Software Defined Security for Your AWS Infrastructure
Challenges in Securing Hybrid Data Centers
AWS opens up a host of new opportunities for enterprises in the cloud. They can take advantage of a wide variety of services, unlimited storage, dynamic computing power and continuous application delivery. AWS is increasingly being adopted because it has a ‘Pay as you Go’ model, is completely Scalable, highly Reliable, completely Customizable and has Hybrid Capabilities.
AWS offers in-built security functions such as Network Security Groups, Application Security Groups and others to secure your infrastructure on AWS, basis the shared responsibility model. However, while accessing various resources on the AWS Cloud, the network security levels are highly limited when using AWS’s own security functions, as it is restricted to IP address and port-based access controls. This limited control is contradictory to the granular identity-based access controls that enterprises implement within their infrastructure.
Existing Solutions Have Major Drawbacks
AWS Network Security Groups allow you to limit access to the VMs, Databases, and other such resources based on source IP address. Typically, the source IP address is your own set of public IP addresses. For individuals or companies that do not own any static public IP addresses, this security function provided by AWS is not applicable and hence, they are further exposed to a higher level of risk. Of course, additionally, the Network Security Groups can be defined to restrict access to specific ports.
This limitation of security functions on AWS are typically overcome by using site to site VPN connection to the on-premise data center and then backhauling all user traffic through remote access VPN setup for the users. However, such solutions are at best a patchy workaround and do not fully provide the level of security that is required by enterprises.
The major drawbacks of using legacy VPN solutions are:
- Poor User Experience
- Mediocre Security
Are You Facing These Challenges?
InstaSafe® Cloud Access (ICA) – THE Solution for All Your AWS Problems
InstaSafe Cloud Access for Amazon Web Services, addresses the above challenges and more by providing enterprises with a solution based on the Software Defined Perimeter principles. A Software Defined Security specifically built for AWS infrastructure enables better cloud adoption and empowers mobile workforce.
ICA solution provides an identity based granular access control solution based on the principles of Software Defined Perimeter (SDP). SDP concepts have been derived from the military, especially the Defense Information Systems Agency (DISA), where they pre-attested every device before it could ‘connect’ to the network and then verified the identity of the user using Multi-Factor Authentication (MFA) leading to knowing exactly what device was being used and by whom to access the network.
Encrypted Network with Software-Defined Perimeter
InstaSafe Cloud Access enables you to take complete control of who can access the applications, servers, databases, storage, and other resources on AWS
- Do away with VPN
- Keep all applications, servers, databases, and other resources in a private network
- Give application-level access to specific people or groups of people based on their role
- Ensure that they only get access using pre-authorized devices
- All of this is done from a single central console with the users authenticated using your own directories such as Active Directory or LDAP, RADIUS etc.
Multi-Region VPC Peering Without Any Restrictions
InstaSafe Cloud Access empowers you to create your own customized VPC peering between different regional VPCs
- A single software-defined private network for AWS and your own private cloud or on-premise datacenter
- Granular access control between individual servers on specific ports
- All of this along with Secure Access for user access to the applications is managed from a single central console
Secure Remote Access for Employees and Partners
InstaSafe Cloud Access makes it easy for you to manage the access of employees and partners to specific applications with minimum fuss
- Seamlessly integrate with corporate directories such as Active Directory / LDAP / RADIUS and other sources using OpenID or SAML to manage user authentication
- Partner authentication and access can be managed locally using an in-built directory
- Enable our built-in MFA authentication using OTP for any user accessing sensitive applications
- Granular ‘need-to-know’ access control rules, ensures users can access only specific resources based on their role
Secure Privileged Access for DevOps Teams
DevOps require sysadmin (administrator) access to the resources on AWS. Administrator access is the favorite target of hackers due to the access level that sysadmins enjoy
- Defeat any credential theft attacks by binding the device to the user. Stolen password does not work from any other device thereby greatly improving the security of the administrator’s privileged access
- Combined with a PAM solution, InstaSafe® Cloud Access provides the necessary security controls to completely lockdown all privileged access to any Cloud or on-premise resource
- DevOps teams can manage any of the resources on AWS such as VM, MySQL, MSSQL and other databases, containers, and resources