Software Defined Security for Microsoft Azure

InstaSafe Cloud Access Ensures Secure Remote Access to Internal Apps in AWS

Challenges in Securing Microsoft Azure

Azure is a comprehensive set of cloud services that developers and IT professionals use to build, deploy, and manage applications through Azure global network of datacenters. Integrated tools, DevOps, and a marketplace support you in efficiently building anything from simple mobile apps to internet-scale solutions.

Azure offers in-built security functions such as Network Security Groups, Application Security Groups and others to secure your infrastructure on Azure, basis the shared responsibility model. However, while accessing various resources on the Azure Cloud, the network security levels are highly limited when using Azure’s own security functions, as it is restricted to IP address and port-based access controls. This limited control is contradictory to the granular identity-based access controls that enterprises typically implement within their infrastructure.


Existing Solutions Have Major Drawbacks

Azure Network Security Groups allow you to limit access to the VMs, Databases, and other such resources based on source IP address. Typically, the source IP address is your own set of public IP addresses. For individuals or companies that do not own any static public IP addresses, this security function provided by Azure is not applicable and hence, they are further exposed to a higher level of risk. Of course, additionally, the Network Security Groups can be defined to restrict access to specific ports.

This limitation of security functions on Azure are typically overcome by using site to site VPN connection to the on-premise data center and then backhauling all user traffic through remote access VPN setup for the users. However, such solutions are at best a patchy workaround and do not fully provide the level of security that is required by enterprises.

The major drawbacks of using legacy solutions are:

  • Poor User Experience
  • Vulnerable to Attacks
  • Highly Complex

Are You Facing These Challenges?

Do you need to create a private network between your different regional VNETs?

Is your Azure Compute / Storage / Databases on public IP addresses accessible to users with a username and password?

Are you facing challenges for your DevOps to securely manage your Azure infrastructure?

Is managing your VPN setup across your IaaS, private cloud and users challenging?

InstaSafe Cloud Access (ICA) – All Your Azure Problems

InstaSafe® Cloud Access for Microsoft Azure, addresses the above challenges and more by providing enterprises with a solution based on the Software Defined Perimeter principles. A Software Defined Security specifically built for Azure infrastructure enables better cloud adoption and empowers mobile workforce.
ICA solution provides an identity based granular access control solution based on the principles of Software Defined Perimeter (SDP). It ensures that the device and the user were able to only ‘see’ and ‘access’ the data, that they had ‘prior approval’ to see or access – basically a ‘need-to-know’ access model.

Encrypted Network with Software-Defined Perimeter

InstaSafe Cloud Access enables you to take complete control of who can access the applications, servers, databases, storage, and other resources on AWS

  • Do away with VPN
  • Keep all applications, servers, databases, and other resources in a private network
  • Give application-level access to specific people or groups of people based on their role
  • Ensure that they only get access using pre-authorized devices
  • All of this is done from a single central console with the users authenticated using your own directories such as Active Directory or LDAP, RADIUS etc.

Multi-Region VPC Peering Without Any Restrictions

InstaSafe Cloud Access empowers you to create your own customized VPC peering between different regional VPCs

  • A single software-defined private network for AWS and your own private cloud or on-premise datacenter
  • Granular access control between individual servers on specific ports
  • All of this along with Secure Access for user access to the applications is managed from a single central console



Secure Remote Access for Employees and Partners

InstaSafe Cloud Access makes it easy for you to manage the access of employees and partners to specific applications with minimum fuss

  • Seamlessly integrate with corporate directories such as Active Directory / LDAP / RADIUS and other sources using OpenID or SAML to manage user authentication
  • Partner authentication and access can be managed locally using an in-built directory
  • Enable our built-in MFA authentication using OTP for any user accessing sensitive applications
  • Granular ‘need-to-know’ access control rules, ensures users can access only specific resources based on their role

Secure Privileged Access for DevOps Teams

DevOps require sysadmin (administrator) access to the resources on AWS. Administrator access is the favorite target of hackers due to the access level that sysadmins enjoy

  • Defeat any credential theft attacks by binding the device to the user. Stolen password does not work from any other device thereby greatly improving the security of the administrator’s privileged access
  • Combined with a PAM solution, InstaSafe® Cloud Access provides the necessary security controls to completely lockdown all privileged access to any Cloud or on-premise resource
  • DevOps teams can manage any of the resources on AWS such as VM, MySQL, MSSQL and other databases, containers, and resources