Xceedium,
Inc., the premier provider of privileged identity management for the hybrid cloud, today announced it has enhanced Xsuite to include protection
for the Amazon Web Services management APIs that advanced cloud customers use
to monitor and configure their AWS environments. The latest version of Xsuite
now includes a privileged API proxy-enabling access control, monitoring, and
auditing for scripts and tools accessing AWS management APIs.
Xsuite's new API Proxy extends
the security and auditing capability Xsuite already provides for instances
running on AWS and the AWS Management Console. With the advent of software
defined infrastructure, many advanced organizations are bypassing the web-based
AWS management console and automating operational tasks-utilizing AWS SDKs
for Python, PHP, and others, and DevOps tools (e.g., Chef or Puppet) that call
AWS' REST-based management APIs. Xsuite now provides an extra layer of
protection so AWS customers can control access, monitor, and audit exactly what
scripts are doing.
The AWS management console, and
its associated APIs, powers a system capable of altering an organization's
underlying cloud infrastructure in seconds. It enables organizations to
monitor, control, configure, and scale their environments like never before.
This powerful management system reinforces the need for customers to adopt a
"shared responsibility security model." With the shared responsibility model,
customers must understand the risks, how to utilize AWS security features, and
what additional security and audit controls are necessary to mitigate risks and
meet compliance mandates. The Xsuite AWS API Proxy was designed to deliver the
extra protection and auditing enterprise customers require.
The Xsuite AWS API Proxy enables
customers to:
- Impose a single point of access control, monitoring,
and audit for all activity associated with the AWS Management Console and its
underlying REST API set
- Enforce role-based API access control on scripts
interacting with the management plane for AWS Public, Government, and VPC
clouds
- Create a full bi-directional audit trail of all API
calls and responses
- Attribute AWS API activity to a specific user without
requiring customers to add and maintain users in the AWS Identity and Access
Management (IAM) system
- Use alternative credentials that are only valid with
the Xsuite AWS API Proxy and cannot be used with AWS services directly-ensuring
all privileged API calls are controlled and logged
- Vault and manage the credentials used by scripts to
access AWS APIs and eliminate the practice of sharing these important keys
The
Xsuite AWS API Proxy is licensed and configured through the Xsuite policy
management engine. The API Proxy capability is deployed as separate Amazon
Machine Instances (AMIs) and leverages AWS auto scaling to meet performance
requirements and support the dynamic environments advanced AWS customers are
implementing.