Advanced Remote Access for Engineers

Remote access to servers storing/managing data via SSH/RDP is more critical than ever. Traditional VPN access plus static long-lived credentials used for SSH/RDP are not secure enough for modern IT environments.

The problem

As Engineering teams are increasingly distributed across the globe and enterprises are often turning to contract workers to help accelerate project deliverables, the need for securing SSH, RDP, and Kubernetes remote access has never been higher. VPN alternatives are needed, given the sensitive nature of this work and the potential for breaches with VPN-based secure access. Enterprises need a more secure approach that delivers on Zero Trust principles that fit the modern enterprise.

The emergence of continuous authorization and principle of least privilege are critical to this approach, and VPNs simply cannot keep up with these demands. Specifically, in the case of secure SSH, RDP, and K8s access, VPNs fall short:

Poor Security

Broad network-level access based on long-lived certificates, with lateral movement vulnerability especially for 3rd parties who can access any server on the network or in any Virtual Private Cloud (VPC)
No good way to continuously authorize (not just one-time authentication) and provide least-privilege access to specific servers

Complex Management

Network-level controls hard to configure, especially due to ephemeral server instances on modern clouds
Painful process of updating end-point clients and VPN hardware and software patches

Frustrating User Experience

Dropped connections due to network complexities resulting from constant compute environment changes with cloud deployments and enterprise growth
Expensive appliances, inability to scale to cloud compute clusters

The Banyan Solution for Secure SSH/RDP access for Engineers

The Banyan Security Zero Trust Remote Access platform offers role and attribute-based access control to servers while providing integration with your existing SSO, MDM tools as well as IaaS clouds like AWS, GCP, or Azure.

With Banyan, a security team can define the access privileges to a particular server resource, on a per user basis. With Banyan’s Zero Trust Remote Access Platform you can achieve direct, secure least-privileged access to your SSH/RDP environments.

The Banyan remote access solution is comprised of three core components that together deliver a complete Zero Trust Remote Access solution.

First, we offer Trust Scoring for quantification of device and user and contextual factors.

Next, we provide continuous authorization of access via our Cloud Command Center which is powered by a machine learning engine.

And finally, we offer real-time access enforcement based on the principal of least privilege.

Quantified Access for a Higher Security Posture

Massive reduction in visible attack surface by delivering on least privilege access based on quantified trust and continuous authorization
Short-lived certificates managed by the Banyan platform for a higher security posture

Comprehensive Solution for Diverse DevOps Environments

Consistent experience whether servers are deployed in IaaS, or On-Premises
Provide differentiated TrustScore-based access depending on user profiles (e.g., employee vs. contractor vs. vendor), device characteristics (e.g., patch-level), and relative importance of servers (e.g., PCI vs. non-PCI servers)

Seamless & Fast User Experience

Direct access to servers be they on private clouds or IaaS deployed
Simplified access policies tied to user and device profiles for ease of management

The banyan approach

The Banyan Security Zero Trust Remote Access platform is universal in its ability to support multiple remote access use cases. For SSH/RDP access the Banyan platform manages all access elements from policies, to certificate generation and access enforcement.

Steps 1-5 are performed out of band to create a quantified trust score and generate a X.509 certificate to initiate access to their servers.

Steps 3-4 show an example of an integration with tools like SSO and MDM to ensure that existing tools are leveraged to generate a Trust Score for differentiated access not possible with current SSH/RDP access offerings.

Step 6 shows that access is granted and the data path is direct to the servers be they on-premises or in an IaaS, ensuring the path is owned by the enterprise for the highest security posture as opposed to being routed through a 3^rd party cloud.

Key Features for DevOps Environments

Real-time check of user and device security posture before granting access using employee-visible TrustScore
Leverage standard protocols (e.g., TLS, HTTPS, SSH) without reliance on any custom protocols
Provide latest encryption (TLS 1.2 and 1.3) using a highly secure PKI infrastructure with support for X.509 certificates that is maintained by Banyan Zero Trust Remote Access platform

Read the Solution Brief