The Introduction of the Airlock Security Solution at Inacta

29. July 2021

 

Inacta has increased the security of its web applications against attacks via the Hypertext Transfer Protocol (HTTP) by using the security solution Airlock, a move that has been of considerable value to its customers. In this case study, you can read about how this works and how Inacta and Ergon Informatik AG implemented it.


STARTING POINT

Until now, Inacta mainly used Cloudflare services or a specially managed in-house set up based on Apache ModSecurity for web application firewalls (WAF). Unfortunately these services could no longer fully meet Inacta’s needs or those of its customers. Inacta lacked the following IT security and data processing features:

  • The processing of all data traffic within Switzerland which complied with an exceptionally high security standard;
  • independent maintenance of each application’s WAF;
  • The ability to comprehensively adjust each application’s security settings.

However, these requirements could be met using Airlock with the ‘Swiss made Airlock WAF solution’.


INACTA’S SOLUTION

Inacta’s solution offers the following new WAF features:

  • Cloudflare
  • Airlock Gateway

Data processing using Cloudflare is carried out all over the world whereas using Airlock it is guaranteed that data is processed in Switzerland.

For Inacta to be able to guarantee its customers they would benefit from the data processing security they expected, applications such as Jira, Wiki, Bitbucket, SVN, and Bamboo already have Airlock’s advantages.

The following diagram shows the current situation at Inacta:


AIRLOCK MICROGATEWAY IN COMBINATION WITH AIRLOCK GATEWAY

Airlock Microgateway helps to protect services from unauthorised or malicious access and is easy to use. The microgateway is a micro-WAF and is placed directly in front of the application or microservice (see diagram above).

Microgateways are additions to the central Airlock Gateway but do not depend on each other. However, for maximum benefit they are used together.

The Microgateway is responsible for the protection of a single application. Other security functions such as upstream authentication are still handled by the Airlock Gateway and Airlock Identity and Access Management (IAM) as this authentication should be carried out as far up the call chain as possible.

The following table compares the most important features of Airlock Gateway and Airlock Microgateway:


AIRLOCK’S INTRODUCTORY PHASE AT INACTA

The work needed to install Airlock Gateway was certainly justified, particularly considering the optimizations that were achieved with it. After initial installation of the appliance, an Airlock employee was present for its initial configuration. Inacta’s biggest involvement was when individual applications were integrated; this involves adjusting the security settings and testing for any false- positive events (such as if an access is wrongly classed as malicious).

DevOps Adrian Luthi said: “Thanks to Airlock’s support, the installation went smoothly and the Inacta team was able to focus on integrating the applications. In addition, Airlock was always available for questions, which were answered promptly.”


CONCLUSION

The biggest advantages of Airlock are the increased possibility of adjustments, the independence of the microservices and the processing in Switzerland of all data traffic using Airlocks’s own hardware. This means that all data traffic from the Airlock gateway is encrypted easily through georedundant data centre in Switzerland. These measures are necessary because for example they ensure bank-compliant security. This is of great importance to Inacta, as it is increasingly managing projects in the all-finance sector.

Consultant Andrin Farner: “We see the main advantages of using Airlock in increased customi- sation possibilities because of the Airlock Microgateway, which optimizes the protection of Kubernetes applications.”

Andrin Farner, Consultant, Inacta AG

 

ABOUT ERGON INFORMATIK AG

Ergon Informatik AG, which was founded in 1984 and is based in Zurich, creates unique customer benefits using digitalisationtrends – from initial concept to market success. Ergon combines technology, security and business competencies and implements smart solutions for complex requirements. Experts with first class training develop user-friendly customized software and internationally proven standard software for customers from a wide range of industries. It employs 330 people..