AppGate for AWS
AWS Access Control: Speed and Cost Advantage
Enterprises are rapidly embracing Amazon Web Services (AWS), but securing access to these cloud-based workloads isn’t easy. The root cause is that AWS’ native security groups are static IP-based firewalls which do not provide the user-centric access control needed by security teams to efficiently and effectively control user access to EC2 resources. And trying to control “who can access what” with static IP addresses and port mapping just doesn’t scale.
AppGate is purpose-built for the AWS environment and draws on user context to dynamically create a secure, encrypted network segment of one that’s tailored for each user session. It dramatically simplifies the cloud resource user access problem and eliminates IP-based over-entitled network access. AppGate is a key technology in the Cloud Security Alliance.
The Benefit of using AppGate for AWS
With AppGate you are able to create a segment of one for each user and device combination to ensure that the context of the user and the device is evaluated in real-time before AppGate provides network access to the user-authenticated instances and services in the AWS environment. AppGate is a linear and scalable distributed access system that creates a unique access filter for each user/device combination. This patent pending access system dynamically matches the context information from the user and device with the context information it polls in real-time from the cloud provider. Users, devices and their context can now be matched by the AppGate policy engine to allow access to, and only to, the desired instances. The context information pulled from the cloud is based on the metadata received from the cloud APIs such as all/some instances in a certain VPC, security group, with a certain key or value, etc.
With these simple policies in place, network access automatically adapts in real-time to changing conditions on the client side as well as on the cloud infrastructure side. Every new instance that is added or removed is automatically traced and added or removed from the access filter, without needing to change policies. It becomes an automation-driven network access process that can be audited by simple policies.
Is AppGate for AWS Right for your Business?
AWS customers with robust DevOps needs, dynamic environments, and a heightened need for security and compliance-driven access controls gain significant value from AppGate.