Reduce Cloud Anxiety, Secure Applications in AWS with MFA
Organizations are moving to the cloud in order to both modernize their IT environment and reduce their operational costs. As cloud products and services mature, companies feel comfortable moving more and more of their infrastructure into hosted environments. In many cases, this journey is a daunting one. Even when the move makes financial sense, the actual steps involved in hosting applications and data in the cloud (and then enabling access to those resources!) can feel intimidating and confusing.
Cloud-anxiety can be further exacerbated when a company already leverages many traditional on-premises services. To take a specific example, how does identity make the transition into the cloud? Is a whole new directory required with a new set of cloud credentials for each employee? Will access policies be forgotten and require re-building? How will users authenticate into the cloud environment and access resources hosted there? Will they be able to authenticate easily, effectively and securely?
If these questions incite a little cloud-anxiety, that’s okay — they are important questions with important answers. However, by partnering with AWS Directory Service, Duo is making a secure transition to the cloud a whole lot easier.
In order to counteract some cloud apprehension, let’s talk about a few of the complications listed above, and some potential solutions.
Q: As a concrete example, what if a company uses an on-premises instance of Microsoft Entra ID for identity management, but wants to start using certain resources offered by Amazon Web Services (AWS)? Will that company have to set up a new AWS directory from scratch?
A: Thankfully, the answer is no. AWS offers AWS Directory Service to address exactly this use case. AWS Directory Service makes it easy to either replicate and host a standalone Microsoft Entra ID instance in a private cloud or port data from an on-premises instance up to the cloud. Making the connection to AWS from an on-premises directory is relatively easy and secure as the bridge will be built using either a one or two-way “trust.” A trust is a time-tested, secure model in which two directories can be linked. In either case, employees can then use their original corporate credentials to access AWS resources like Amazon WorkDocs, Amazon WorkSpaces, or Amazon WorkMail. Moreover, group configurations in the on-premises directory can be pulled into AWS IAM to ensure role-based access policies carry over to AWS.
And then the company rode off safely into the cloud sunset? Well, not just yet. The problem with any set of credentials, whether the directory holding them is on-premises or in the cloud, is that they may be stolen, hacked, or phished. One way to ensure that users are not just authenticating, but securely authenticating, is to deploy a second factor when employees attempt to access resources.
AWS understands the importance of MFA, which is why they chose to integrate specifically with Duo. Duo is now the only provider offering out-of-the-box MFA for AWS. The integration ensures that companies leveraging Amazon Directory Service are securing their cloud authentication. In fact,
Duo and AWS worked together to create a Quick Start guide to deploying Duo for AWS Directory Service. This guide enables companies to quickly and easily protect their AWS application access with a second factor of authentication.
Identity and authentication may be one small piece of the long journey to the cloud, but by working together Duo and AWS are looking to make that journey just a little less stressful and free from cloud-anxiety.
Phishing: A Modern Guide to an Age-Old Problem
Learn more about phishing and how to protect your organization in a few easy steps.Free Guide