Securing Cloud Centric Software Supply Chain is Complex
Cloud infrastructure in the software supply chain is a critical resource for enterprise innovation. Securing cloud infrastructure access requires the solution to key issues across multiple all-access methods and target applications including SSH, RDP, Kubernetes and Bitbucket/GitHub®/GitLab®.
Limitations of Current Network Centric Access Solutions
Current Network Centric Access Solutions
Organizations use a Bastion host or jump server to reduce Internet exposure. Users can then access any server after reaching the bastion host. This violates a core tenant of zero trust – only provide access to resources needed. It also creates security gaps if credentials to the bastion host are stolen – malicious actors can access the entire infrastructure. An effective approach must enforce policy to limit access and monitor access beyond the bastion hosts.
Visibility into identity and data access
The visibility of the identity used to log in to applications and DevOps services is important for access security. Without monitoring how users log in to application and DevOps services, shared accounts and impersonated accounts with stolen identities cannot be detected. Without a view into identity organizations lose traceability into who accessed what resources.
Complexity of key rotation
Key pairs are widely used to secure the connections before and after bastion host. However, many organizations fail to follow best practices to rotate the key pair every 3 months. Often users store keys on their local machines creating risk of exposure. Companies make these compromises because certificate-based authentication is complex and credential management is inefficient.
Privileged session management
The activities of privileged users, with access to critical resources, must be continuously monitored and recorded, from the start to the end of access. All activities, including command history need to be logged and analyzed to detect suspicious or unauthorized access. Most organizations do not have solutions to manage privileged sessions. When they do implement solutions they are expensive to acquire and manage.
Zero Trust Secure Access to Development Environments
Appaegis Enterprise Access Browser applies zero trust to SSH access, delivers the visibility into identity, eliminates complexity of key rotation, monitors privileged sessions and provides visibility and control over data access.
Appaegis does that by monitoring and controlling identities used to log in to DevOps services and discovers shared accounts or impersonated account logins. Appaegis helps organization to automate SSH certificate management to simplify operations and enhance security. We also provide command history and Git repo access monitoring to eliminate security blind spots and enhance access control without interrupting the runtime environment.
Appaegis integrates the browser with cloud infrastructure to provide a secure access fabric. Our solutions leverage key vaults and cloud IAM to secure access to infrastructure. Appaegis’ approach of securing access where it originates makes identity the new perimeter and enables control and visibility to all data access.
