Banyan Security Enables Zero Trust Developer Access on Oracle Cloud

Originally posted by Robert Ronan, Senior Oracle Product Manager.

What is zero trust access?

As more organizations migrate their infrastructure to the cloud and rethink software development and deployment, they are also modernizing their approach to security. One of these approaches is Zero Trust – instead of relying on traditional network perimeter-based security tools such as VPNs and strongholds that connect you directly to a network, access (authentication and authorization). ) is granted based on user and device attributes as well as the sensitivity of specific applications and services within that network.

Zero Trust Access is particularly well suited to infrastructure as a service (IaaS) environments such as Oracle Cloud, because traditional network security tools were not designed to handle the ephemeral, automation-driven nature of these environments.

FinConDX 2021
Zero trust accessVPN and traditional strongholds
Connect the user to applications and servicesConnect the user to networks
Rules using cryptography related to user and device attributesRules based on IP address
Automated issuance and rotation of identifiersManual interaction

Install the access level

To get started with Banyan Zero Trust Access, create a Banyan account. You can use the Banyan Team Edition free.

On a Linux virtual machine in your Oracle Cloud Infrastructure (OCI) bucket with a public IP address, install the Banyan Access Tier component. This will act as a gateway to your OCI infrastructure.

# add the Banyan RPM repo
$> yum-config-manager --add-repo https://www.banyanops.com/onramp/repo/
$> rpm --import https://www.banyanops.com/onramp/repo/RPM-GPG-KEY-banyan
# install it
$> yum install banyan-netagent

Other installation methods – Docker, DEB, Tarball, Terraform, etc. – are available in our Documentation. Once installed and configured, you will see the access level reports in Banyan’s Cloud Command Center console.

Image of access level Banyan

(Note: If you are using Banyan Team Edition, you will install an outbound connector instead of the access tier; the fully managed access tier Banyan global edge network will act as a gateway to your OCI infrastructure.)

Automatic discovery of OCI resources

The next step is to sync your OCI resources in Banyan. You can use OCI Tags to tell Banyan to only discover specific categories of resources in your environment.

$> banyan cloud-resource sync-oci all {oci-compartment} --tag_name banyan:discovery

--> Getting list of OCI VM resources:

type    name              public_dns_name    public_ip    private_dns_name    private_ip    ports    provider    region      tags
------  ----------------  -----------------  -----------  ------------------  ------------  -------  ----------  --------  ------
vm      oke-cqqhk6ivu2q-                                                      10.1.85.35    []       oci         phx            2
vm      oke-cko3n7f326q-                                                      10.0.93.236   []       oci         phx            2
vm      oke-cko3n7f326q-                                                      10.0.80.84    []       oci         phx            2


--> Filtering for new OCI resources:

type    name              public_dns_name    public_ip    private_dns_name    private_ip    ports    provider    region      tags
------  ----------------  -----------------  -----------  ------------------  ------------  -------  ----------  --------  ------
vm      oke-cqqhk6ivu2q-                                                      10.1.85.35    []       oci         phx            2


--> Syncing into Banyan Cloud Resource inventory:

--> Added OCIresource id(name): ocid1.instance.oc1.phx.anyhqljreqfgs5acfank3k2codj2srj4cnns3naalfttpmqjwk24digsi6qq(oke-cqqhk6ivu2q-nvp2thc5biq-
svjai5qusbq-2)

--> Sync with Oracle Cloud successful.

You can configure this sync to run at regular intervals so that Banyan always has the latest snapshot of your OCI resources. In the Banyan Cloud Command Center console, you will see all of your discovered OCI resources. You can now publish the individual resources that your users need to access.

Banyan inventory image

Publish a service catalog for your users

To publish an OCI resource as a Banyan service for your end users, just select the resource, click Publish, and follow the wizard steps.

Banyan Post image

Banyan provides native support for all common services and protocols that you can deploy in OCI:

  • Web Applications (HTTPS)
  • Linux servers (SSH)
  • Windows Servers (RDP)
  • Kubernetes clusters (K8s API)
  • Databases (TCP)

Banyan also provides a WireGuard powered service tunnel for use cases and protocols that cannot be handled by an identity sensitive proxy.

Authenticated end users can now access these published services through the Banyan app, a cross-platform endpoint client that runs on Windows, macOS, Linux, iOS, and Android devices. The Banyan app also establishes the device identity and posture checks necessary for zero-trust security.

Image Banyan Autorun

Try Banyan on OCI Today

You can further organize your published Banyan services into sets, create security policies to only allow specific sets of users to access certain apps, and more. Best of all, you can use Banyan Zero Trust remote access on OCI today! Register for free Banyan Team Edition or ask for a Enterprise Edition trial account.

The post office Banyan Security Enables Zero Trust Developer Access on Oracle Cloud first appeared on Banyan security.

*** This is a Syndicated Security Bloggers Network blog by Banyan security written by Tarun Desikan. Read the original post on: https://www.banyansecurity.io/blog/banyan-security-enables-zero-trust-developer-access-on-oracle-cloud/?utm_source=rss&utm_medium=rss&utm_campaign=banyan-security-enables-zero-trust-developer -access-on-oracle-cloud


Source link