1. Products
  2. Network Security
  3. CloudGen Access
  4. Use Cases
  5. Internal Apps and Data

Barracuda CloudGen Access

Enable Zero Trust Access to all your apps and data from any device and location.

Secure Access to Internal Apps and Data

VPNs don’t work in the modern enterprise ecosystem. Distributed users, servers, and devices create challenges that VPNs were not meant to solve. Exposed networks, unmonitored user identities, unknown device security status, and complex switching between VPNs are just the tip of the iceberg. No company can accept the level of risk inherent in VPNs. CloudGen Access is the modern VPN replacement. Secure access and empower employees.

Trust BYOD.

Validate that devices outside the perimeter trying to access your infrastructure are authorized to do so. Ensure that devices meet your baseline security and compliance requirements before granting access. All in real time.

CloudGen Access

  • Native support for trusted devices

  • Generates and stores device certificate on hardware keystore

  • Sends a CSR to Management Console to register device and establish trust

  • Validates every access request against current security and compliance policy

  • Deploys conditional and contextual trust

  • Certificate management is built-in for both device and infrastructure components


  • No native support for trusted devices

  • Relies only on user credentials for infrastructure access

  • Depends on 3rd-party tools like MDM to establish a native version of trusted devices

  • Requires enrollment to corporate MDM to determine trusted devices

  • Static trust architecture

  • Certificate management is difficult and requires 3rd-party tools

Grant resource access, not network access

Know who has access to your network and resources at all times. CloudGen Access segments apps and VMs based on user roles to limit exposure. Delight corporate users with hassle-free access to multiple VPN sites from a single profile.

CloudGen Access

  • Access resources not the entire network. Direct trusted users to the information they need, whether in a VPC, data center or on-premises without increasing risk

  • Connect to multiple infrastructure sites without switching access profiles

  • Confirm or deny access based on user role and device attributes: RBAC+ABAC. Example: User A in Group B with Device C that complies with policy D can access resource


  • VPN clients can act as patient zero on your network, increasing the potential attack surface exponentially. A compromised VPN client, residing on a VLAN with complete network access, can launch attacks on other clients on the same VLAN, ultimately exposing every routable VM/workload

  • Requires user to switch between VPN configurations to access multi-site environments

  • Implements network segmentation, a painful and error-prone approach that requires 3rd party or custom tools. Limits ability to access dynamic, modern resources like Kubernetes workloads

Evaluate retrospective and prospective device security

Be confident that no compromised devices are on your network.

CloudGen Access

  • Continuously monitors device and logs network metadata at the device level (network DVR)

  • Enforces policy that requires searching for a comprehensive IOC (indicators of compromise) list in network history before granting access

  • Detects if the device has ever exchanged information with a phishing site: e.g. mycompany.oktaa.com

  • Detects if the device has ever generated APT x C&C traffic


  • Lacks visibility into device security status before starting active VPN session

  • Cannot integrate with a local security agent as part of an access policy

  • Provides only single point in time access to device security state. Any change to the device security state is not reflected in the active session.

Ensure role and attribute-based access control

Guarantee access to the right resources. Anywhere. Anytime.

Global, remote, nomadic work is here. Let an EU resource traveling in the US access EU resources. Make sure an employee at home in China can get work done.

Role-based access alone cannot support new regulatory compliance requirements. CloudGen Access adds a new layer of attribute-based access control to ensure access for traveling or remote-working employees and partners.

CloudGen Access

  • Role-based access control enhanced with attribute-based access control

  • Rich attribute support

  • Permissions: verify user/resource
  • Device: type, model, OS, end-of-life
  • Jailbreak
  • Authentication: configured touch/face ID & passcode
  • Wi-Fi SSID and location


  • Role-based access control (RBAC) only. Access tokens can be permanent or long-lived, creating additional risk as VPNs do not natively support re-auths and step-up auths

  • Minimal contextual, actionable information about location, network, and device

Enable continuous connectivity

High quality, high fidelity mobile access. CloudGen Access enhances connectivity quality with a built-in defense and local proxy on a device.

CloudGen Access

  • Built-in defense for intermittent connectivity

  • Consistent session stability unaffected by change in source IP

  • Local proxy on device side and access proxy on infrastructure side can maintain session during dropped connections


  • Sustained disconnects force application layer timeouts

  • Frustrating, painful experience for users, especially mobile workers such as utility field workers, insurance adjusters, law enforcement

  • Time wasted on repetitive VPN reconnects and app reloads, costing organization valuable employee productivity

Defend against Internet-borne threats.

Web-based attacks such as credential theft, phishing, drive-by downloads, and malvertising are the largest cybersecurity challenges facing corporations today.

CloudGen Access protects resources from these threats and delivers real-time alerts.

CloudGen Access

  • Intercepts and blocks Internet-borne threats on the device with patent-pending technology

  • Preserves corporate network bandwidth and speed

  • Eliminates latency that can negatively impact user experience

  • Protects employee privacy, increasing adoption

  • Evaluates security state and posture of trusted devices in real-time. First-of-its-kind continuously updated content-filtering to identify new threats


  • Requires integration with a costly point solution like Bluecoat, Websense, or Zscaler, to address threats in real-time

  • Lacks capability to provide protection from Internet-borne threats due to split-tunnel configuration

  • Adds significant congestion to corporate network; degrades bandwidth utilization

  • Creates significant latency for users and increases battery consumption

  • Generates employee privacy concerns that may slow adoption

Empower users to improve device security posture.

Network Access Control works to secure corporate wired and wireless networks within the organizational perimeter. Today’s enterprises must secure roaming devices and laptops from coffee shops to hotels to co-working spaces.

CloudGen Access has built-in remediation engine lets users fix access issues and increases awareness of device security.

CloudGen Access

  • Delivers a built-in policy remediation agent that operates directly on the edge

  • Works everywhere, on the corporate network or on the go

  • Provides autonomy to users to solve their own access issues. CloudGen Access offers a step-by-step guide to fix issues and regain access. For example: If access is denied to Gitlab due to FileVault being disabled, CloudGen Access will share the steps to enable disk encryption


  • Requires additional point solution to offer any form of NAC functionality

Get started with Barracuda CloudGen Access

Schedule a CloudGen Access demo

When is a good time for us to call? We will do a brief needs assessment and arrange for the CloudGen Access demo that best meets those needs.

Do you need immediate assistance?  Chat now or call us at +1 844 211 4591.