Friday, March 24, 2017
Home » Uncategorized » Datapipe Access Control Model for AWS (DACMA): Bringing deeper, more secure AWS adoption to the enterprise

Datapipe Access Control Model for AWS (DACMA): Bringing deeper, more secure AWS adoption to the enterprise

As a business, your IT infrastructure is your foundation. It runs your systems. It connects your employees with your customers. The success of your business is tied to having both an agile and flexible IT foundation as well as one that is highly efficient and cost effective.

Running key parts of your enterprise IT on the AWS public cloud provides a cost-effective solution that allows for great flexibility, scalability, and power. But it also brings added complexity to your business – complexity that staff members often don’t have the skills or capacity to effectively manage. Datapipe helps companies globally to overcome these challenges and effectively modernize their infrastructures using AWS. We future-proof your IT and help you manage your AWS environment so your IT operations teams and developers can focus on strategic initiatives and applications. And starting today, with the launch of our new Datapipe Access Control Model for AWS, we instill an even deeper level of trust and security specifically focused on protecting and safeguarding your virtual infrastructure.

As we move from companies managing and protecting physical infrastructures to virtual infrastructures, new challenges emerge for the protection of these new IT assets.  There is a lot of discussion around cloud infrastructure being compromised from the outside, with hackers and cybercriminals looking to infiltrate your system and steal data. But one of the biggest threats to a company’s cloud infrastructure comes from the inside – from employees and partners unintentionally exposing an organization through a lack of security best practices – risk that opens up the enterprise to outside threats. When looking for ways to reduce risk, you should start by shoring up the internal security operations. DACMA helps with this. DACMA implements AWS environment security best practices seamlessly, effectively and without additional action or inconveniences needed on your part. With DACMA, you can enjoy all the benefits inherent with Datapipe managed services without worrying that you might not have complete control over your virtual infrastructure and associated data.

Here is how DACMA works:

  • You Keep the Keys: Think of the key to your house. Once you share it, you have to start worrying about who is using the key and what they are doing when inside. Even if you trust this person completely, you have to worry that they may leave your key in a place that would be easy for others to find. If your key is shared with the wrong person, or stolen, then you have to change all your locks or risk that your stuff will betaken. Traditionally, when working with a managed services provider, a business has to hand over their administrator level credentials or root level credentials and API keys to enable that managing hosting provider to run and manage the network. You basically have to hand over the keys to your virtual IT systems and data. DACMA removes this requirement. Through AWS Trust Relationships and Security Token Service(STS) software, Datapipe is able to effectively manage your system without you having to hand over the keys to the system. This method keeps you in complete control of your virtual infrastructure and your data.
  • Role-Based Access: DACMA also enables role-based access within a system. This gives you the ability to control who has access to certain data with ease. An engineer could have full access to the infrastructure while a service delivery manager may have read-only privileges. Role-based access is an essential component for compliance, and DACMA helps businesses achieve it easily and with a high degree of customization.
  • Accountability: With DACMA, all system access and activities are tied back to unique user names without the hassle of managing a long list of AWS users. This identity information is tagged to all actions taken by users and visible to both you and Datapipe via CloudTrail. Accountability within the system ensures you are meeting compliance requirements and also enables detection and response ensuring nefarious actions won’t go undetected.
  • Two-Factor Authentication: DACMA requires two-factor authentication for Datapipe employees to login to the Datapipe SSO. An additional layer of security is enforced by also requiring two-factor authentication for Datapipe employees trying to access your AWS account.
  • Credential Security:  DACMA was built with key protection as a fundamental tenant. Datapipe support personnel never see or directly access their own AWS login credentials. Logins are automated and personnel keys are never exposed. They are stored encrypted in a password vault protected by a high security Hardware Security Module and extensive auditing, access control, and reporting. These security features ensure that for every step of the login process, account keys are secured and protected.

All of DACMA’s security measures for platform security are used by default for all of Datapipe’s Managed AWS clients. Datapipe also offers additional instance-based security protection measures including intrusion detection and threat management, data encryption for all sensitive data and web application firewall to protect against internet-based threats.

DACMA is seamless. It requires no extra steps or oversight once it is set up. Once implemented, DACMA dramatically reduces the risk of a disruption of service or data breach due to unauthorized access of an AWS environment by Datapipe.

We are excited about the launch of the DACMA. DACMA is the result of Datapipe’s deep understanding and experience in effectively planning, building and running highly secure and available AWS environments for clients across the globe. Enterprises often struggle with understanding and implementing the complete set of security capabilities that are available in the AWS platform as well as the security policies and process transformation required for their teams. DACMA bridges that gap. DACMA is security best practices fully realized.

You shouldn’t have to hand over the keys to the virtual infrastructure that runs your business in order to use a managed service provider. Datapipe has always prided itself on partnering with our clients to future-proof their IT, delivering modern, agile infrastructures with the choice and control they expect. The legacy continues with these newcapabilities.  If you are interested in learning more about how the DACMA works, we’d love to hear from you.

About David Lucky

David Lucky
As Datapipe’s Director of Product Management, David has unique insight into the latest product developments for private, public, and hybrid cloud platforms and a keen understanding of industry trends and their impact on business development. David writes about a wide variety of topics including security and compliance, AWS, Microsoft, and business strategy.

Check Also

Celebrating Datapipe’s Latest Customer Service Win With the Stevie® Awards

Datapipe is excited to announce our nineteenth award from The Stevie Awards, the global business awards that recognize companies for achievements in innovation, customer service, product development, and sales, among other categories. Datapipe is a winner of the 2017 Stevie Awards for Sales and Customer Service in the Customer Service Department of the Year – Computer Services category.