How a Healthcare Company Secured DevOps Workloads When Migrating to Cloud

It is virtually impossible to secure infrastructure with perimeter-based security like VPNs. The protocol and standards used for VPN (called PPTP) were created in 1996 and have remained functionally unchanged since they were created two decades ago. VPNs were simply not designed for today’s complex and changing IT infrastructures; they were created as a point-to-point connectivity solution to allow users access to environments from remote locations.

VPNs have three critical flaws:

1. They are simple, perimeter-based security in a world where the physical perimeter is no longer relevant. VPNs were designed as a connectivity tool with only a small amount of encryption for good measure.
2. VPNs are static and unintelligent, while user context and security threats are ever-changing. Users are not IP addresses or devices – modern security solutions address security at the user-level.
3. VPNs provide over-entitled access, maximizing lateral attack surface and vulnerability. They are a favorite tool of hackers to gain access to flat, unsegmented networks – there is nothing to prevent lateral movement attacks.

The Challenge

A large healthcare company with the goal of improving health and business results wanted to migrate its DevOps workloads to the cloud. It required a secure access solution.

This company’s antiquated security solution simply wasn’t working. The DevOps team was using a VPN to access the development environment across the world and then back to its cloud environment. It wanted its team of 200 DevOps closer to the data, to replace its VPN and eliminate its MPLS network. Further, it wanted to control what its contractors could access when performing their jobs.

The Solution

Appgate SDP was selected to provide a consistent, policy-driven approach to all user access across this company’s hybrid IT environments.

Purpose-built for hybrid environments, Appgate SDP is a powerful network security platform capable of securing any application, on any platform, in any location. Appgate SDP dynamically controls access across hybrid networks based on identity-centric policies. It works by creating one-to-one connections between users and the network they need to access – a segment of one. It is user-centric, ensuring it knows as much about that actual user as possible before allowing them to make a connection.

By default, users are not allowed to connect to anything. This is the opposite of traditional corporate networks, where once a user has been granted access through a VPN, they have access to everything. Instead, a Appgate SDP ensures that, once proper access criteria is granted, a dynamic one-to-one connection is generated from the user's machine to the specific resource needed. Everything else is completely invisible – even if the resource is connected to backend networks.

The Results

By selecting Appgate and replacing its incumbent VPN solution, this healthcare company was able to consistently manage who accessed data across all on-premises and cloud workloads. This helped the company adopt cloud, improve the DevOps experience, and secure access for all remote and third party users.

“We wanted the benefits of the cloud, but needed secure access that worked across hybrid IT. Without Appgate, our ability to adopt the cloud would have been lessened. Appgate meets the needs of our DevOps and information security teams delivering secure access to all workloads based on what users need to do their job.”

Learn more about how Appgate SDP helps organizations replace their antiquated security solutions and meet the needs of modern, hybrid IT environments.