Hear why Bob Jenkins, senior infrastructure security engineer for Compass chose Banyan Security to provide his extended DevOps team remote access to infrastructure and hosted apps.
My name is Bob Jenkins, I’m a Senior Infrastructure Security Engineer. Basically, what my team is tasked with is protecting customer trust and our engineers by defending the network perimeter, taking care of infrastructure, service-to-service stuff, and everything in between. I’m a member of Compass. Compass is a real estate/technology organization. Our business model is, is to provide real estate agents with a great technology tool set. We’re a fully AWS stack, and so we have a good set of legacy problems around various bastion tunnels and bastion hosts that were all over the network. A couple of VPN providers that were adopted by various subsets of our employees. So, most of our network access relied on our engineers, either manually setting up SSH tunnels, or connecting to VPNs to get their work done. This was painful because they had a bunch of manual work to get their work going on a daily basis.
Other problems were that, in cases where we had resources that relied on shared authentication, there was really no way for us to have a good understanding of who had access really to what resources, or even who was using those resources at any given time. Another problem we had was that we kept finding as the Security team, things on the public internet, which we never want to see.
Moving to the Zero Trust model with Banyan, it allowed us to stopped trusting people who had gotten into our network perimeter. So, instead of that, once you’re connected to the VPN, you have access to everything. Now with Banyan, we’re able to provide authorization on a resource and individual level, which gives us A, a ton of improved security, but also a ton of increased visibility through the Banyan metrics that are produced.
The old model was that teams may own a bastion host or Security may provide a VPN solution. Especially for new hires to Compass, working in the Product and Engineering groups, historically, each team owned a set of documentation that would get out-of-date. Leveraging Banyan, having it right there, pre-installed via Jamf on our developer machines. And having that end user documentation about how to use it and how to connect to it, basic troubleshooting things, that’s all just very simple and the feedback from our engineers has been very positive.
And so, one of my favorite features in Banyan is the wildcarding of services. This allowed us to cloak literally hundreds of RDS instances with a single service, so that with a short blurb of documentation, we were able to allow any developer to have a path to their team’s RDS instance, without having to jump through a lot of hoops. Another huge win for us is the trust scoring feature. It allows us to not only guarantee that the user is authorized to access a resource, but also the endpoint they’re connecting from meets a certain threshold that we can allow them to connect to our internal resources. I’m happy, but more importantly, our engineers are happy.
Quickly provide your workforce secure access to corporate resources and infrastructure.