Enterprises are increasingly including cloud solutions as a part of their objectives to remain competitive and offer customers an engaging and convenient experience. Cloud solutions offer agility, scalability, and an affordable way to utilize the latest technology without a big capital investment. What remains a challenge is setting up secure cloud access.
IT security teams know that introducing cloud solutions to the environment means less control over communications and more challenges filtering out different types of traffic. The cloud associates each individual server’s IP address with its own security policy, but there’s no network device enforcing outbound or inbound rules. It’s possible that virtual servers can be accessible from the outside and suffer exposure to the internet.
There are four basic options for secure cloud access: direct access, virtual private networks (VPNs), virtual private cloud (VPCs), and a session manager. There are advantages to each, but IT security will need to balance a desire for simplicity with a need to choose the path most complementary to their existing security strategy and policies.
Direct Access: This method is both the simplest and most convenient. It opens the required port in the network security policy. IT can easily set up the policy and allow access to the port for only a few connections from a set number of IP addresses. While the IP range filter is helpful in limiting the exposure to the port, the list may grow once end users begin to access cloud solutions from a variety of locations.
This solution poses some risk because it shifts protection to the server, which may expose the computer to internet attacks. Certain protocols such as RDP or SSH, as well as limiting the IP range, can help and allow direct access to work well as a temporary solution for secure cloud access.
VPNs: Major public cloud providers enable IT administrators to configure a VPN connection between their network and the cloud network or between computers and the cloud network. A VPN typically needs to have additional hardware or software from a third party to create a secure connection.
VPNs offer secure cloud access, but they take some effort in terms of configuration. When it has been configured and implemented, it uses local and cloud networks and combines them in a single address, removing outside threats. The downside is that it can expose computers to inside risks, and it doesn’t allow cloud computers to be accessed from an outside location.
VPCs: Public cloud solutions also create a way to isolate a number of cloud computers in a private environment using hidden IP addresses that aren’t exposed to the internet. Users can gain access through a single portal, and computers within the network can connect with one another when necessary. Logging in requires a dedicated virtual network gateway, which can be vulnerable when it comes to outside threats but is relatively easy to rebuild. This type of gateway is called a jump server and the network that contains it is called the DMZ. This configuration is relatively simple in terms of setup, offers a reasonable level of security, and protects the computers inside the virtual network.
Session Manager: A session manager is a preferred method being used by many enterprises. It’s software deployed at a DMZ cloud computer on the jump server. It takes traffic from the internet and converts it using protocols to connect to computers in the virtual cloud network. Users can interact with remote computers through a regular browser. A session manager supports multiple sessions at once and maintains a list of valid computers for connection. It also protects the passwords and certificates for these computers from being visible to the end user, which simplifies security.
While in the past, session managers could be challenging to maintain, today’s versions are cloud-aware and easy to set up and use. They are also scalable and affordable.
When it’s time to take the next step in your digital transformation process and secure cloud access, contact us at eXemplify. We can help you choose the access method that meets your needs in terms of convenience and supporting your security policies.