Nebulon has announced two new zero-trust offerings: Two-Person Commit and Single Sign-on (SSO). This announcement advances Nebulon’s security offering, which includes advanced authentication and authorisation, always-on encryption, and 4-minute ransomware recovery capabilities – all critical for securing distributed edge data centre locations.
Gartner predicts that by 2026, only 10% of large enterprises will have a mature and measurable zero-trust program in place, up from less than 1% today. In another report, Gartner notes, “Through 2026, more than half of cyberattacks will be aimed at areas that zero-trust controls do not cover and cannot mitigate”. Zero-trust infrastructure best practices are critical for both perimeter-level protection as well as internal processes—particularly for destructive actions that can delete data or infrastructure configuration. Furthermore, the ever-expanding and geospatial distribution of infrastructure makes the coordination and rotation of secure passphrases especially challenging.
Two-Person Commit is a security policy that has its origins in military protocol and has become a welcome addition to the arsenal of IT security controls. This policy protects organisations from accidental or malicious destructive actions by providing an additional layer of security for Nebulon-based clusters or groups of clusters. Once a user enables the Two-Person Commit security policy, certain operations in the cluster group must be approved by two people in the organisation, including deleting clusters, volumes and snapshots, and disabling the security policy.
Nebulon’s Two-Person Commit policy includes three parties: ‘requestor’, the user that requested an action, ‘approver’, a user that is approving the request, and ‘arbitrator’, the Nebulon customer satisfaction team. The role of the arbitrator is to ensure that the requestor and approver are distinct individuals. Without an arbitrator, an administrator could create a secondary (virtual) user account to approve their own requests.
Nebulon has also announced Single Sign-On (SSO) for Microsoft Azure Active Directory environments, allowing users to sign in and access their Nebulon-based infrastructure using their Azure Active Directory credentials. Nebulon SSO also supports the mapping of Active Directory groups to other groups in Nebulon’s cloud (NebulonON) to further simplify user and group identity management. This new authorisation capability improves perimeter protections by (1) separating the responsibility of identity management and infrastructure management, (2) simplifying username and passphrase management, and (3) improving identity protection when paired with multifactor authentication (MFA).
“Numerous vendors on the market tout zero-trust capabilities, but unless these are implemented at every layer, including down to the server-storage layer, there is no way for an enterprise to be fully protected,” said Siamak Nazari, Nebulon CEO. “Whether it be protection from cyberattack or user error, these capabilities help organisations take the additional steps needed to put zero-trust into practice.”