The present disclosure relates generally to dynamic and secure cloud to on-premise interactions and connections with minimal customer configuration.
Companies, such as those in the banking, insurance, and medical industries, generally treat customer data as highly confidential. This confidential customer data is stored within on-premise data systems to meet security and privacy concerns. Yet, in today's mobile market, access to the on-premise data systems can be achieved through off-premise mechanisms, such as cloud, mobile, and web-based applications.
However contemporary implementations of cloud, mobile, and web-based applications fail to provide secure, highly available, bi-directional connections to on-premise networks that can meet the same security and privacy concerns noted above. For example, existing virtual private network based solutions do not provide fine-grained access control or scalability for bi-directional connections. Further, current cloud-integration solutions require non-trivial steps to manually setup credentials among multiple systems for access from cloud applications, which add complexity in development, testing, and production.
In addition, an issue with the contemporary implementations is a requirement to open a demilitarized zone (DMZ) port so connections can be established from the cloud, mobile, and web-based applications to the on-premise data systems. Opening the DMZ port can be challenging (e.g., from a development point of view) and infeasible to many organizations (e.g., from a security point of view).