How to Simplify, Secure and Scale AWS User Access
Managing and automating tightly controlled user-access in AWS is just too complex and too slow for several reasons:
1. User access is IP centric but their IP addresses change (office, home, mobile)
2. Dynamic environments cause extra administrative burden
3. Complexity leads to shortcuts
4. Forced use of VPN connectivity to manage access control
5. Logging correlation complexities
6. Shared AWS responsibility model
Public Cloud Security is a Shared Responsibility
As outlined by AWS, public cloud security is a shared responsibility. AWS takes responsibility for security ‘of’ the cloud, but puts the onus on the customer for security ‘in’ the cloud. For enterprises adopting cloud, this needs to be a consideration as they balance tightly controlled access to workloads resident with providers like AWS with wide open access that could increase the risk of a security and compliance breaches.
A Software-Defined Perimeter Helps
Typical AWS users working from the office are fine, but when that user moves around, it leads to inefficiencies in security.
That’s where a Software-Defined Perimeter helps. It’s a security model which wraps network permissions around each unique user. Both Gartner and Forrester support this model and companies like Google, Verizon, Coca-Cola and GE are all embracing this model.
What is a Software-Defined Perimeter?
The Software-Defined Perimeter is a security framework developed by the Cloud Security Alliance, and is designed to provide on-demand, dynamically provisioned secure network segmentation. A Software-Defined Perimeter ensures that all endpoints attempting to access a given infrastructure are authenticated and authorized prior to being able to access any resources on the network. All unauthorized network resources are made inaccessible. This not only applies the principle of least privilege to the network, it also reduces the attack surface area by hiding network resources from unauthorized or unauthenticated users. To summarize, a Software-Defined Perimeter overcomes the constraints of traditional tools by effectively creating a dynamic, individualized perimeter for each user – a network ‘segment of one’.
Using a Software-Defined Perimeter Solution for AWS
Cryptzone’s AppGate delivers organizations the ability to simplify, secure and scale user access. It looks at context and identity to grant access including the device, customer attributes, application permissions, location, anti-virus and time. AppGate then creates a dynamic ‘segment of one’ (1:1 firewall rule) that’s encrypted and logged. Finally, it makes everything else on the network invisible whether that’s in the cloud, on-premises or a hybrid cloud model.
To see this in action, watch the on-demand webinar on AWS and IaaS Security – Simplify, Secure and Scale User Access.