“Security needs to evolve from LANs, alerts and lists to integrated approaches that enhance security, enable cohesion and reduce risk.”
F100 Security Architect
High Value Application Needed Secure Enclave
They evaluated numerous approaches to protecting high-risk applications, yet each required substantial infrastructure upgrades, would increase operating burdens on the security team, and still not offer enough protection against advanced threats.
Solution: PrecisionAccess to Protect High Value, Critical Servers.
With PrecisionAccess the security team established Secure Enclaves within their existing data centers by using Vidder for north/south segmentation while using firewalls for east/west partitioning. The attack surface associated for their most critical applications was eliminated while access for supply chain partners was simplified. Users and apps could be added in minutes.
Application owners and security teams established complete control over access to sensitive, business critical applications without the need for constant tuning and list management tasks. Over four years the Enclave was never breached and the team reduced costs by more than 50%.
“PrecisionAccess allowed us to build secure enclaves for our high value applications with no impact on partner and internal user experience.”
Physical and Logical Network Segmentation
Physical segmentation, even within their existing facilities, approached $25M in cost, yet employees would still have access to networks serving multiple cabinets, enabling unacceptable credential theft and predatory malware risks. Logical separation was considerably less expensive but didn’t provide enough protection. So they explored using multifactor authentication into segmented groups. Yet cost, security compromises and poor user experience were significant drawbacks.
Solution: PrecisionAccess as a Managed Service
They chose PrecisionAccess as a managed service and shrunk the attack surface, segmented their existing data centers into business unit groups and minimized user experience impacts. They enhanced protection while drastically reducing both CAPEX and OPEX costs.
AWS security groups offered east/west partitioning while PrecisionAccess delivered north/south partitioning. No upfront infrastructure upgrade was required and the team could easily control access to critical apps without extensive, ongoing firewall rules tuning and NAC ACL changes.
“Vidder’s unique approach to access control gave us unprecedented security and flexibility without any negative user impacts.”
Protecting Critical Apps used by Contractors and Employees
Traditional multifactor authentication and VPN solutions were too cumbersome and costly. Yet taking any short cuts could expose patient data to malware and unauthorized users. Their best choice was a solution with integrated Software Defined Perimeter and Trust Assessment technology.
Solution: PrecisionAccess for Trusted Remote & Local Access
The security team chose PrecisionAccess because it allowed them to easily protect their apps with dynamic, transparent multifactor authentication. A common solution could be used for both remote and local users without needing to add temporary contractors to the internal network and VPN. Integration with SAML/SSO meant that users could be given easy access to what they needed to perform their work, twenty-four hours a day, without exposing other apps to potential risk.
The operating and compliance burdens of managing access to disparate work groups were significantly reduced and home health care workers easily accessed authorized applications regardless of location. Security and user convenience was enhanced.
“Vidder offers the most secure, complete access control solution for addressing the needs of a distributed, dynamic workforce, including temporary employees accessing sensitive apps.”
Secure Enclave in Cloud Needed for Security and Compliance
They needed to build a Secure Enclave on AWS, a compliant, partitioned security group environment only accessible by trusted users in specific locations. With existing hardware-based solutions they could not achieve their goals.
Solution: PrecisionAccess to Build a Secure Enclave
The team chose Vidder’s PrecisionAccess to create a role-based application layer encrypted connection between data analysts and the Secure Enclave in AWS. Only trusted users in secure facilities could see protected compute environments and access them via app layer mutual TLS connections.
A key winning advantage of PrecisionAccess is that the AWS compute instance was “dark” to Internet scans thus allowing the financial institution to maintain complete anonymity and protect systems from predatory malware, man-in-the-middle and credential theft-based attacks.
“With Vidder Secure Enclaves, superior security capabilities and agility can be easily built in AWS. More easily than anything commercially available.”