Amazon Case

Like many companies of its size, Amazon is concerned about strengthening security in its network. Most attacks these days occur from inside the network itself. BYOD has made the company more vulnerable. To this end we are proposing that Amazon implement Network Access Control (NAC). NAC delivers a comprehensive approach to identifying, controlling, and securing access to critical network communications and business services. Well-designed NAC solutions proactively manage whether a trusted user, a guest, or a device can connect to a network and what they are authorized to do once connect.

Due to technological innovation Amazon.com has expanded its product selection international retail websites, and worldwide network of fulfillment and customer service centers. Now over 2 million third-party sellers participate in Amazon. With its continued success Amazon currently employs more than 88,400 people around the world. Centered in Seattle, Washington, employees work in corporate offices, fulfillment centers, customer service centers, data centers, and software development centers globally.

The fact that Amazon is global and successful simple makes Amazon a more likely target not just from external threats, but from internal threats. Although most companies have lots of security on the edge, for example firewalls, antivirus software, and anti-spyware that are blocking the attacks from the outside. The inside has very limited security. Companies are realizing this is very inadequate. For example employees themselves may inadvertently go somewhere they are not supposed to. Malicious users can reach sensitive servers with only the security on the server keeping them from sensitive and valuable information. Guest could plug a device into an open port and remotely reach critical data. With such a distributed network, an attack could come from a break-in at a remote small office where it is harder to enforce security. All the viruses, worms, Trojans and bots, have shown companies that they need a lot more integrated security So what a large company like Amazon needs to do is implement Network Access Controls (NAC).

The technology of NAC makes sure only authorized users and devices connect to the network with the correct level of access. . The goal is to set the level of access that a user will get according to company policy. This access level would depend on the user's role and where the devices they are using meet company guidelines but not on how they are accessing the network. With Bring Your Own Devices (BYOD), NAC is starting to become popular because companies often want to differentiate an employee using a corporate laptop from the same customer using their own device, from a guest.

NAC is not a single device but architecture. NAC begins by detecting a new device on the network. It then authenticates the user and determines what level