Early this year, we announced Imperva Application and Data Security for Amazon Web Services (AWS) offering.
One of the key reasons customers are moving applications to AWS is the near-instant scaling capability and cost savings versus maintaining their own dedicated environments. This applies not just to the applications themselves, but also the security solutions protecting them. Imperva for AWS design partner went live for the holiday shopping season expecting to need between 4 and 8 virtual gateways. As it turned out, they had a phenomenal product launch and ended up needing to scale to 120 virtual gateways. Which they were able to do in a matter of days. Now, we are proud of the ease of deployment of Data Security, but in a physical environment, deploying 120 gateways would take months simply due to the physical friction associated with hardware installation, maintenance windows and other factors.
As a part of our marketing efforts for the solution, we’ve been talking to many Imperva customers and prospects about the solution. And one of the most common questions we get is “How do the different Imperva cloud solutions fit together?”
Our approach to the problem of securing cloud workloads is intentionally broad. Just like on premise data center security, there are several different important aspects of cloud security. We are building out a set of frameworks we’re calling reference architectures for different key use cases and you will see us release these over the course of the next few quarters. But for the moment, let’s focus on applications deployed at Amazon Web Services. Our reference architecture will go into much more detail, but the approach actually breaks down quite simply:
For Denial of Service mitigation, the choice is fairly simple: Imperva DDoS Protection. We’ve built a global network with the resilience to handle today’s 100Gbps+ attacks, but also the operations to deal with multi-vector DDoS attacks. In other words the combo volumetric and application layer DDoS that’s becoming the norm. Imperva can help with application layer DDoS mitigation, but to combat multi-vector attacks, you really need a cloud-based service.
Finally, what many customers overlook is the need for strong security on the AWS administration console. The consequences of a failure here can be pretty dire. For sure, every customer should be using Amazon’s built-in two-factor authentication capability. You can even integrate with your own SAML gateway. But we believe best practice is to also deploy a solution for auditing privileged users and preventing account take over.
Try Imperva for Free
Protect your business for 30 days on Imperva.