A Zero-Trust Security Architecture that Encompasses Cloud

 

If anyone says February went by quickly, did they mean that literally? February did go by quicklyHere is a quick update on what is new in Appaegis Isolation Access Cloud (IAC). The updates continue to enhance capabilities for a cloud-centric world to extend a zero-trust security architecture beyond networking.  

 

Appaegis IAC Platform Capabilities  

  • Launch of the Appaegis Unity Agent – to enhance security for SSH, RDP and Kubernetes access with native application support. 
  • Strict access control with multiple key vault integrations (for SSH and RDP) 
  • Session recording and audit of user applications access (SSH and RDP) 

Appaegis IAC Platform Enhancements Explained 

1.Strict Access Control with Key Vault Integrations 

With this release, we have extended our support for key vault integrations to include AWS. With this integration enforcing access control for SSH will with any customer environment. 

Keeping with our design goals, the setup and configuration is simple and can be done in minutes, not days or months. The integration is flexible and supports single or multi-region implementations.  

A sample KMS configuration on AWS from where we get the Access Key ID used with Appaegis is illustrated below. The workflow to accomplish this is simple and is also illustrated below.  

 

Appaegis IAC has added the following option to configure AWS credentials 

KMS support for single or multi-region for AWS can be configured in the KMS setting Page. At that point the integration is complete. 

2. SSH Offline access Mode 

To enhance the ability of developers, network operators or contractors, we have added the ability to use SSH in an offline mode. It is built with seamless integration to multiple key management systems. The access duration can be controlled based on certificate lifetime validity.  

Configuration to enable a specific SSH application is shown below. As you can see the process is simple and can be completed quickly.  

Developers, network operators or contractors can then download the required certificate for the configured application. They can then use SSH command to connect to the SSH server (ssh -i private_key -i certificate user_name@Server-IP)

3. Session recording and audit 

To satisfy regulator mandates or internal policy, customers might prefer to store session recording and audit logs on self-managed storage. Appaegis IAC now supports storage of session recording on customer managed AWS S3 storage. This provides additional control for organizations to store sensitive data in multiple AWS regions based on company policies or regulatory mandates. The process to set up storage locations is simple and can be accomplished with a few keystrokes and a mouse click!  

The configuration to setup storage in AWS is shown below. 

Appaegis IAC provides a holistic solution to integrate Cloud as the key strategy of cloud access security. By integrating and connecting cloud IAM, key management system, and Identity providers, Appaegis Access IAC provides a deep understanding on the application context and user behavior.  This knowledge helps enterprises monitor how users access the critical applications, identify potential security gaps, and reduce permission scope. Appaegis IAC is built to secure access to applications, enhance data security, and implement a zero-trust security architecture.

Summary 1

Back to Blog

Related Articles

Appaegis Zero Trust SSH with Vault on the HashiCorp Cloud Platform

All organizations today rely on a mix of internal applications, cloud native applications, and SaaS...

Data Security in a Zero Trust World

General Electric, Facebook, Equifax, U.S. Marshals, Microsoft, MGM, GoDaddy, Amtrak…and the list...

SSH Bastions Break Your Zero Trust Model

  It’s a common practice to set up a bastion server to provide access to the host and then use that...