Applications are being built, deployed and managed differently these days. Enterprises are adopting microservices architecture where a big monolithic service is broken into smaller and single task services with REST APIs and messaging services connecting them in a loosely coupled fashion. Such methodology fuels the growth of the number of applications serving employees and customers, a lot of them are simply standalone applications. Granting access control to who can access what information becomes an important IT/Ops task.
If you use a bastion station to access instances in a VPC, you should be very weary of the private key management. The bastion station, itself an AWS or Azure instance, has a private key that cannot be changed once the instance is created. Moreover, this private key is shared by all users and any user who logs in into the bastion station has “sudo” power, that is, root privilege. If an employee leaves the company, the employee still has access to the bastion station! Changing the private key amounts to building a new bastion station and distributing the private key again. There needs to be a security perimeter at the user level to allow or deny access to your cloud resource at any given time, rather than relying on a private key. Furthermore, using a bastion station does not allow non-developers to access private applications in the cloud.
Deploying a VPN server instead of a bastion station is the first step to build a real security perimeter. It is a must have from security standpoint.
We are proud to announce that Aviatrix Cloud Gateway now supports GCP, in addition to AWS and Azure. Last week we attended GCP Next 16. It was a great show for us as over 200 visitors came to our booth and learned first hand what Aviatrix Cloud Native working is all about. Aviatrix Cloud Native networking provides simplified scalability, connectivity to any cloud architecture and end to end network security.
Sounds fancy and what’s in it for me, you may wonder.