AWS – New York – Summit – you know that you’ll be hearing some exciting announcements. This year at 40Cloud we’re thrilled, not only to be welcoming visitors to our booth, but also to present an announcement of our own. We’re introducing a new security collaboration with Datapipe, an AWS Premier Consulting Partner and a global leader in managed hybrid IT solutions for enterprise. Datapipe offers a single provider solution for managing and securing mission-critical IT services, including cloud computing, infrastructure as a service, platform as a service, colocation and data centers.
40Cloud delivers IT security elements such as AAA, encryption and firewall, in addition to identity-based access management and VPN. By incorporating software-defined networking (SDN) and software-defined security (SDS) technologies, 40Cloud builds a new software-defined private network over any cloud infrastructure deployment, and layers firewall and automation capabilities on top of it.
2Factor Secure Cloud Access
This partnership will help enterprises secure Amazon Web Services (AWS) environments. The Datapipe – 40Cloud solution, called 2Factor Secure Cloud Access, integrates Datapipe’s two-factor authentication service, Datapipe Auth, with 40Cloud’s software-as-a-service (SaaS) Identity Integration security model. The solution allows for easier, more secure remote access of public cloud operations and delivers enhanced security, access and control to clients operating AWS environments.
This integration provides an extra layer of security for remote public cloud usage. It utilizes two identification methods that verify a user’s identity, and then automatically enforce permissions to remote systems, based on the industry standard RADIUS. Client administrators can manage users and tokens directly to assign and restrict access permissions, allowing for a greater level of user control. In other words, while Datapipe Auth authenticates the users with two-factor authentication, the 40Cloud Gateway controls access to the different instances, such as the database, web servers, etc., providing role-based control.
By installing the Datapipe Auth Token Manager application, Datapipe and 40Cloud users can access their data from anywhere leveraging native operating system VPNs. The Token Manager is available via a desktop computer, and the mobile app can be downloaded from the Apple Store and Google Play.
The diagram below shows how to get up and running with the 2Factor Secure Cloud Access solution:
- The Datapipe Administrator defines users, provides them with tokens, and then define roles for each user.
- The user sets a PIN, and then downloads the Datapipe Auth Token Manager that is configured with the token that the administrator defined for him/her. The application generates a one-time code to his mobile or computer.
- Once the Datapipe application is set, the user can connect to the 40Cloud Gateway to establish a VPN connection. The user enters the VPN client with his username, PIN and the one time code generated by the Datapipe application downloaded to his device.
- The 40Cloud Gateway authenticates the user against the Datapipe authentication server and retrieves the user role.
- The 40Cloud Gateway applies RBAC (Role Base Access Control) to grant access to specific servers based on the role. In this case, the user can access the web servers, but is not granted access to the database server.
Benefits of 2Factor Secure Cloud Access
The Key benefits of 2Factor Secure Cloud Access include:
- Improved security practices – two-factor authentication puts a stop to common hacking practices such as brute force or password phishing by removing the risk of password compromise leading to unauthorized access
- Secure remote access to the cloud – AWS users can now access data securely, regardless of their location, through Datapipe Auth combined with a secure encrypted VPN for remote access to AWS cloud resources
- Enhanced manageability and control – customer administrators can control, monitor, and report on employee remote access. The Datapipe Auth portal also enables role based access, allowing clients to define roles for users and dynamically enforce access rights within AWS
- Greater compliance – 2Factor Secure Cloud Access addresses numerous PCI DSS requirements such as two-factor authentication for remote access, secure remote access technologies using VPN, disabling of inactive users within 90 days, and limiting access based on employee role.
Two-factor VPN authentication combined with cloud network firewall brings users greater security, access and control over the public cloud. The Datapipe 2Factor Secure Cloud Access is now available worldwide through Datapipe’s existing suite of security services. For more information on the newly formed collaboration please see: https://datapipe.com/cloud/managed_aws/.