Meeting the Amazon Web Services Security Challenge
It’s no secret that companies worldwide are embracing rapid application delivery and DevOps in the cloud. However, in AWS, security is a shared responsibility. Before building new apps, companies need to securely connect their developers.
AWS Security – Why IP Addresses and VPNs Don’t Work
The simplest way to do this is to allow the entire IP range of the internal corporate network to access all workloads running on AWS. But of course, organizations want to apply some level of access control.
Security professionals typically begin by using AWS Security Groups. The problem is that Security Groups are based on IP addresses, and people are not IP addresses. So:
- Either everyone gets mapped to an IP address range – with access to the entire AWS network;
- Or, security teams get bogged down in a continual cycle of editing IP access rules every time a user, IP address, or server is changed.
The problem gets even worse when remote users or consultants are brought into the equation.
One way companies are controlling access is to have people VPN in to the office network, and then access AWS resources. However, this approach effectively extends all of the vulnerabilities of the internal network to AWS, allowing malicious users to move laterally to the cloud, causing damage all along the way.
Compliance requirements add yet another headache. Auditors demand reports that show who had access to which network resource when. This task, often difficult enough in the enterprise, becomes nearly impossible in an ever-changing cloud environment.
Organizations need a new approach to network access control, one which is identity-centric, and that automatically adjusts user access based on changes to systems, servers, and user context.
AppGate is a cloud-native network access platform that connects existing enterprise identity systems with AWS security capabilities such as Security Groups and Tags into simple, easy-to-understand policies.
AppGate Gateways are easily deployed into AWS, and dynamically create a software-defined perimeter for each unique user, giving them network access only to cloud resources they’re authorized to see. Everything else on the network is invisible.
Clouds are in a constant state of change, so AppGate detects changes in the cloud infrastructure and automatically adjusts user access, all while logging any changes for compliance reporting. So, companies can maintain cloud agility while enforcing granular security.
AppGate Gateways can also be deployed into internal networks to control user access to these systems, using a consistent set of identities and policies across hybrid environments.
With AppGate, organizations can quickly and securely embrace the cloud and DevOps, while effortlessly meeting compliance requirements.
It’s easy to get started – AppGate is now available in the AWS Marketplace, with a free trial.