VPN
HashiCorp | October 10, 2022
HashiCorp, Inc. a leading provider of multi-cloud infrastructure automation software, today announced the general availability of HashiCorp Cloud Platform (HCP) Boundary, a secure remote access product. With this release, Boundary joins HCP Vault and HCP Consul to provide the industry’s first zero trust security solution to secure applications, networks, and people built for the cloud.
As organizations move to the cloud and adopt cloud operating models, they require a different approach to security — commonly referred to as zero trust security — where the default security posture is to trust nothing, authenticate and authorize everything. But the gap between legacy security postures and the accelerated move to the cloud is contributing to a significant increase in security breaches. According to the HashiCorp State of Cloud Strategy Survey, 89% of respondents believe security is the number one determining factor for cloud success, which is driving organizations to adopt zero trust security postures.
HashiCorp’s approach to zero trust security focuses on using identity to secure applications, networks, and people across multiple clouds, on-premises, and hybrid environments, which reduces the attack surface and automates complex security workflows. This ensures people, machines, and services are authenticated, every action is authorized, and data is protected.
“As organizations continue to expand their cloud estates, they must shift their security strategies to keep up with the growth and complexity of applications, network components, and cloud-based systems, At HashiCorp, we have always believed that identity is the foundation for zero trust security for applications, networks, and users. With HCP Boundary, companies now have a modern solution for privileged access management, securing access in dynamic, ephemeral environments for their workforce. We think we’ve reached an important milestone for our customers by delivering a security solution built for today’s threat and infrastructure landscape.”
Armon Dadgar, co-founder and CTO, HashiCorp
As organizations move out of traditional datacenters and into multiple clouds, hybrid, and edge environments, securing their infrastructure becomes more complex at scale. The HashiCorp zero trust solution covers all three of these aspects:
Applications: HashiCorp Vault provides a consistent way to manage application identity by integrating many platforms and identity providers. Vault enables fine-grained access control and authorization between applications and databases, including dynamically rotating credentials, PKI certificates, and API tokens, while also ensuring application data is always secure in transit and at rest.
Networks: HashiCorp Consul secures network traffic between applications and services, enabling fine-grained access control policies, observability, and traffic shaping. Consul integrates with Vault’s identity platform to leverage application identity for the policies and to allow dynamic PKI.
People: HashiCorp Boundary ensures the right people have access to the right systems and cloud services while removing the need to distribute and issue credentials, expose private networks, or manage static credentials. Boundary integrates with Vault to issue just-in-time credentials and ensure ephemeral access to critical systems.
General Availability of HCP Boundary
HCP Boundary provides a secure remote access solution for a cloud operating model, offering improvements over existing software-defined perimeter (SDP) solutions, like VPNs, and privileged access management (PAM) solutions that are IP-driven and highly manual. With HCP Boundary, teams gain fine-grained authentication and authorization controls, rapid user onboarding, and automated workflows for target discovery and credential management for ephemeral resources. As a cloud-based service, HCP Boundary benefits organizations struggling with security as they transition to the cloud, driven by people and skills shortages.
HCP Boundary allows teams and users to access the critical systems they need while abstracting the session connection, establishment, credential issuance, and revocation. Boundary provides operations and security teams the ability to dynamically pull in cloud service catalogs and on-premises resources and map out policies to which systems, users, and groups should have access. To do this Boundary leverages Vault to provide passwordless connections, and after each use revokes the credentials. This helps ensure critical information like credentials, networks, and resources are never exposed to the user or outside actors.
In addition to core secure remote access capabilities, Boundary also offers:
Identity platform integration with Microsoft Azure Active Directory and Okta, along with many other identity platforms that support OpenID Connect to onboard trusted identities and delegate authentication
Role-based access control (RBAC) to provide broad or fine-grained access to people throughout your organization
Passwordless authentication for seamless integration with dynamic secrets and Vault
Automated service discovery for streamlined discovery and configuration of targets. Dynamic host catalogs are currently available with Microsoft Azure and AWS, as well as direct HashiCorp Terraform integration to pull in resources under management
Session visibility and logging to get insights into session metrics, events, logs, and traces with the ability to export data to business intelligence and event monitoring tools
About HashiCorp
HashiCorp is a leader in multi-cloud infrastructure automation software. The HashiCorp software suite enables organizations to adopt consistent workflows and create a system of record for automating the cloud: infrastructure provisioning, security, networking, and application deployment. HashiCorp’s portfolio of products includes Vagrant™, Packer™, Terraform®, Vault™, Consul®, Nomad™, Boundary™, and Waypoint™. HashiCorp offers products as open source, enterprise, and as managed cloud services. The company is headquartered in San Francisco, though most of HashiCorp employees work remotely, strategically distributed around the globe.
Read More
VIRTUAL DESKTOP STRATEGIES
Arculix | November 21, 2022
SecureAuth, a leader in access management and authentication, today announced its Arculix Universal Authentication Fabric to further strengthen the technology to enable organizations for passwordless continuous authentication. Arculix Universal Authentication Fabric is a technology framework that delivers authentication driven by AI/ML behavioral modeling, continuous risk scoring and eliminates logging in making passwords obsolete. For users, it’s a one-and-done event for accessing their relevant apps, VDI or SSO. For companies, it’s a robust authentication with continuous authentication in the background without any friction to the user.
“Historically, a single source to define and administer policy and processes for all users has been absent, Fraud, credential stuffing and attacks will continue to evolve as bad actors thwart existing security approaches. SecureAuth’s Universal Authentication Fabric delivers the first risk-based analytics approach as a consolidated backbone for continuous, multi-factor, and passwordless authentication with the highest level of security as well as a frictionless experience for users.”
Paul Trulove, CEO of SecureAuth
Between authenticating to the workstation, an SSO portal or federated web apps, VDIs, VPN, and PAM solutions, the typical user authenticates 16 times a day using three different sets of username and password. This is simultaneously insecure and a poor user experience. With Arculix Universal Authentication Fabric, users can login once and securely access the applications needed to do their job. Arculix Universal Authentication Fabric allows users to attain a level of assurance needed to authenticate with its patented behavioral AI/ML risk analytics engine. To ensure there is no account takeover (ATO), it generates a score at the beginning of a user logging in that is used to grant access to web apps, servers and services without requiring another factor check. This removes the need for siloed systems to authenticate users.
“SecureAuth’s Arculix Universal Authentication Fabric is the underlying element for the new 360-degree cybersecurity perimeter that every enterprise needs: Continuous, Holistic and Adaptive,” said Alfredo Estirado, CEO of Grupo TRC. “As a key partner of SecureAuth, we are excited to offer this to our customers across various geographies.”
Key capabilities include expansion of passwordless features into endpoints, including access to persistent and non-persistent VDIs, in the same passwordless way a user authenticates to a standard machine. This enables a passwordless authentication journey whether in or out of the office. This Universal Authentication Fabric also supports our device trust support for seamless passwordless authentication for transient virtual desktops and physical desktops.
About SecureAuth Corporation
SecureAuth is a next-gen access management and authentication company that enables secure and passwordless continuous authentication experience for employees, partners and customers. With the only solution that can be deployed in cloud, hybrid and on-premises environments, SecureAuth manages and protects access to applications, systems and data at scale, anywhere in the world.
Read More
VIRTUAL DESKTOP STRATEGIES
OpsRamp | September 15, 2022
OpsRamp, the digital operations management company, has partnered with Virtual Service Operations (VSO), a leader in hybrid and multi-cloud managed services, to power VSO’s virtual Service Quality Operations Division (vSQOD) Managed Services offering. VSO is using OpsRamp’s digital operations management platform for monitoring and alerting of hybrid and multi-cloud workloads and patching-as-a-service across its customer accounts.
VSO manages a variety of technologies, both on-customer-premises and in public cloud environments, all unified in the OpsRamp platform. The OpsRamp multi-tier, multi-tenant SaaS-based platform allows VSO to monitor and manage Amazon Web Services, Microsoft Azure, IBM Cloud, VMware, Kubernetes, and much more from a single pane of glass.
“The benefit of OpsRamp is that it goes across all of those different cloud environments and our on-premises footprint as well, We are able to monitor globally, by region, and by customer.”
Laura Richardson, Chief Technology Officer of VSO
VSO supports multiple environments 24/7 through its vSQOD service, using OpsRamp for alert handling, event correlation and escalation, integrated with Jira Service Management. Improved uptime, greater resiliency and security, and lower operational costs are all benefits customers have enjoyed from working with VSO, powered by OpsRamp.
“It all starts in OpsRamp,” said Richardson. “We use OpsRamp as a clearinghouse for alerts, then after event correlation it feeds Jira with actionable tickets. We can quiet the noise so the tickets that hit Jira get immediate focus.”
More than 60% of the vSQOD are veterans of the US Armed Forces. VSO founders Steve O’Keefe and John Birch launched the company at the start of 2018 with a veteran-centric mission propelled by their past experience working with highly-trained and adaptable service members. While some of vSQOD’s hires come to the firm with subject matter expertise in IT that they gained in the military, VSO offers transitioning service members with an interest in tech the opportunity to train with Skillbridge before separation from the armed forces. They can then advance their technical training through internal skill-mapping or partnership courses once in the field.
“We hire veterans, train them in teams and deploy them in teams,” said Richardson. “More than 200,000 people exit the military each year, after having spent years in one or more of the US military’s 4000 schools. It’s a great pool of talent to draw from. Veterans work well in teams, have excellent leadership qualities, and thrive as IT professionals. VSO’s Managed Services are outstanding because of them.”
“OpsRamp is honored to be the IT operations management platform of choice for VSO and support its mission of hiring and training veterans for careers in IT,” said Jim Lampert, vice president of global strategic accounts at OpsRamp. “OpsRamp helps MSPs to grow their business, improve customer outcomes and reduce operational costs.”
VSO is one of several recent customer success stories OpsRamp has announced in the MSP space including:
Liquid IT: Reduced alert noise by 95% resulting in lower mean time to detect and resolve incidents and increased service availability.
Pinnacle Technology Partners: Reduced alert floods so they now only have to respond to critical events, allowing them to reduce mean time to repair, and automate high-volume, time-consuming IT operations tasks.
WinWire: Reduced event noise by 90%, automated 70% of routine IT operations tasks and managed the same number of clients with 50% less staff effort.
About OpsRamp:
OpsRamp is a digital operations management software company whose SaaS platform is used by managed service providers and enterprise IT teams to monitor and manage their cloud and on-premises infrastructure. Key capabilities of the OpsRamp platform include hybrid infrastructure discovery and monitoring, event and incident management, and remediation and automation, all of which are powered by artificial intelligence.
About VSO:
Virtual Service Operations is a U.S.-based Managed Services and Engineering firm for infrastructure, cloud, and hybrid environments. Its military veteran workforce provides reliable, secure, and cost-effective solutions for companies in need of a flexible, affordable approach to hybrid architecture and data management.
Read More