Upload File

secure hybrid cloud access - prevent sensitive data exposure...the benefits of such a hybrid cloud...

  • Home
  • Documents
  • Secure Hybrid Cloud Access - Prevent sensitive data exposure...The benefits of such a hybrid cloud and on-premises deployment include: Reduce the risk of application and networks based
Secure Hybrid Cloud Access Product Brief Contents Introduction The Safe-T Solution How It Works Capabilities Benefits Feature List Access Component 3 3 3 4 5 5 5 www.safe-t.com Keeping Data in the Right Hands

Upload: others

Post on 23-May-2020

4 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Secure Hybrid Cloud Access - Prevent sensitive data exposure...The benefits of such a hybrid cloud and on-premises deployment include: Reduce the risk of application and networks based

Secure HybridCloud AccessProduct Brief

Contents

Introduction

The Safe-T Solution

How It Works

Capabilities

Benefits

Feature List

Access Component

3

3

3

4

5

5

5

www.safe-t.com Keeping Data in the Right Hands

Page 2: Secure Hybrid Cloud Access - Prevent sensitive data exposure...The benefits of such a hybrid cloud and on-premises deployment include: Reduce the risk of application and networks based

IntroductionRecent years have shown an ever-growing increase in cloud adoption by organizations, both regulated and non-regulated. Cloud adoption has many aspects, whether it’s using SaaS solutions, outsourcing MSSP services or hosting previously on-premises located servers in the cloud.

In this paper we will focus on the last use case, where an organization is migrating servers who were previously located on-premises to a public cloud (Azure, AWS, etc).Moving application tiers to the cloud, requires rearchitecting the network and application, for example, if previously all application tiers were located on-premises, now you need to connect a cloud based application tier to application tiers located on-premises.

Such a move creates a few challenges, such as:• Incoming holes in the organization’s Firewall for cloud traffic• Requires a VPN or secure connection to connect between Cloud and organization premises• Hacking the cloud allows revealing the customer’s internal network IP• Potentially placing an authentication component in the cloud

The Safe-T Solution

Safe-T® Software Defined Access provides a method for enterprises to convert their complex DMZ and perimeter architecture to light perimeter layer hosted in the cloud, while increasing network and application security.

By deploying Safe-T in a hybrid cloud and on-premises deployment, organizations can benefit from a cloud based perimeter and DMZ segment which can augment and simplify their local enterprise DMZ and allow pushing their perimeter farther away from their on-premises data center. In addition, the solution, allows securely connecting cloud-based application tiers (e.g. web frontend) with on-premises application tiers (e.g. backend or DB) without the need to open the organization’s firewall to the cloud, or deploying a VPN between the cloud and premises.

Using this architecture, all the organization's services are published from the cloud using an Access Gateway located within the cloud and an Access Controller which is located on-premises. backend application.

www.safe-t.com Keeping Data in the Right Hands

Page 3: Secure Hybrid Cloud Access - Prevent sensitive data exposure...The benefits of such a hybrid cloud and on-premises deployment include: Reduce the risk of application and networks based

How It WorksAs can be seen in figure 1 below, the Safe-T Hybrid Cloud Access is composed of two access servers. The solution is deployed in two tiers within the organization and cloud:

• Cloud tier – includes an Access Gateway which is in the public cloud after the cloud located front-end server

• On-premises tier - includes an Access Controller which connects to the on-premise back-end applications

Figure 1 - Safe-T Secure Hybrid Cloud Access

Cloud Provider

Cloud App

BackendApp / DB

EnterpriseInternal Network

EnterpriseDMZ Network

User

Authorized Traffic Outbound Only

www.safe-t.com Keeping Data in the Right Hands

Page 4: Secure Hybrid Cloud Access - Prevent sensitive data exposure...The benefits of such a hybrid cloud and on-premises deployment include: Reduce the risk of application and networks based

1

2

3

4

5

User browses to Cloud service

The flow of the solution is as follows:

Cloud Application/front-end server authenticates user and connects to Access Gateway

Access Controller pulls in the user’s request from the Access Gateway and passes it to backend application (L7 Proxy can be added)

Backend App/DB provides data the Access Controller which pushes it to the Access Gateway

Access Gateway pushes the data to the Cloud App

CapabilitiesDeploying Software Defined Access for Secure Hybrid Cloud Access provides the following capabilities:

• Ability to run in any cloud environment

• Hybrid cloud and on-premise deployment

• Enterprise firewall is constantly in deny-all state, no open ports required for access

• Bi-directional traffic is handled on outbound connections from the LAN to the cloud

• Front-end all enterprise public facing applications from cloud

• Support a variety of applications – HTTP/S, SMTP, SFTP, SSH, APIs, RDH5, WebDAV

• Robust multi factor authentication options

• Remove the need for VPN connectivity between cloud and on-premises

• Full redundancy by utilizing multiple cloud locations

• Integration with leading security solutions

www.safe-t.com Keeping Data in the Right Hands

Page 5: Secure Hybrid Cloud Access - Prevent sensitive data exposure...The benefits of such a hybrid cloud and on-premises deployment include: Reduce the risk of application and networks based

Benefits

The benefits of such a hybrid cloud and on-premises deployment include:

Reduce the risk of application and networks based attacks

Improve data center security by reducing organization’s attack surface

Mask the true location of the organization's data center

No need to open the enterprise firewall for cloud traffic

Simple and easy migration to the cloud

No cloud to premises VPN overhead

Block network access, allow application access

End-to-end monitoring of file access flow

No direct access to the enterprise from the Internet

Feature List

Access Component

CommentsFeature

System Level Features

Safe-T Secure Application Access solution can be setup in HA using an external load balancer or application delivery controller. In addition, a single Access Controller can operate with multiple Access Gateways and Authentication Gateways.

High Availability (HA)Ability to perform high availability/clustering mode in the same data center and between data centers

www.safe-t.com Keeping Data in the Right Hands

Page 6: Secure Hybrid Cloud Access - Prevent sensitive data exposure...The benefits of such a hybrid cloud and on-premises deployment include: Reduce the risk of application and networks based

Feature List

Access Component

CommentsFeature

System Level Features

Safe-T Secure Application Access solution can be setup in a disaster recovery architecture using an external load balancer or application delivery controller

Disaster RecoveryAbility to failover to another data center in the event of application unavailability or site disasters

On-premises or Hybrid-cloudDeployment

Access Features

Safe-T’s reverse-access technology is patent protected. The Reverse-access technology is a dual node technology, which removes the need to open any ports within a firewall, while allowing secured application access between networks (through the firewall)

Patented Reverse-Access technology

NoRequires opening firewall ports

Safe-T Secure Application Access solution supports any TCP based application / service, applying reverse-access to it

Support any TCP based application / service

Logically segment the network, deploying a Zero Trust model, to reduce the risk of cyber-attacks from reaching internal network segments, or laterally moving throughout your network

Logical Network Segmentation

Safe-T Secure Application Access solution supports HTTP/S based applications / services

HTTPS Proxy

Safe-T Secure Application Access solution supports WebDAV based file access

WebDAV Support

www.safe-t.com Keeping Data in the Right Hands

Page 7: Secure Hybrid Cloud Access - Prevent sensitive data exposure...The benefits of such a hybrid cloud and on-premises deployment include: Reduce the risk of application and networks based

Feature List

Access Component

CommentsFeature

Access Features

Safe-T Secure Application Access solution support terminating SSL client connections destined to an application / service

SSL Off-loading

Safe-T Secure Application Access solution supports authenticating and authorizing users with multi-factor identity management tools before service requests to back-end applications can take place.

• Authentication via the organization’s LDAP or Active Directory systems, • Authentication using OTP as 2nd factor for NTLM or Kerberos• Integration with 3rd party authentication solutions• NoPost authentication based on emails• SSO support

Multi-factor authentication

Safe-T Secure Application Access solution does not require any client application to be installed on the end-user’s machine

Client-less and VPN-less application access

Safe-T Secure Application Access supports the following rewriting options:• Rewriting the destination hostname to defined subdomain• Prepending the virtual directory• Rewriting both (http / https) protocol to https or http

Dynamic URL rewriting supporting multi-domain applications

YesPer User Group Access Policies

YesTime/Date Based Access Policies

www.safe-t.com Keeping Data in the Right Hands

Page 8: Secure Hybrid Cloud Access - Prevent sensitive data exposure...The benefits of such a hybrid cloud and on-premises deployment include: Reduce the risk of application and networks based

Feature List

Access Component

CommentsFeature

Management and Operation

YesUsing a Web for full management

YesSystem logs

Yes, via TCP API for reverse-access rulesExternal Provisioning

www.safe-t.com Keeping Data in the Right Hands

© 2018 Safe-T Data Ltd. All Rights Reserved. Safe-T and all other Safe-T product and service names are registered trademarks of Safe-T Data in

the U.S. and other countries. All other trademarks and names are the property of their respective owners.

Truly consistent hybrid cloud with Microsoft Azuredownload.microsoft.com/download/2/8/C/28C3B613-F062-4589...To use Azure AD in a hybrid cloud, an organization first connects its on-premises

Fujitsu World Tour 2015 People – Integrated... · The Heart of Cisco Collaboration CLOUD ON PREMISES HYBRID through hybrid approaches Unified Communications Fujitsu offers Cisco

Multi-cloud Complexity and for publication How to Cut through · 2018-09-05 · Hybrid Cloud is a Growing Strategy for Success . On-premises (company-owned facility) Off-premises

WANDISCO FUSION ORACLE ANALYTICS CLOUD · On-demand analytics with hybrid cloud Replicate your data to Oracle Cloud as it is created or ingested on-premises to leverage scalability

F5 Government Symposium 2018 AWS and F5 Deep …...AWS and F5 Deep Dive Ryan Johnson Federal System Engineer 4/4/2018 User PRIVATE CLOUD PUBLIC CLOUD HYBRID CLOUD On premises Off premises

The latest and greatest - BRINEL · HCS Delivered Services Cisco Spark Hybrid Services Extend to the cloud Messaging Calling Meetings Connect Cloud & Premises. ... Cloud, Premises,

SPSSac2014 - SharePoint Infrastructure Tips and Tricks for On-Premises and Hybrid Cloud Environments - Michael Noel

LHC1403BE Accelerate the Hybrid Cloud with VMware Cloud or ... · • Build hybrid applications across on-premises SDDC and VMware Cloud on AWS • Gain control through policy-based

Premises, Cloud and Hybrid SIP Applications Bernard Gutnick Senior Director – Product Marketing ShoreTel

Hybrid and Multi Cloud Posters · The Hybrid / Multi Cloud Integration use cases illustrated here, coupled with the various platform deployment options (cloud, on-premises, hybrid,

Hybrid Cloud Solutions : Hybrid Cloud Solutions · that simplify management of data across cloud and on-premises environments to accelerate digital transformation. We empower global

HYBRID CLOUD MIGRATION STARTER PACK...There are several ways to build hybrid cloud infrastructure that don't always include on-premises systems. Large organizations may prefer to maintain

The Future of Analytics in the Cloud...13. Teradata Hybrid Cloud – Same Software, Many Options. Customer environment using a mix of . on-premises, private, managed, and. public cloud

Tips for your on-premises cloud or hybrid migration

Moving to a Modern Hybrid Cloud Content Architecture · performance tradeoffs Secure Cloud, private cloud or on-premises regions with encryption for sensitive content Federate Consolidate

It’s A Hybrid Cloud World - Informationsecurity · › Lack of integration architecture. The essence of hybrid is the integration between a cloud service and on-premises (o r non-cloud)

Optimize hybrid cloud...However, making sense of the cloud is daunting, with a myriad of public cloud, private cloud and on-premises platforms hosting internal and external applications

Online On premises Hybrid yes

Selecting a Multicloud and Hybrid Cloud Management ...€¦ · The hybrid cloud approach is most popular because this involves the move to an on-premises hybrid cloud from where any

IBM Cloud Private Application Developer's Guide · applications across hybrid cloud environments, on-premises and public clouds. It is an integrated environment for managing containers

Oracle Enterprise Manager 13c - MOUS · Enterprise Manager driven Hybrid Cloud Management Clone or move workloads between Oracle Cloud and on-premises Single view of on-premises and

AWS re:Invent 2016: Hybrid Architecture Design: Connecting Your On-Premises Workloads to the Cloud (GPSISV4)

Migrating Traditional Apps from On-Premises to the Hybrid Cloud

Atlassian Hybrid Cloud/On-Premises Software Delivery · Atlassian Hybrid Cloud/On-Premises Software Delivery and the journey to 300,000 applications in the cloud GEORGE BARNETT •

Get started with cloud hybrid search for SharePoint...With the cloud hybrid search solution, you index all your crawled content, including on-premises content, in your search index

Redeploying from on-premises to the cloud SharePoint burst out to Azure Hybrid event based applications Building a private cloud

Hybrid & Multi Cloud Posters...Jan 21, 2019  · The Hybrid / Multi Cloud Integration use cases illustrated here, coupled with the various platform deployment options (cloud, on-premises,

Hybrid Data Guard to OCI DBaaS - Oracle · 2 Hybrid Data Guard to Exadata Cloud Services| - Production Database on Premises and Disaster Recovery with Oracle Cloud Infrastructure

Hybrid DR to Oracle Cloud · 1 | disaster recovery on the oracle public cloud - production on premises, dr in the cloud Introduction Oracle’s Maximum Availability Architecture (Oracle

Virtustream and VMware Enable Mission Critical Hybrid Cloud · 2018-03-23 · •VMware™ standard cloud stack for on-premises private cloud –VMware Cloud Foundation™ –vRealize

DoD Collaboration Transformation · •Cloud delivered •Rich collaboration experience •Subscription based service •Seamless conferencing •Hybrid Cloud/On-premises redundancy

Dynamics 365 for Finance and Operations: Cloud, On ... · Cloud, On-Premises, and Hybrid Deployment Options. ... Healthcare, Retail/CPG, ... • 2015 Cloud Customer Relationship Management

Thomas Pilz – IR Prognosis for UC – Experience management solution for in the cloud, on-premises, or hybrid environments

Native Hybrid Cloud - Dell · Native Hybrid Cloud monitoring and reporting Run in production Public Cloud providers On-premises on vSphere Virtustream VMware vCloud AirTM Network

Gain cloud flexibility and on-premises control with HPE ......HPE GreenLake Hybrid Cloud HPE GreenLake Hybrid Cloud delivers a turnkey cloud environment for Amazon Web Services (AWS)