At vArmour, we see more and more enterprises moving applications and workloads of all kinds to public cloud - to increase IT responsiveness and agility while reducing costs. Naturally, these organizations want the scalability of a “built for cloud” distributed security system, coupled with the simplicity of single security solution that can protect their apps in the public cloud as well as on-premises private clouds. They need application-layer visibility and security policy across their multi-cloud environment. Today, we are excited to bring that to enterprises by officially joining the Amazon Web Services (AWS) Partner Network (APN), to help customers meet security objectives around visibility, auditability, and agility by complementing AWS’s foundational security with vArmour’s distributed, application-layer controls.
As many enterprises embrace Amazon Web Services, they need to build a strategy to secure those apps running on AWS. Amazon has a “shared responsibility” model for security - where AWS delivers the foundational secure infrastructure layer, and the application owner is responsible for the security of the instances and applications themselves. This approach can create tension between the application developers (who embrace the speed of development within AWS), and their security teams (who the enterprise ultimately holds responsible for the integrity of those applications). For a security system to be effective in Amazon (or any other cloud environment), it must help the application owner scale and move quickly, while ensuring the security team has the fine-grained, auditable controls they need to protect the enterprise.
With vArmour, both security and developer teams can use AWS with confidence. vArmour DSS Distributed Security System is a built-for-cloud distributed system, with the ability to stretch across private and public clouds. vArmour DSS adds application-aware controls to workloads running in any kind of AWS topology, from a single Virtual Private Cloud (VPC), to complex, multi-VPC environments. vArmour is fully automatable, fitting into existing DevOps workflows and pipelines. Most importantly, vArmour provides an independent set of security policy controls that sit next to each workload, and require no agents to be installed inside the instances themselves. vArmour fits into the larger AWS shared security model as seen in the graphic below:
vArmour DSS provides granular, application-layer security controls on top of the foundational services provided by Amazon. With vArmour, organizations can secure instances across all VPCs with a common security policy management and analytics framework. In addition, the distributed security architecture of vArmour DSS can extend from AWS to on-premises environments.
As we’ve been developing our cloud security solution for AWS, we’ve been collaborating with great companies like Booz Allen Hamilton (BAH), to help meet their needs, as well as those of their clients. Through our collaboration, BAH is able to help their clients migrate to AWS while protecting their most valuable assets. It’s been a great experience, and the vArmour team has learned a lot from our friends at BAH in the process.
One of the things we’ve learned as we’ve partnered with customers and technology providers is how critical it is for security teams to have security controls on AWS that are independent - independent of both the infrastructure and the workloads themselves. This is in contrast to agent-based approaches that can end up competing for resources inside an instance with the application itself, leading to performance and stability issues. Agents are also often the first thing a “bad guy” turns off when an instance is compromised. With vArmour, organizations can get rich, application-layer security controls on AWS, without the complexity or limitations of agents, while supporting sophisticated multi-VPC environments.
We are excited to add Amazon to our growing list of Technology Partners, so we can better support customers as they build security policy into any type of data center and cloud environment using vArmour DSS.