Workers today access corporate applications hosted in the cloud or on-premises from many locations — at home, in the office and on the go. This means most of the traffic is now connected over untrusted networks beyond your control. As a result, bad actors have more chances of sneaking into your corporate network and accessing protected information. Traditionally, companies reduced this risk by relying on VPNs. Installing and maintaining VPN solutions, however, requires time and effort. And VPNs are not without security risks. Once users are authenticated and connected to a VPN, they can theoretically access any resource on the entire network, limited only by policies already in place at the authentication and authorization step.
A more secure alternative is to provide users with highly controlled, direct access to applications based on user identities and their device's security state. That's why AWS recently introduced AWS Verified Access — a new service that delivers secure access to private applications hosted on AWS without a VPN. AWS Verified Access continuously evaluates each request in real time based on contextual security signals like identity, device security status and location. AWS Verified Access then grants access based on the configured security policy for each application and connects the users, thereby improving the organization's security posture.
As a global leader in Identity Security and a certified AWS Trust Partner, CyberArk is proud to be one of the first vendors to provide identity-related signals for AWS Verified Access. CyberArk customers can use CyberArk Identity to manage all user information, credentials, authentication and role access for AWS in a single place and realize all benefits of AWS Verified Access without making additional investments in the identity management infrastructure. For example, users only need to authenticate to the CyberArk User Portal to access all AWS resources and AWS-hosted apps. Behind the scenes, the relevant CyberArk policies and access controls are applied during the authentication process and passed to AWS Verified Access to provide you greater control over access decisions.
With CyberArk Identity and AWS Verified Access, you can also implement risk-based access rules and create access policies based on contextual signals such as IP address, day or time range, device OS, browser or device security posture. CyberArk Identity uses machine learning to assess contextual factors, calculate risks and mitigate threats before bad actors can traverse networks and do serious harm. In addition, CyberArk Adaptive Multi-Factor Authentication allows you to enforce stronger identity assurance controls to validate users accessing your AWS accounts and resources.
The benefits of integrating AWS Verified Access with CyberArk Identity extend beyond security, identity centralization and elimination of switching costs to build a Zero Trust architecture. With the CyberArk Identity Security platform, you can secure access to any resource and across any device anywhere — at just the right time. Centered on intelligent privilege controls, Identity Security seamlessly secures human and machine identities accessing applications, infrastructure and data, and flexibly automates the identity lifecycle — all with a unified approach. CyberArk Identity Security platform enables Zero Trust by enforcing least privilege with continuous identity threat detection and protection.
Getting started with CyberArk and AWS Verified Access is easy. You can build the trust relationship directly between AWS Verified Access and CyberArk Identity or establish a trust relationship between AWS Verified Access and CyberArk Identity through AWS SSO. Once set up, you can improve application security by granting access only when users meet specific security requirements and by preventing access from potentially vulnerable devices. In addition, this integration will enable you to provide users with seamless access to private applications without the need for a VPN. Onboard new AWS-hosted applications in minutes and rapidly make changes to policies based on business needs.
To learn more about integrating CyberArk Identity with AWS Verified Access, please visit here.