Many organizations have moved their applications to AWS cloud to ensure that these applications can be accessed from anywhere and on any device. As the workforce becomes increasingly mobile and flexible, enterprises find that their systems are vulnerable to the threat of malware, ransomware and other malicious attacks. Traditional approaches such as VPNs are no longer safe for enterprises whose perimeter extends over to the Internet.

Challenges with traditional security solution approaches

  • Enterprise perimeter no longer clearly defined as users, devices, applications, and data move outside the organization’s control
  • Traditional security solutions are designed keeping in mind a centralized architecture which is not well suited for a hybrid ecosystem of AWS cloud and on-premise systems
  • Traditional perimeters are complex and vulnerable to attacks
  • Traditional perimeters are no longer compatible with modern business requirements
  • Efficient segmentation of the network to protect it from malicious attacks but still provide access to legitimate users in a dynamic environment is a complex and difficult task
  • No guarantee that each endpoint, user and device in the network is secure
  • Difficulty in policy enforcement and protection for all users, devices, applications, and data
  • Lack of proper logging and monitoring of network traffic for continuous visibility
  • Burden on IT budgets and resources due to high cost and cumbersome deployment

The Secure Shield  Advantage

Micro-segmented access for precise application access


Secure Shield for AWS provides granular, micro-segmented access so that only authorized users and devices can access the applications and data present on these segments. You can easily enforce and manage granular micro-segmentation policies between applications and services. Secure Shield for AWS not only offers North-South communication protection, but also lateral East-West communication protection.


Single platform for all your enterprise requirements


With Secure Shield for AWS, you can secure your enterprise applications both on-premise and on the AWS cloud, as well as IIOT systems with a single platform. With a flexible licensing model for your on-premise, cloud, and IIOT security, you can protect existing investments and save on costs for multiple licenses, integrations, deployments, and skilled personnel.


Robust design to ensure all-round protection for your digital assets 


The core architecture of Secure Shield for AWS is natively distributed, resilient, and based on Zero Trust, Software Defined Perimeter (SDP) architecture and Private Blockchain technology. This cutting-edge architecture renders enterprise systems and cloud servers invisible to hackers, thereby making it almost impossible for hackers to discover and attack these systems. Secure Shield for AWS provides holistic security by securing the servers, providing user and device authentication, as well as encrypting the communication.

Authentication and dynamic access based on digital ID


Secure Shield for AWS authenticates users as well as devices and provides access to applications based on a combination of user and device digital identity. Out-of-the-box integration with AWS AD provides the flexibility of importing users automatically, while devices and resources are registered with Secure Shield for AWS for automatic creation of digital identities.

Access to resources on the AWS cloud without a VPN


Secure Shield for AWS empowers organizations to securely provide direct access to applications on the AWS cloud from authenticated and authorized remote user devices from the internet – without the need for a VPN.

Audit and review all logs


All access logs are stored on the blockchain, making it immutable and tamper-proof, thereby ensuring complete visibility in case an adversary should attempt to access the systems in an unauthorized manner or an administrator enforces an unauthorized change. Secure Shield for AWS performs continuous logging and monitoring of network traffic for complete visibility and control of ‘who has what access’.

Secure Shield for AWS Architecture

Secure Shield for AWS provides a natively distributed security architecture which helps lock down the servers, irrespective of whether they are inside or outside the organization’s perimeter. It provides secure user and device authentication, encrypted communication between the user and server, and protection to servers and applications not only from known but also unknown vulnerabilities.

The Secure Shield controller (Identity and Access validation nodes) has an embedded private permissioned blockchain and stores the following information:
a. Policies that grant access to a resource (application) for a given user and device combination
b. Users and digital IDs
c. Access logs
d. A real-time access map depicting the access policy and resources currently being accessed
e. Dashboards and reports
Agents are deployed on the user devices to authenticate both user and the device. The user agent ascertains that it is indeed a legitimate user who requires access to server, and the device is approved to access the server.
Agents are deployed on the application servers on the AWS Cloud. The server agent locks down the server to such as extent that the server becomes invisible and only authorized users from authorized devices can access the server.
A Zero Trust gateway can also be deployed to secure access as an alternative to deploying agents on servers.
While a legitimate user is accessing the server, the server continues to remain invisible for the other systems on the network and thus the protection is always maintained. Multi-factor authentication and user device mapping ensures that the user credentials cannot be phished, and the user cannot be impersonated. Thus, Secure Shield for AWS ensures that only the approved users can have precise access to applications on the AWS cloud from approved devices.

Why choose Secure Shield for AWS?

Offers comprehensive Zero Trust security for AWS Cloud
Delivers Zero Trust protection in five out of the seven areas recommended by Forrester’s Zero Trust Framework
Offers a robust Software Defined Perimeter (SDP) architecture that renders critical information systems on the cloud invisible to attackers
Delivers a new breed of digital identity and access control for all users and connected devices by means of customized light-weight agents along with Blockchain technology
Featured as one of the top 25 cybersecurity innovations by Accenture
Block Armour accelerated by Airbus and is a part of the Microsoft for Startups program