SSH / RDP Remote Access for DevOps

Privileged access to Servers storing/managing data via SSH/RDP is more critical than ever. Traditional VPN access plus static long-lived credentials used for SSH/RDP are not secure enough for modern IT environments.

The problem

As DevOps teams are increasingly distributed across the globe and enterprises are often turning to contract workers to help accelerate project deliverables, the need for securing SSH/RDP remote access has never been higher.  Given the sensitive nature of this work and the potential for breaches evident with VPN based secure access, enterprises need a more secure approach that delivers on Zero Trust principles that fit the modern enterprise. 

SSH-RDP_8750x2361

The notion of continuous verification and principle of least privilege are critical to this approach and VPNs just cannot keep up with these demands.  Specifically, in the case of SSH/RDP access, VPNs fall short:

 

poor-security

Poor Security

  • Broad network-level access based on long-lived certificates, with lateral movement vulnerability especially for 3rd parties who can access any server on the network or in any Virtual Private Cloud (VPC)
  • No good way to continuously authorize (not just one-time authentication) and provide least-privilege access to specific servers
complex-management

Complex Management

  • Network-level controls hard to configure, especially due to ephemeral server instances on modern clouds
  • Painful process of updating end-point clients and VPN hardware and software patches
frustrating-user-experience

Frustrating User Experience

  • Dropped connections due to network complexities resulting from constant compute environment changes with cloud deployments and enterprise growth
  • Expensive appliances, inability to scale to cloud compute clusters

Banyan Solution for Secure SSH/RDP access for devops

The Banyan Security Zero Trust Remote Access platform offers role and attribute-based access control to servers while providing integrated with your existing SSO, MDM tools as well as IaaS clouds like AWS, GCP or Azure. SolutionsPage_SSH

With Banyan, a security team can define the access privileges to a particular server resource, on a per user basis.  With Banyan's Zero Trust Remote Access Platform you can achieve direct, secure least-privileged access to your SSH/RDP environments. 

The Banyan remote access solution is comprised of  three core components that together deliver a complete Zero Trust Remote Access solution. First, we offer Trust Scoring capability for quantification of device and user and contextual factors.  Next, we provide continuous authorization of access via our Cloud Command Center which is powered by Machine Learning engine. And finally we offer real-time access enforcement based on the principal of least privilege. 

 

 

 

Quantified Access

Quantified Access for a Higher Security Posture

  • Massive reduction in visible attack surface by delivering on least privilege access based on quantified trust and continuous authorization
  • Short-lived certificates managed by the Banyan platform for a higher security posture
ComprehensiveSolution_800x600 (1)

Comprehensive Solution for Diverse DevOps Environments

  • Homogeneous experience whether servers are deployed in IaaS, or On-Premises
  • Provide differentiated TrustScore-based access depending on user profiles (e.g. employee vs. contractor vs. vendor), device characteristics (e.g. patch-level, and relative importance of servers (e.g. PCI vs. non-PCI servers)
SeamlessFastUserExp_800x600

Seamless & Fast User Experience

  • Direct access to servers be they on private clouds or IaaS deployed
  • Simplified access policies tied to user and device profiles for ease of management

the banyan approach

The Banyan Security Zero Trust Remote Access platform is universal in its ability to support multiple remote access use cases. For SSH/RDP access the Banyan platform manages all access elements from policies, to certificate generation and access enforcement. 

SolutionsDiagram-2_1917x847 (2)

Steps 1-5 are performed out of band to create a quantified trust score and generate a X.509 certificate to initiate access to their servers.  Steps 3-4 show an example of an integration with tools like SSO and MDM to ensure that existing tools can be leveraged to generate a Trust Score for differentiated access not possible with current SSH/RDP access offerings. Step 6 shows that the access is granted and the data path is direct to the servers be they on premises or in an IaaS, ensuring the path is owned by the enterprise for the highest security posture as opposed to being routed through a 3rd party cloud. 

ProductPageVignette-3_1064x600_112019

Key Features for DevOps Environments

  • Real-time check of user and device security posture before granting access -using employee visible TrustScore
  • Leverage standard protocols (e.g., TLS, HTTPS, SSH) without the reliance on any custom protocols
  • Provide latest encryption (TLS 1.2 and 1.3) using a highly secure PKI infrastructure with support for X.509 certificates that is maintained by Banyan Zero Trust Remote Access platform
Demo-Sign-Up

Modern application environments require Zero Trust Remote Access solutions like Banyan Security.

Register for your free Demo Today