In cloud computing, you need a bastion (aka a jumpbox) to provide secure access to your users and outside applications. The bastion is a specialized server that has been hardened against outside attacks and that serves as a gateway for your users.
By far, the best type of bastion is a full-fledged privileged access management (PAM) solution that not only provides access control but also manages user actions with robust session management while providing password management and an unimpeachable audit trail of those actions. Unfortunately, most PAM solutions are poorly architected for cloud use.
As a result, many organizations have attempted to home-grow their own rudimentary cloud-based bastions with somewhat mixed results. Most of these systems only provide limited feature-sets. For instance, most cloud bastions available on AWS and Azure only provide SSH access rather than also supporting RDP access.
Like any complex technical problem, it’s extremely difficult to provide a full-range of privileged access management solutions as a one-off project. What’s more, focusing on building your own cloud bastion diverts engineering resources away from your core business while potentially creating unknown security vulnerabilities if those resources are subsequently diverted to other activities.
Your cloud bastion isn’t something that you want people to build and maintain “when they have time”. That’s why it makes sense for most organizations to rely on a best-of-breed security solution for their cloud bastion. However, until recently, that wasn’t a viable option.
The latest PAM solution offered by WALLIX, the Bastion, is really a game-changer in this regard. It is now available in the cloud’s favorite flavors…
- Amazon Linux AMI environment (powered by Amazon’s AWS Elastic Compute Cloud (Amazon EC2)
- Microsoft Azure (fully certified and available in the Azure marketplace)
The WALLIX cloud-enabled solution is fully-featured and multi-tenant. That means it includes key PAM features like:
- One-click single sign-on access for privileged users.
- Protection of sensitive credentials in a certified vault
- Automated management and cycling of passwords
- Full control and tracking of all users and actions
- SSH and RDP session management and recording
- Searchable OCR recording of RDP and VNC sessions
- Easily setup up forbidden actions with alerts and session disconnects
- Unimpeachable audit trail
All of these features are enabled by WALLIX’s low-maintenance agentless-architecture that matches the agility of your cloud-powered applications. In fact, WALLIX's Bastion is much easier and faster to deploy than most competing PAM solutions. That’s just one of the reasons WALLIX was named as a “Best Buy” by SC Magazine.