Meeting the Amazon Web Services Security Challenge

October 28, 2016 |
Decorative image of key hole in cloud

It’s no secret that companies worldwide are embracing rapid application delivery and DevOps in the cloud. However, in AWS, security is a shared responsibility. Before building new apps, companies need to securely connect their developers.

AWS Security – Why IP Addresses and VPNs Don’t Work

The simplest way to do this is to allow the entire IP range of the internal corporate network to access all workloads running on AWS. But of course, organizations want to apply some level of access control.

Security professionals typically begin by using AWS Security Groups. The problem is that Security Groups are based on IP addresses, and people are not IP addresses. So:

  • Either everyone gets mapped to an IP address range – with access to the entire AWS network;
  • Or, security teams get bogged down in a continual cycle of editing IP access rules every time a user, IP address, or server is changed.

The problem gets even worse when remote users or consultants are brought into the equation.

One way companies are controlling access is to have people VPN in to the office network, and then access AWS resources. However, this approach effectively extends all of the vulnerabilities of the internal network to AWS, allowing malicious users to move laterally to the cloud, causing damage all along the way.

Compliance requirements add yet another headache. Auditors demand reports that show who had access to which network resource when. This task, often difficult enough in the enterprise, becomes nearly impossible in an ever-changing cloud environment.

Organizations need a new approach to network access control, one which is identity-centric, and that automatically adjusts user access based on changes to systems, servers, and user context.

AppGate is a cloud-native network access platform that connects existing enterprise identity systems with AWS security capabilities such as Security Groups and Tags into simple, easy-to-understand policies.

AppGate Gateways are easily deployed into AWS, and dynamically create a software-defined perimeter for each unique user, giving them network access only to cloud resources they’re authorized to see. Everything else on the network is invisible.

Clouds are in a constant state of change, so AppGate detects changes in the cloud infrastructure and automatically adjusts user access, all while logging any changes for compliance reporting. So, companies can maintain cloud agility while enforcing granular security.

AppGate Gateways can also be deployed into internal networks to control user access to these systems, using a consistent set of identities and policies across hybrid environments.

With AppGate, organizations can quickly and securely embrace the cloud and DevOps, while effortlessly meeting compliance requirements.

It’s easy to get started – AppGate is now available in the AWS Marketplace, with a free trial.

AWS and IaaS Security - Watch the Cryptzone Webinar

Back to Blog Home

Kurt Glazemakers

Kurt Glazemakers is the Senior Vice President, Product Strategy at Cryptzone. He is responsible for defining the strategy and roadmap of the next generation of Cryptzone IT security architecture focused on Encryption and Identity and Access Management (IAM). Glazemakers was the independent technical expert within the Medina Capital investment team that exercised due diligence prior to the acquisition of Cryptzone.

Glazemakers is renowned for his extensive knowledge of software development, especially in the software-defined network and storage area. Prior to joining Cryptzone, he served as CTO of CloudFounders, a developer of advanced private cloud technologies for IT-as-a-Service solutions.

He also served as Terremark’s CTO Europe (now part of Verizon), where he was responsible for the development of Enterprise Cloud. Throughout his career, Glazemakers has focused on the development of innovative solutions that increase the availability, security and scalability of mission-critical infrastructures. He holds a Master of Engineering, Telecommunications and Computer Networks from Universiteit Gent in Belgium.

Leave a Reply

Your email address will not be published. Required fields are marked *