Approaching a New Security Model: BeyondCorp at Welkin

At Welkin, we’re constantly evaluating our infrastructure to improve security controls for our platform. Our evaluations identified key areas for improvement, leading us to adopt a new security model: BeyondCorp.

BeyondCorp
BeyondCorp is an enterprise security model created and improved upon by Google. It assigns access controls to individual devices and users, rather than networks. This gives employees secure remote data access without relying on virtual private networks (VPNs).

To move us closer to the BeyondCorp model, Welkin’s infrastructure team has undertaken 3 major projects:

  1. Amazon Web Services (AWS) Sessions Manager
  2. Identity-aware proxies
  3. Device Trust

One piece of the BeyondCorp strategy is accessing Elastic Compute Cloud (EC2) instances without managing the inbound entry points, such as through a Secure Shell (SSH) connection. In this post, we focus on AWS Session Manager as an alternative for replacing a Secure Shell connection to EC2 instances.

Moving off of VPN
Welkin’s infrastructure team takes a number of precautions to ensure the safety of users’ data. This includes using a virtual private network (VPN) to protect remote data access. VPNs create a safe tunnel between two or more devices. They safeguard private web traffic from snooping, interference, and censorship. We use OpenVPN to secure remote access to our AWS environment. But, OpenVPN’s complicated feature-set can be difficult to manage and operate. Additionally, VPNs must be directly internet-accessible, which creates opportunities for potential attacks. So we recently explored and implemented alternative security channels to replace our VPN.

Introducing, Sessions Manager
AWS Sessions Manager is a modern alternative for replacing a Secure Shell (SSH) connection. It provides a connection to instances running on our virtual private cloud (VPC). VPCs offer isolated networks with exclusive access. We use AWS VPC to host our production and test environments. Amazon’s Sessions Manager allows us to manage our Elastic Compute Cloud (EC2) instances through the Command Line Interface (CLI) without the need for inbound ports or SSH keys, having exactly one entry point to the VPC.

There have been benefits and trade-offs from replacing our VPN:

  • Benefits
    • Secure Access – Session Manager communicates with instances via AWS Systems Manager Agent (SSM Agent). The SSM Agent sends data across an encrypted tunnel originating from the instance. It doesn’t require a bastion host, VPN, or SSH port.
    • Auditability – Session Manager allows us to log and audit our AWS activity on EC2 instances through Amazon CloudWatch.
    • Access Control – Identity and Access Management (IAM) policies determine who can access data in AWS. Using Session Manager, we define and oversee these policies. This ensures permissions-based access for employees, without distributing SSH keys
  • Trade-offs
    • Sessions Manager is a new technology, and AWS is still building its capabilities. Although it provides better security, our engineers found it was still rough around the edges. They experienced some incompatibility with existing scripts that relied on SSH.

Next steps
Implementing AWS Sessions Manager is just one step in moving towards the BeyondCorp security model. Welkin’s infrastructure team has also focused on:

  1. Identity-aware proxies – moving away from AWS Elastic Load Balancers (ELB) and adopting Application Load Balancers (ALBs)
  2. Device Trust – ensuring that only known and secured devices can access our managed infrastructure

The infrastructure team’s work has already greatly improved Welkin’s cloud security. As we continue our push towards BeyondCorp, we’ll publish subsequent articles explaining why and how our security controls have changed. Our goal is to encourage other companies to implement similar strategies to keep their data safe.

Learn more:

 

Sign up to receive Welkin updates, delivered straight to your inbox

    This site is protected by reCAPTCHA. Google’s privacy policy and terms of service apply.

    Related Articles

    How to Improve the Virtual Healthcare Experience

    Since the start of the pandemic, many healthcare facilities have embraced the power of telemedicine. Being able to treat patients with the help of modern technology like video chat and artificial intelligence can be helpful for both...Read More >

    Why It’s Long Past Time to Embrace the Cloud for Healthcare Technology

    In this modern era, data breaches and exposure of personally identifiable information is so frequent as to nearly be unremarkable. Last year alone, there were over 3,900 publicly disclosed data breaches; although a decrease of almost 50...Read More >

    Team Member Spotlight: Adoran Moshe

    At Welkin Health, we believe a company is only as amazing as its people. We’ve dedicated ourselves to improving the lives of care teams and want to show off the people who work tirelessly behind the scenes...Read More >