AWS Verified Access uses Zero Trust principles to authenticate application requests. Credit: CIS Amazon Web Services has launched a service that secures user access to its cloud applications without requiring a VPN. AWS Verified Access, which the company previewed last November, validates every application request using Zero Trust principles before granting access to applications. Since AWS previewed the networking service, it has added two new features: AWS Web Application Firewall (WAF) and the ability to pass signed identity context to customers’ application endpoints. Specifically the service uses a web access-control list (ACL) to protect a set of AWS resources, the company wrote in a blog outlining the service. Customers create a web ACL and define its protection strategy by adding rules. Each rule contains a statement that defines the inspection criteria, and an action to take if a web request meets the criteria, AWS stated. Customers can configure rules to block requests, let them through, count them, or run bot controls against them that use CAPTCHA puzzles or other client browser challenges. Customers can define rules inside a web ACL or in reusable rule groups. AWS Managed Rules and AWS Marketplace sellers can provide managed rule groups or organizations can define their own rule, according to AWS. To broaden its reach, Verified Access integrates with AWS identity and device security partners including: Beyond Identity, CrowdStrike, CyberArk, Cisco Duo, Jamf, JumpCloud, Okta, and Ping Identity. In addition, observability partners—including Datadog, IBM, New Relic, Rapid7, Sumo Logic, and Trellix—can ingest Verified Access logs and provide actionable data from users trying to access customer applications, AWS stated. As for the new features, integration with a WAF protects web applications (HTTP/S) from application-layer threats, AWS stated. Customers can filter out common exploits, such as SQL injection and cross-site scripting (XSS) using AWS WAF, while enabling AWS Zero Trust-based fine-grained access for applications using user-identity and device security status, AWS stated. Passing signed identity context to customers’ application endpoints is the other new feature. “Verified Access now passes signed identity context, including things like email, username, and other attributes from the identity provider to the applications,” AWS stated. The feature lets customers personalize application access using this context, eliminating the need to re-authenticate the user for personalization. The signed context allows the application to verify cryptographically that Verified Access has authenticated the request, AWS stated. Pricing for the service is based on per-hour and per-GB for data processed for each application utilizing Verified Access. Related content news Singapore government pushes energy-efficient data center plan The city state is looking at greener energy sources and wants to make every aspect of data center energy consumption, from cooling to coding, more efficient. By John Leyden May 31, 2024 4 mins Energy Efficiency Data Center Design Data Center Management news Everyone but Nvidia joins forces for new AI interconnect Hyperscalers and chip makers, including AMD, Broadcom, Cisco, Google, HPE, Intel and Microsoft, are partnering to develop a high-speed chip interconnect to rival Nvidia’s NVLink technology. By Andy Patrizio May 30, 2024 4 mins CPUs and Processors Data Center news AT&T taps Cisco fixed 5G wireless gateways for WAN service Cisco Meraki devices are also part of fixed 5G wireless services from T-Mobile and Verizon. By Michael Cooney May 30, 2024 3 mins 5G Wireless Security WAN news Alibaba Cloud is betting on emerging markets with massive price cuts The strategy to lower prices may not only help Alibaba undercut competition from larger hyperscalers in emerging markets but also have a more positive effect on its image as a Chinese provider, experts say. By Anirban Ghoshal May 30, 2024 6 mins Cloud Computing PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe