Configuring and managing site-to-site VPNs has always been a tedious and time consuming job. To get it working smoothly, it often takes days. Not anymore! No need to maintain expensive and cumbersome, site-to-site hardware and network/VPN links. Get started with CipherGraph Cloud VPN SiteBridge!
Annual Pricing Launched on AWS Marketplace
July 15, 2014 (Pleasanton, CA): CipherGraph Networks today announced the availability of annual subscription pricing options for its Cloud VPN offering on AWS Marketplace. These options offer Amazon Web Services (AWS) customers a chance to buy Cloud VPN capacity upfront at guaranteed rates, as well as benefit from volume discounts.
The CipherGraph Cloud VPN adds an encryption layer to AWS’ secure system, allowing end-users to connect securely to regular or hybrid cloud deployments and access applications running on the backend.
CipherGraph is working to help businesses ranging from SMBs to enterprises to migrate their intranet deployment to the flexible, scalable, pay-as-you-go AWS Cloud, quickly and while reducing security and compliance concerns. CipherGraph Cloud VPN accomplishes this by providing intranet-style secure access to the cloud.
The Cloud VPN is available as a Virtual Machine that comes with value-added features including Role-Based Access Control, 2-Factor Authentication, Audit support, and Active Directory/LDAP integration.
“We are privileged to be able to offer a solution for compliance and secure end-user access to AWS customers globally. Our discounted annual subscriptions give them the power to purchase capacity for the long-term at lower rates”, said John Cabri, COO, CipherGraph Networks.
We are proud to announce the immediate availability of our new product version: CipherGraph Cloud VPN 3.0.0 on AWS Marketplace.
This release contains several updates and all new support for creating site-to-site VPN tunnels with a single step. Now it is simple to connect your AWS VPCs together or even connect your AWS to your datacenter or hybrid cloud setup. Forget setting up complex IPSec configurations and bringing them to sync, you can now create a mesh of connections across all your cloud zones and datacenters within minutes, no networking expertise required.
Here is Part 2 of the CipherGraph Cloud VPN feature review, big thanks to Praveen Muppala!
This article serves as an excellent and comprehensive resource for the setup and user experience with screenshots, every step of the way.
Here is the link to the original article: http://cloudacademy.com/blog/connecting-aws-vpc-resources-using-ciphergraph-cloud-vpn-part-2/
Respected Cloud Professional, Praveen Kumar Muppala, documents his experiences with CipherGraph Cloud VPN. Click here to read on.
Out of all available solutions, CipherGraph Cloud VPN is providing Cloud Access Gateway which is a Secure Access Gateway VM for your private cloud resources from anywhere with a secured VPN service.
– Praveen K. Muppala
Praveen found several of our Cloud VPN’s features very useful (noted in the article), including Two-Factor auth, powerful audit support, corporate directory integration and mobile device support. He mentioned that it was important that we are an official AWS Partner and an official vendor on the AWS Marketplace.
“A successful breakout depends on three things: Knowing the layout, understanding the routine and help from an outsider” — Ray Breslin (Escape Plan)
To break out of the datacenter mindset and to a Cloud way of being requires one to embrace a cluster of all-new (for many) paradigms – virtualization and owning zero-hardware; having somebody else hosting and even managing your computing resources; instant provisioning and automation; cloud topology and global distribution of resources; scalability and elasticity; reduced operating man-hours. The combination of these paradigms is the heart of what we call Cloud Computing.
This November 2nd will mark the 25th anniversary of something momentous. November 2nd 1988, the first ever worm hit the internet, the Morris worm. Launched by a student of Cornell University as an experiment, not only did it end up bringing down many systems connected to that early version of the internet, but was also a true marker of the transition of the internet to an ‘insecure open network’.
Twenty five years later, as IBM leverages the power of the cloud to offer DoS protection, and some of the biggest brands including Apple, Google, and Adobe suffer from a wave of sophisticated internet attacks, it is tempting to look back at that moment and consider it a ‘Pandora’s Box’ event. The box was always meant to open, it was just the trigger event that set things in motion.
As individuals who have witnessed the breathless rush of technology changing the face of the internet every few years, its been a very long journey from bulletin board systems and telnet and usenet to AWS and Google Authenticator 2-factor authentication and private clouds hosted in datacenters. From hacked database servers on the public internet with default passwords and no IP restrictions to sophisticated sweeps of an organization’s networks, attacks that take weeks, months, or even years to execute.
Truly, data security for the business of 2013 is a game of shadows!
That reminds us of this quote from a favourite movie we rewatched recently (Sherlock Holmes: A Game of Shadows 2011) -
“Sherlock Holmes: [v.o] His advantage, my injury. My advantage, his rage. Incoming assault feral, but experienced. Use his momentum to counter.
[as Holmes hits Moriarty in the face, everything stops and the audience watches Moriarty’s face]
Professor Moriarty: [v.o] Come now, you really think you’re the only one who can play this game?
[Back to the analyzed fight]
Professor Moriarty: Trap arm, target weakness. Follow with haymaker.
Sherlock Holmes: Ah, there we find the boxing champion of Cambridge.
[Holmes throws a hook at Moriarty’s face]
Professor Moriarty: Competent, but predictable. Now, allow me to reply.
[Moriarty throws several punches at Holmes’ shoulder]
Sherlock Holmes: Arsenal running dry. Adjust strategy.
[Holmes tries to kick Moriarty but fails]
Professor Moriarty: Wound taking its toll.
Sherlock Holmes: As I feared. Injury makes defense untenable. Prognosis, increasingly negative.“
The Inside Threat
While Holmes was able to discover his opponent, the business of today does not have that luxury. As Steve Pate writes in ComputerWorld (read here):
“Depending on which research you read, insiders are responsible for anywhere from 14% of data breaches (as published in the Verizon 2013 Data Breach Investigations Report), to over 36%, as Forrester Research has published. Both of these reports make the important distinction between malicious insiders, who seek access for profit or revenge, and the employees who simply make mistakes — leaving data exposed or vulnerable. Frankly, from a compliance or breach notification standpoint, these nuances don’t matter. If sensitive or regulated data gets out, you’ve got problems.”
How do businesses today handle a situation where they are engaged in a game of shadows with multiple opponents that they cannot possibly identify? And whats worse, how do they handle the fact that some of these opponents lie within the organization?
Simplify, Empower and strike the balance between Consistency and Adaptation
Look for the simplest solutions that help organize and secure your networks, resources, and employees. For instance, when doing network security, look for solutions that work with networks, not with resources / servers. When securing data-at-rest, that’s the time to be able to work with servers – physical or virtual – and the resources that they host. Look for solutions that do one thing with simplicity, elegance, and transparency. Your overall architecture will be a lego-structure of solutions which address different requirements without huge overlaps. The ability to use abstract thought to plan your security arrangements is invaluable here – a practical approach will save you time and money until the first breach costs you a huge packet and makes you go back to the drawing board!
It’s so easy for us to forget that employees are human beings, not mechanical objects. Because an organization has so many areas where they cannot control their employee actions, employees will always end up with power. To recognize this reality and pro-actively empower employees in a sensible manner gives businesses a better chance of ensuring they aren’t cracked wide open by the maverick actions of their employees. For instance, some organizations fear and bar BYOD – this does not mean that BYOD does not happen on their premises. A little planning allows IT to select BYOD mechanisms that are sensible and yet limit the risk involved.
Third, strike the balance.
Organizations – especially in the enterprise segment – tend to be large and have many disparate departments, sections, units… A uniform data security policy or IT policy across all segments is much harder to achieve. This is precisely why regulations for compliance (like PCI-DSS) are so carefully written, and allow for different forms of implementation, because such regulation itself is to be imposed on industries with companies of all shapes and sizes. We would suggest that businesses create uniform policies, but focus more on the requirements (what is to be achieved) than the instructions (how it is to be achieved). For instance, we hear of large corporates with ‘renegade’ teams hosting on AWS without consulting their superiors, just because IT responds so slowly to individual requests. Far better to legalise these deployments but put pressure on departments to ensure that such deployments conform to the mandated requirements, even if they don’t follow the instructions of “Use only our private cloud!”.
Understand Security in Cloud + DataCenter better
You can read more of our articles (link to blog) or better still, contact us today! Email us at email@example.com – we have what it takes to help you make sense of this treacherous game of shadows.
The Illusion of Security
A common response we hear from companies is, “Our installation is already secure”. Another “Nobody can intercept our traffic, so its secure”. Another, “This kind of security is a solved problem”. At this point, we ask them for a description of the solution that they currently use to protect their cloud or datacenter deployment. And the answers are often stunning! Sample this “I open up ports for end users manually, it doesn’t matter if I have to work in the middle of the night to do this”. “We use SSL, so nobody can hijack our traffic”. “We use <some random security appliance with a thousand features thrown together haphazardly> to protect our network and do remote access”.
The reality isn’t as pretty
All of these have one thing in common – a perception of security which allows your business to rest easy. Until that fateful breach which takes advantage of the holes in your security that you just haven’t noticed! Manual port configuration and manipulation of firewall rules requires your IT to work overtime, which makes it harder for them to do a good job of proactive monitoring of security threats. SSL security or other means of encrypting traffic do not protect against attacks targeted at the endpoints exposed by your applications and services. Security appliances with a thousand features and a thousand blades don’t just do everything, they do everything rather poorly.
Manual Firewall Tinkering
Its obvious why manual firewall configuration is a bad thing – it is opaque, hard to manage, incredibly error prone and requires excessive IT effort. From our own experience, we hear of IT admins who discover ports left open 6 months after the need for them has ended. Firewalls and firewall-rules are not setup with the intent for ad-hoc permissions, they are set up so that only the services and applications you really need to expose are exposed.
SSL Security and Encrypted Traffic
AlertLogic writes in its State of Cloud Security bulletin (read here).
“67 percent of energy companies experienced brute force attacks, versus 34% of entire customer set. Attackers look for opportunistic points of vulnerability in networks housing confidential business information. Breaches of geophysical data, in particular, are intended to damage or destroy the data used in energy resource exploration. Brute force attacks are also used to steal a company’s intellectual property for the purpose of industrial espionage.”
SSL security does not protect against brute force attacks. Nor does it protect against any other attacks aimed at the end-point of an application or service. For instance, if the login page of your web application has an SQL injection weakness, then your application will be compromised, whether or not you implement SSL / encryption for all traffic to the web application. SSL does transit security very well. It does not however do Perimeter Security. The more critical your data (for instance, energy companies in the above quote), the greater the chances of attackers targeting accessible endpoints via brute force attacks or zero-day vulnerabilities which do not require the user to login. For instance, if your Apache web server has a zero-day vulnerability, protecting the web apps it hosts with impregnable passwords does not protect it.
Security in a Box
Then finally, we look at the security appliances with a rich feature set. We believe in simplicity, and in function. Anything we build or use must be built exactly for the intended purpose. When we examine ‘security appliances’ on AWS or elsewhere, we see a disturbing trend – the feature set is created to convince the customer that ‘We solve all of your problems’. You will see firewall, VPN, UTM, forensics, log monitoring; an endless list of features in one appliance (virtual or otherwise).
UTMs have existed to make hardware management easier, the vendors know that customers only use a fraction of services and by the time you do the math on economy, the sale is already done. In the Cloud and Virtual world, hardware is completely eliminated, putting virtualized or aggregated services like what UTMs on a VM based or cloud platform is completely wasteful and severely chokes performance.
Theoretically, it is possible to give you every single solution in one compact package. But realistically speaking, no company out there is going to be able to do that. Not even our own. We believe in a clearly defined solution to an explicitly defined problem, with the right mix of features. Not in building solutions which claim to implement every aspect of security in an effort to get more customers. We’ll pass on getting more confused customers, and instead focus on customers and relationships which are based on experience, trust, understanding and wysiwyg – what you see is what you get.
Do we walk the talk?
We give you perimeter security. For cloud and datacenter. With simple secure remote access to empower your end-users. And role-based access control allowing you to give the concerned users access to the resources they need to access. In a virtual appliance (no hardware!) with clearly defined features and focused functionality. We’re not even talking about the costs and how much you’ll save – we’re proud of what we offer to you and we’d like you to see cost-savings as a bonus, not as your reason for buying from us.
Reduce the clutter around your security thinking – contact us today! Email us at firstname.lastname@example.org – we’d love to hear from you.Image courtesy pbkwee
A recent Techcrunch article by Alex Williams was a fine read about how major players have had cognitive bias in their assessment of cloud computing and its impact on their market dominance. It is not completely unfounded, the players have enjoyed tremendous success in the traditional datacenter model, they would prefer to use that to their advantage.
About providers of private cloud technology, Alex says:
The reality: these systems have to be purchased, installed in a data center, loaded with software and then maintained by an IT team. To reiterate, customers do have a need for this infrastructure but it is more a retooling of the data center more than anything else.
This simply could not be more accurate. Private cloud will quickly evolve to being a niche segment. For most companies, the cloud offers the benefits they simply will be unable to do without.
Public Cloud Gaining Dominance
Gartner says public cloud is growing at an excellent rate of 18.5% but IaaS is at a staggering 42.4%.
The evidence is unassailable; AWS, Azure and other cloud providers are increasing marketshare by tremendous percentage each year. Their offering is not just a business execution, the technology is evolving, creating more options that are more versatile and powerful.
The utility of public cloud is fast approaching near ubiquity and the corner cases are becoming more and more marginal.
The utility of public cloud is fast approaching near ubiquity and the corner cases are becoming more and more marginal. How is this all happening? While the argument of focus, that AWS has only the software/tech to focus on, may hold some water but the truth is that the incumbents for private cloud may have wanted their reputation to stand for itself, disregarding the fact that IT efforts does not reduce to zero, may not even reduce substantially enough.
Charles Fitzgerald says:
IBM’s fundamental problem: they supply those being disrupted by technology, not those doing the disrupting. Today an IBM dependency can be an existential risk.
This argument can be interpreted in multiple ways; one may be that IBM may be making a mistake, but the more important one is that IBM is evolving and their current business model will be superceded. If you depend on that, you may soon fall into “legacy support” for them and that will harm your business operations.
Assess your needs carefully
Everyone craves comfort zones but the cloud has no room for players that need familiarity. “You cannot leap the chasm in two jumps”, and I’d also add, you cannot leap without getting both feet in the air. Simply put, if you keep trying to retrofit cloud to your hardware, you would have poorly addressed the strain from competition and may completely have you beaten, unless fixed fast. The phenomenal cloud growth and the numbers leave no breathing room for slow incremental shift towards cloud.
Move fast, or risk complete wipeout.
Fortunately, experimenting with cloud is not expensive or risky as experimenting with owning datacenters. Most of the cloud is OpEx/subscription model and you only pay for a short duration. There is no risk of sunk costs, yet the potential gains are disproportionately high.
Cloud Computing: There is no spoon
Its time to abandon conventional way of thinking. See past the obvious choices and retrofitted solutions. Choosing hardware for your cloud security is the most likely to be wrong right off the bat, will certainly be wrong in the long run where the massive leaps in cloud computing will make every shiny hardware obsolete much sooner than you want.
Security is the top inhibitor to cloud adoption
Security is seen as the number one inhibitor to the cloud, that is true for two reasons
- There is little understanding for cloud-freshers of where their provider’s responsibility ends and their own begins.
- Cloud Security is not the same as what you are used to in the datacenter.
I’ll make things simpler. Security is always your problem. You may not need to be directly involved to solve it, but you need to know what you have chosen. In the recent past there have been several security breaches with embarrasing and expensive data thefts, you do not want to be one of them.
The second point is self-explanatory. Cloud is not the same as datacenter, the technology is different, the underlying assumptions are different and most importantly the infrastructure is mostly opaque to your IT. You have to make a informed choice, there is no way a tool as powerful as cloud computing would be trivial to use effectively.
CipherGraph gives you speed and security in one simple powerful package
If your cloud strategy involves IaaS, you need CipherGraph. CipherGraph gives you the security you need to make the cloud leap *now*. Do not wait till your competition starts to chip you away, by then it will be too late.
Talk to us at email@example.com to learn more about cloud security and what CipherGraph can do make your cloud migration secure, swift and economical.
Can we trust the cloud?
Often these discussions tend to leave out IaaS, which ironically is the fastest growing cloud service there is.
Gartner says that one of the biggest factors inhibiting cloud adoption is security. I’ll go one step further and say a critical factor acting to block cloud adoption is trust. Security as a business requirement and genuine trust is never blind.
Here is Ron Miller on the subject -
In an interview this weekend with All Things Digital, Google CIO Ben Fried articulated Google’s policy on bringing your own devices and using external cloud services — in short they don’t allow it in most instances because of security concerns.
When discussion cloud storage SaaS companies, Fried told All Things Digital that when users use it in a corporate context, corporate data is being held in someone else’s data center.
This is not an attack on cloud in general. It is easy to interpret it as lack of trust in cloud, but I believe it only says that the company needs more control over the handling and security of how their data is held externally. If the kind of security they need is not offered economically by third party vendors, they have no choice but not to do it themselves.
Not every company can host their own datacenters, but all companies can exert the practically same levels of control by adopting IaaS (with the security characteristics they want).
Helping companies adopt IaaS cloud securely
IaaS is the sweet spot between owning your own datacenters and being powered by cloud. All the advantages and control of owning your datacenter, without all the management of hardware and other datacenter-related things.
A good beginning for any business looking at the cloud is to map the risk points. Where does using the cloud expose you to risk as opposed to the safe environs of your on-premise deployment?
Often these discussions tend to leave out IaaS, which ironically is the fastest growing cloud service there is.
With IaaS, applications are now hosted within your cloud deployment, and you are in full control of data security and data-loss-prevention. Most businesses can comfortably go with almost any reputed IaaS provider like AWS, Azure etc.
Cloud Security and IaaS
Many of our articles go into detail about how to go about securing your IaaS deployments (more than even your datacenter ever was). What we’d like to emphasize here is that awareness of the risks associated with data in transit and data at rest when using IaaS gives your business the ability to trust the cloud as a platform. A great starting point to neutralize those risks is to try to list risks that your datacenter already tackles for you and gain similar security characteristics on your cloud, but using building blocks from the cloud era, not the datacenter era.
For data in transit, CipherGraph delivers you a platform centered around two concepts from the datacenter paradigm – remote access and perimeter security. Together, these traditionally formed the heart of datacenter security – create a secure perimeter around your servers, and allow remote access only through a secure VPN appliance. We’ve reworked those to create virtual appliances that give you datacenter grade security in the cloud with the perimeter security that assures safety of your apps and servers.
Protect your servers, data and data-in-transit
We’ve implemented enterprise-grade features that can be used by any size of business to manage their end-users – Role Based Access Control & Audit, Multi-Factor Authentication, etc. your apps and data-at-rest data benefits from the security of being within a datacenter like firewalled perimeter and access to intranet servers/data (data-in-transit) is securely enabled only for authorized users over our encrypted channel.
We’ve worked very hard to give your business a complete package to secure your IaaS cloud deployments – a package to help you trust cloud and benefit from its incredible power.
Ready to trust us enough to validate what we’re talking about? Give us a spin, email us at firstname.lastname@example.org