Solutions by Need
Cloud Computing and Hybrid Infrastructure Security
Cloud Computing: Speed and Cost Advantages
In the past few years, enterprises have rapidly embraced the Infrastructure as a Service (IaaS) model for developing, building, and deploying enterprise applications. Whether deployed on-premises as a private cloud, or leveraging a public cloud infrastructure, the benefits are undeniable: highly scalable, on-demand compute and storage resources, nearly unlimited flexibility of the virtualized network environment, and a cost model that shifts from heavy up-front capital expenditures (CapEx) to “pay as you go” operational expenditures (OpEx) which better aligns cost and value. And, in the case of public cloud, the ability to eliminate on-premises datacenter costs for real estate, electricity, and cooling are an added benefit.
While the ride may not always have been smooth or easy, many organizations are now successfully using IaaS, and in fact some have made the strategic decision that all new applications must follow a “cloud-first” model. And yet, others are hesitant to fully commit, or are struggling to keep up from a security and compliance perspective.
Cloud Security Risks
The reality is that a move to cloud (either private or public) brings risks with it, and requires security and compliance teams to work harder to keep up. While cloud infrastructures such as AWS or Azure each have their own network configuration and security models, the reality is that these aren’t designed to provide fine-grained access controls, or to adjust user access based on cloud server instance changes. Like traditional on-premises network security tools, these cloud systems only manage access to entire server groups based on source IP address or subnet, not based on individual user context. The result is over-privileged network access for users.
Dynamic, Policy-Based Cloud Access Control
AppGate operates under the premise that users should never be entrusted with access to, or visibility of, resources that lie outside of the scope of their responsibilities. It dramatically simplifies the cloud resource user access problem and eliminates over-entitled network access, drawing on user context to dynamically create a secure, encrypted network segment of one that’s tailored for each user session.
AppGate provides layered defenses for managing IaaS user access that are easy to deploy and begin with strong identification using two factor authentication, such as one time passwords (OTP). AppGate then creates secure, encrypted, service-specific tunnels to authorized applications and resources based on dynamic context-aware understanding of factors including user, role location and device – and most important – it ensures that all cloud resources remain invisible to users until authorized. Firewall rules aren’t written once and saved forever, but are created and enforced in real-time when access is requested. AppGate creates completely isolated management or service networks to micro-segment network access. This provides a secure, encrypted, service-specific connection to each individual application or service. And AppGate automatically detects changes to the cloud environment (such as new servers being instantiated), and adjusts user access according to policy.