default-focus-right

Zero trust access for object storage

Apply a zero trust access model to your object storage deployment

Request a Demo

Secure object storage optimization

Kemp LoadMaster load balancers optimize object storage environments by enforcing QoS policies, enabling distributed single namespace deployment, enhancing S3 traffic flow efficiency and providing frontend proxy optimization. When leveraged as a Zero Trust Access Gateway (ZTAG), LoadMaster load balancers provide additional security features for object storage deployments.

Object storage helps customers streamline modern application deployment with improved economics, efficiency and more accessible data analytics. When proxying object storage deployments, LoadMaster load balancers are in the optimal position to apply a zero trust security model for compliant, policy-based access control with the following key capabilities:

  • Default least privileged security model
  • Fine grain access control
  • Security zone-based policy logic
  • Bucket and object level policy application
  • Storage operation awareness
Policy-Driven object storage accessTransparent Visibility Traffic flow decryption and network telemetry enabled analysis of transactions and forensics when combines with network monitoring solutions Identity Context Analysis of authentication headers, iDP validation (if leveraged) along with other traffic flow characteristics enables application identity validation and enforcement of appropriate policiesSecurity zone identification Network segmentation awareness to determine trust level of security zones at initial connection attempt Granular Access Policy Application Flexibility to determine which abstraction layer policies are applied (i.e. network, storage bucket, etc.)Intent Analysis Determine entitlement and enforce controls around allowable storage types
Security zone identification Network segmentation awareness to determine trust level of security zones at initial connection attempt Transparent Visibility Traffic flow decryption and network telemetry enabled analysis of transactions and forensics when combines with network monitoring solutions Identity Context Analysis of authentication headers, iDP validation (if leveraged) along with other traffic flow characteristics enables application identity validation and enforcement of appropriate policies Policy-Driven object storage access Granular Access Policy Application Flexibility to determine which abstraction layer policies are applied (i.e. network, storage bucket, etc.) Intent Analysis Determine entitlement and enforce controls around allowable storage types

Deployment model

With a Kemp Zero Trust Access Gateway deployment model, object storage ecosystems are protected with per bucket access control for S3 operations. An infrastructure-as-code model for maintaining desired configuration state simplifies application and maintenance of complex object storage access policies.

10.110.100.6/24Obj_Admin1Security Zone 1 - LeastTrustedAPPAPPAPPObjectScaleObjectScaleObjectScale10.110.100.6/24Obj_Admin2Security Zone 2APPAPPAPP10.110.100.6/24Obj_Admin3Security Zone 3 - Most trustedAPPAPPAPPAccess Policy10.110.100.6/24Obj_Admin1192.168.99.32/24Obj_Admin2172.16.99.44/24Obj_Admin3GETGET, PUTGET, PUT, DELETEBucket 1Bucket 1Bucket 14WhoWhatWhereConnection Manager for ObjectScale
Access Policy10.110.100.6/24Obj_Admin1192.168.99.32/24Obj_Admin2172.16.99.44/24Obj_Admin3GETGET, PUTGET, PUT, DELETEBucket 1Bucket 1Bucket 14WhoWhatWhereConnection Manager for ObjectScale10.110.100.6/24Obj_Admin1Security Zone 1 - LeastTrustedAPPAPPAPP10.110.100.6/24Obj_Admin2Security Zone 2APPAPPAPP10.110.100.6/24Obj_Admin3Security Zone 3 - Most trustedAPPAPPAPPObjectScaleObjectScaleObjectScale

Resources

computer-resources

Zero trust for object storage solution brief

Learn more
Free virtual trial

Reference architecture

Learn more
computer-resources-2

Kemp's object storage solutions

Watch now

Start your Zero Trust
access gateway

evaluation

Loading animation