Secure Enclave for High Value Apps

Physical and Logical Network Segmentation

Critical Apps for Employees, Contractors

Secure Enclaves for Cloud Environments

A Fortune 500 leader had multiple supply chain partners accessing their data center and was concerned with predatory malware moving laterally to attack business-critical applications and proprietary data. They wanted to secure their internal network as it was no longer adequately protected by traditional perimeter security products.

They evaluated numerous approaches to protecting high-risk applications, yet each required substantial infrastructure upgrades, would increase operating burdens on the security team, and still not offer enough protection against advanced threats.

Solution: PrecisionAccess to Protect High Value, Critical Servers.

With PrecisionAccess the security team established Secure Enclaves within their existing data centers by using Vidder for north/south segmentation while using firewalls for east/west partitioning. The attack surface associated for their most critical applications was eliminated while access for supply chain partners was simplified. Users and apps could be added in minutes.

Application owners and security teams established complete control over access to sensitive, business critical applications without the need for constant tuning and list management tasks. Over four years the Enclave was never breached and the team reduced costs by more than 50%.

“PrecisionAccess allowed us to build secure enclaves for our high value applications with no impact on partner and internal user experience.”

A multinational insurance and health care conglomerate with multiple business units was concerned with credential theft and predatory malware risks. They had a flat network serving all business units and leveraged VPNs for employee access. In response to rising security risks, they explored physical and logical segmentation options.

Physical segmentation, even within their existing facilities, approached $25M in cost, yet employees would still have access to networks serving multiple cabinets, enabling unacceptable credential theft and predatory malware risks. Logical separation was considerably less expensive but didn’t provide enough protection. So they explored using multifactor authentication into segmented groups. Yet cost, security compromises and poor user experience were significant drawbacks.

Solution: PrecisionAccess as a Managed Service

They chose PrecisionAccess as a managed service and shrunk the attack surface, segmented their existing data centers into business unit groups and minimized user experience impacts. They enhanced protection while drastically reducing both CAPEX and OPEX costs.

AWS security groups offered east/west partitioning while PrecisionAccess delivered north/south partitioning. No upfront infrastructure upgrade was required and the team could easily control access to critical apps without extensive, ongoing firewall rules tuning and NAC ACL changes.

“Vidder’s unique approach to access control gave us unprecedented security and flexibility without any negative user impacts.”

A health care services company was challenged with securing access to centralized health record and workflow management applications. Authorized users included thousands of remote nurses and home service workers. These mobile users needed easy and quick access as they moved from home to home to read and add information to centralized health records.

Traditional multifactor authentication and VPN solutions were too cumbersome and costly. Yet taking any short cuts could expose patient data to malware and unauthorized users. Their best choice was a solution with integrated Software Defined Perimeter and Trust Assessment technology.

Solution: PrecisionAccess for Trusted Remote & Local Access

The security team chose PrecisionAccess because it allowed them to easily protect their apps with dynamic, transparent multifactor authentication. A common solution could be used for both remote and local users without needing to add temporary contractors to the internal network and VPN. Integration with SAML/SSO meant that users could be given easy access to what they needed to perform their work, twenty-four hours a day, without exposing other apps to potential risk.

The operating and compliance burdens of managing access to disparate work groups were significantly reduced and home health care workers easily accessed authorized applications regardless of location. Security and user convenience was enhanced.

“Vidder offers the most secure, complete access control solution for addressing the needs of a distributed, dynamic workforce, including temporary employees accessing sensitive apps.”

A public financial services institution with $10B in assets wanted to leverage the AWS commercial marketplace to reduce the time and cost of application deployment, yet FFIEC compliance regulations made it impossible to meet the strict access control requirements using traditional security solutions. To meet those regulatory requirements, a connectivity solution had to guarantee that only analysts with appropriate authorization could access protected compute environments.

They needed to build a Secure Enclave on AWS, a compliant, partitioned security group environment only accessible by trusted users in specific locations. With existing hardware-based solutions they could not achieve their goals.

Solution: PrecisionAccess to Build a Secure Enclave

The team chose Vidder’s PrecisionAccess to create a role-based application layer encrypted connection between data analysts and the Secure Enclave in AWS. Only trusted users in secure facilities could see protected compute environments and access them via app layer mutual TLS connections.

A key winning advantage of PrecisionAccess is that the AWS compute instance was “dark” to Internet scans thus allowing the financial institution to maintain complete anonymity and protect systems from predatory malware, man-in-the-middle and credential theft-based attacks.

“With Vidder Secure Enclaves, superior security capabilities and agility can be easily built in AWS. More easily than anything commercially available.”