 |
VOOZH | about |
|
VOOZH | about |
We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.
Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.
Follow TNS on your favorite social media networks.
Become a TNS follower on LinkedIn.
Check out the latest featured and trending stories while you wait for your first TNS newsletter.
The lack of access control and monitoring creates a significant security risk for companies and opens them up to data breaches that could cost them millions of dollars.
Over the years, companies have relied on traditional approaches like virtual private networks, passwords, private keys, segmentation with role-based access control, etc., as a form of securing their infrastructure, but these methods are usually labor intensive, highly subject to breaches and not future-proof.
The advancement of hackers requires stepping up your security game, and that’s why using an access control system like Teleport, which follows the principle of least privilege, is recommended.
In this article, I’ll highlight different ways Teleport can be used to securely access and monitor your team’s infrastructure (VM, Kubernetes clusters, databases Windows Server) and, as such, expedite your team’s development workflow, productivity and security.
Using the default approach, you’d typically have to create a Kubernetes role object and assign your teammates to it. Teleport enables you to do this, but it goes a step further to support the implementation of a single sign-on (SSO) authentication scheme using any of these SSO providers, thereby removing the need to create separate users for your K8s cluster each time a new teammate joins the company.
Using Teleport to implement SSO authentication on your infrastructure comes with many benefits. Some of my favorites include:
Learn more about how Teleport users can log into any infrastructure (servers, Kubernetes clusters, databases, web applications and Windows desktops) through GitHub or their organization’s single sign-on (SSO) if using the enterprise version.
Teleport was built to facilitate identity-based security. This means that people who do not match the specified identity will not be given access to any of your infrastructure, thereby neutralizing security threats and reducing the impact of breaches.
One of the benefits of this security approach is that you’ll know the identity of everyone who has accessed your Kubernetes cluster and can also see the interactions performed on the cluster for security or debugging purposes.
For instance, imagine that one of your teammates (Paul) made some changes to the Kubernetes cluster and then goes out for lunch immediately without realizing the changes he made negatively affected the Kubernetes cluster. You get notified about this error and instead of panicking, you’ll head over to your Teleport Dashboard, view the cluster’s audit log and identify the actions performed on the Kubernetes cluster.
With this new information, you know that Paul’s changes may have caused the issue, but you want to confirm, so you head over to the Session recordings of Paul’s activities, see exactly what he did and make the required changes to fix the issue. Pretty cool, right? I know! With Teleport, debugging and analyzing bugs is now easier than ever.
For context, Teleport’s visibility comes in three formats; session recordings, audit logs, and a live view.
Role-based access control (RBAC) and attribute-based access control (ABAC) are the two most popular ways of implementing access control. RBAC permits or restricts access to an infrastructure based on the individual’s role within the organization. In contrast, ABAC restricts or approves requests based on specific attributes (time, location, etc.) of the individual.
RBAC and ABAC have their benefits, as highlighted in the links added above, but they also have certain disadvantages. For instance;
Teleport doesn’t only make it easier for you to incorporate the good aspects of RBAC and ABAC. It also addresses its cons by including features that allow you to implement the principle of least privilege on your infrastructure while using either RBAC or ABAC.
For instance, when using RBAC the default way, you’d always have to proactively update policy on any data or organizational structure change because RBAC doesn’t future-proof any organizational changes. But when implementing RBAC with Teleport, you don’t need to worry about RBAC’s future-proof limitations as you can grant access to certain resources for a certain period of time and their access to that resource will be terminated after the time has elapsed.
With Teleport, development teams can escalate their requests for specific roles or resources inside an infrastructure to ensure they are not left frustrated because they’ve not been given access to the necessary resources they need to fix a bug.
There are so many key things I find fascinating about Teleport’s one-time privilege escalation. To name a few;
Teleport doesn’t just enable you to create secure access to your infrastructure, it:
If your team’s access control challenges keep you up at night or are becoming too labor-intensive, then Teleport may be what you need. I’d recommend you check out their case study page as it will help you learn about how Teleport is used by companies in numerous fields and also discover how it would work in your field as well.
