 35 gateway locations globally; admins simply tell GoodAccess where they’d like their gateway to be located, and GoodAccess creates it for them. Each gateway has a static IP address that can be used for IP whitelisting (restricting access to certain IP addresses). All user connections to the organization’s cloud or on-prem environments are routed through IPSec tunnels, which encrypt and authenticate each user’s traffic. The platform also offers split tunnelling, which can be useful for organizations that want to save bandwidth or whose users need to access foreign and local networks at the same time.

Granular Access Policies

From the management console, admins can define granular, identity-based access policies that enforce network segmentation in line with the principles of zero trust and least privilege. By default, users can access all the systems defined by admins in the main dashboard. However, admins can define access controls for individual users and user groups, which ensure that users can only access specific systems, rather than the whole network. This means that, should an attacker manage to compromise a user’s account or device, they would only be able to access a limited number of systems. This also gives admins greater visibility into which users are accessing which systems.

By default, the platform deploys with GoodAccess Identity (using GoodAccess MFA), but admins can also set up MFA and SSO via Google Workspace, Azure Active Directory, Okta, or universal SSO.

Threat Prevention

GoodAccess offers DNS filtering and web protection via the platform’s “Threat Blocker” feature.

Threat Blocker automatically detects and blocks malicious domains, such as malware and phishing sites, based on GoodAccess’ threat intelligence feeds. Once a user connects through a cloud gateway with their organization’s DNS server, public DNS server, or custom DNS server, Threat Blocker monitors their browsing activity and blocks any known malicious websites or content. It then logs which harmful websites or content have been blocked and which users have tried to access them.

Admins can also add their own deny-list of sites that they don’t want their users to visit.

Threat Blocker is a relatively simple DNS filter. It doesn’t enable admins to filter by category (e.g., allowing access to news sites but not gambling sites), but it does provide a robust layer of protection against known web threats and enables admins to deny access to specific websites.

The platform also carries out a device health check that ensures antivirus software is enabled and working on each user endpoint. GoodAccess plans to develop this further in the next few years, so that if someone wants to connect a new device to the perimeter, GoodAccess will run antivirus checks on the device to ensure it can’t pass any threats across the network.

Logging And Auditing

From the management console, admins can view access logs that provide granular contextual information about each connection established via GoodAccess. The platform offers Gateway-level logs, which show information on network connections, and system-level logs, which show information on which systems users are accessing. This information is useful for forensic investigation of security incidents, and for proving compliance with data privacy and protection standards.

It's important to note that, while GoodAccess logs what time a user accesses a system, it doesn’t currently show admins what time their session within that system ended or the total session duration. However, this functionality is in the product roadmap. The platform’s activity reports are easy to access and easy to read. GoodAccess retains activity logs for 90 days, and admins can export them as .csv files when needed.

Ease Of Use

GoodAccess is very easy to deploy—from the management console, admins can send an email to all “team members” (end users), who then receive instructions on how to install the client application and connect to the perimeter. The client app is compatible with Windows, MacOS, iOS, Android, and Chrome OS. Linux devices must be connected manually with a script, which may be a bit tricky for non-technical users.

Overall, the management dashboard is very intuitive. Adding new users and systems, creating access policies, and viewing other info such as device health and blocked DNS addresses are straightforward processes, and the platform’s activity logs are accessible and easy to navigate. The dashboard also supports multi-tenancy, which makes it suitable for MSPs and multi-site organizations.

GoodAccess offers a variety of technical support options. Their support portal, which offers tutorials and “how-to” guides, is available to all of their customers. Customers on the Essential and Premium plans can also access chat and email support and deployment assistance; customers on the Enterprise plan receive additional 24/7 phone support and a dedicated account manager. Their support teams are based in the Czech Republic and the Philippines.

Pricing And Plans

GoodAccess is available via four packages:

• Starter (free for up to 100 users) offers secure internet access and online threat protection for SMBs

• Essential ($7/user/month +$39/month per dedicated gateway) offers a dedicated cloud VPN with static IP whitelisting

• Premium ($11/user/month +$39/month per dedicated gateway) offers a dedicated VPN with zero trust network access (ZTNA) controls for multi-site and cloud organizations

• Enterprise (bespoke pricing for min. 50 users) offers a VPN and ZTNA controls with enterprise-level networking features and premium support for larger organizations

Note that this pricing reflects a 20% discount offered by GoodAccess on annually billed subscriptions.

Final Verdict

GoodAccess is an effective, user-friendly remote access solution that enables IT teams to easily provision secure, remote access to on-premises and cloud resources. The platform offers a range of security features, including encryption, MFA, SSO, and DNS filtering—without compromising on usability or the end user experience.

In addition to its robust cloud VPN gateway, the platform offers granular access controls and detail user access logging at both the gateway and system level. This makes it suitable for organizations in highly regulated industries that need to prove compliance with data protection requirements.

The platform does have some maturing to do in terms of the depth of its additional security features, but GoodAccess already has plans to enhance its web gateway and device check features in the next few years, adding functionality such as proxy filtering and antivirus scanning.

Overall, we recommend that any SMB or mid-market organization looking for a secure remote access solution with zero trust access controls consider adding GoodAccess to their shortlist.