Duke Ellington and Cloud Network Access Control

February 25, 2016 |
AppGate XDP Logo

To misquote Duke Ellington, “the cloud is the place, man.” In January, we saw Microsoft announce that its cloud business unit brought in $6.3 billion in sales in its most recent quarter. At the same time, AWS generated $2.4 billion in net sales during the holiday quarter and for 2015 as a whole, generated $7.9 billion in sales. That’s great news for cloud providers and for companies as they reap the agility and cost savings rewards of private, public and hybrid cloud environments.

However, applying network access controls for the cloud is causing IT and Security teams some serious heartburn as they attempt to apply traditional tools in a non-traditional setting. According to a recent survey, 60% of security professionals acknowledged that their teams can’t keep up with the pace of cloud automation, self-service and DevOps changes.

Ultimately, traditional network security tools like VPNS, firewalls and NACs are unsuitable for today’s dynamic, cloud environments – they’re labor-intensive to manage, and provide all-or nothing access, giving authenticated users overly broad network access, and allowing wide-reaching breaches.

Now, consider that enterprises typically use six different cloud computing services. How can IT and Security teams provide secure network access controls across that many different destinations? How many firewall rules need to be written, administered and maintained? How can companies provide audit and log information for regulatory and compliance requirements that shows who connected to what and when? This is a real problem that needs solving.

Introducing AppGate XDP version 2.0: Agility with Simplicity

Today, Cryptzone addresses these issues with the launch of AppGate XDP, a dynamic, secure access control platform. AppGate XDP dramatically reduces the attack surface for all users across applications and data hosted both on-premises and in the cloud.

AppGate XDP simplifies the user access problem and eliminates over-entitled network access, drawing on user context to dynamically create a secure, encrypted network ‘segment of one’ that’s tailored for each user session. It automatically controls each user’s network access at a fine-grained level, ensuring that users can only access authorized resources. With AppGate XDP, all unauthorized network resources are invisible, completely preventing malicious users or attackers from exploiting weaknesses in unauthorized applications.

And because AppGate XDP automatically adjusts access decisions based on policy and user context, the business obtains the agility it needs without overloading IT and Security teams.

Individualize Network Access to Only the Resources Each User is Authorized to Use. Learn How. Get the white paper.

Increased scalability, reliability and high availability

With AppGate XDP 2.0 we’re increasing scalability, reliability, and high availability, allowing enterprises to achieve the best of both worlds – fine-grained access control per user, and incredible performance and reliability. Here’s how:

  • True enterprise, linear scalability – As a company’s user population, cloud usage or scope grows, IT and Security teams can easily scale out by deploying additional AppGate XDP gateways. With our patent-pending technology, user devices will automatically load-balance across the collection of Gateways, and in the event of a failure automatically reconnect without losing state.
  • Amazon EC2 resources – AppGate XDP adds new capabilities for supporting fine-grained, adaptive access control to Amazon EC2 resources. By automatically detecting new server instances, and intelligently combining EC2 tags and security groups with user context, AppGate XDP will automatically adjust user access to these new instances. This frees up IT from having to manually grant or revoke access for each change, and avoids the security risk of granting complete network access to all users, which is often the default.

There is plenty more to AppGate XDP. Learn more by joining the Cryptzone webcast on March 8, where we explain how to simply and effectively solve Infrastructure as a Service (IaaS) access challenges. You can also visit Cryptzone next week at RSA Conference 2016, booth S339, or visit our website to view our new AppGate video explainer. Finally, if you’ve never listened to the amazing Duke Ellington song “Villes Ville Is The Place, Man”, it’s well worth the time (and almost as good as the AppGate video explainer).

Simpler, More Seucre AWS Access Control. Fix Issues that Static, IP address-based AWS security groups can't control. Get the infographic now.

Back to Blog Home

Jason Garbis

Vice President of Products, Cryptzone
Jason Garbis is Vice President of Products for Cryptzone, where he's responsible for the company's product strategy and product management. Garbis has over 25 years of experience with technology vendors, including roles in engineering , professional services, product management, and marketing. Jason joined Cryptzone from RSA, and holds a CISSP certification.

Leave a Reply

Your email address will not be published. Required fields are marked *