Aporeto, the leader in Identity-Powered Cloud Security, today announced the immediate availability of Cloud Privileged Access Management (PAM) for infrastructure and Identity-Aware Proxy for
modern applications. These new services represent a significant
expansion of the Aporeto Zero Trust security solution to protect user
access to applications and infrastructure. When implemented along with
Aporeto's Distributed Firewall,
which enables workload identity-based microsegmentation, the new
combined offering represents the most comprehensive Zero Trust security
solution available for modern applications and infrastructures.
The
Aporeto platform abstracts security away from the IP infrastructure to
address application segmentation requirements and improves the risk
posture of any application. With centralized management and distributed
enforcement, policies protect applications on premises, on public
clouds, or as they migrate between the two. The adherence of security
policies to application components rather than the infrastructure makes
them portable and persistent.
Aporeto
delivers a Zero Trust security solution by bringing the power of
Identity to cloud infrastructure, providing single sign-on (SSO)
authentication, visibility, and authorization controls for heterogeneous
workloads on-premises or in any public cloud. By leveraging
capabilities already present in industry standards such as OpenSSH and
OpenID Connect (OIDC), organizations can dramatically improve their
security posture without modifying any underlying application. Aporeto
limits a user's interaction with any part of enterprise infrastructure
based on his identity, including user-context information, and based on
policy. This capability enables enterprises to comply with regulations
without the need to manage SSH keys or VPN tunnels.
"We
see customers continuing to struggle with managing secure access to
applications and infrastructure, from privileged insiders accessing
servers and cloud images to end users who need secure access to Web
applications or APIs," said Jason Schmitt, CEO of Aporeto. "With the
Aporeto identity-based cloud security platform, we are able to
authenticate, authorize, and encrypt every interaction within your cloud
infrastructure, providing just-in-time access to what's needed, when
it's needed and only when policy explicitly allows it. We're helping
customers throw out the old paradigm of appliance-based perimeter
security, like firewalls and VPNs."
Aporeto Cloud PAM provides just-in-time server access with visibility and control for any server on your infrastructure, providing:
- Elimination of SSH key management complexities
- Access controls based on the user's authenticated identity and time-bound policies
- Just-in-time SSH access, with SSH certificates
- Compatibility with OpenSSH nodes
- SSO with OIDC-compliant 3rd-party IDPs
- Logging of all CLI commands issued by users for auditability and compliance
- Seamless integration with Aporeto's Distributed Firewall for networkless micro-segmentation
Aporeto Identity-Aware Proxy enables
VPN-less access to corporate web applications and APIs by using
identity and context to control access. The benefits are:
- Elimination of VPNs and API gateways to manage secure access to web resources
- Enablement
of OIDC compliant authentication and authorization with zero code
changes, offloading strong access control from business logic
- Enforcement
of granular authorization policies based on user identity,
differentiating between corporate users, B2B partners, and contractors
"We
are excited about our partnership with Aporeto and showcasing these new
Zero Trust services to our customer base," said Jimmy Xu, Practice
Lead, DevSecOps & Cloud Security at Trace3. "We already have had
great traction with our customers with Aporeto's workload identity-based
microsegmentation product and look forward to meeting the most
demanding security needs of enterprise customers looking for privileged
access management solutions as part of their cloud adoption journey."