VPNs, privileged access and shared credentials don’t work well and must be eliminated in the developer environment. That’s in order to reduce attack surfaces, explains the first identity-native infrastructure company, according to Drew Nielsen (pictured), vice president of product marketing at Teleport (Gravitational Inc.).
The company thinks cryptographic validation of identity, in a frictionless form, is the way forward for engineers who are hopping quickly between environments, cloud and other disparate infrastructure.
“Engineers are going from system to system to machine to database to application; security solutions fail,” Nielsen stated.
Nielsen spoke with theCUBE industry analysts John Furrier and Savannah Peterson at the KubeCon + CloudNativeCon NA 2022 event, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed what identity-less means for development security. (* Disclosure below.)
Identity vs. attributes
“They’re too disruptive; they’re not transparent, and engineers will work their way around them. They’ll write it down, they’ll do a workaround, they’ll backdoor it,” Nielsen said of existing password-oriented security.
Teleport works to remove the number-one source of breach, including taking passwords, secrets and keys off the board. Scaling is also addressed through what is essentially a single source of truth, driven by an entire-infrastructure, authorization engine — scaling causes more security issues ordinarily as more passwords and secrets get generated, according to Nielsen.
Philosophically, the firm’s belief is that credentials used as identity isn’t really identity. It’s merely an attribute.
“Everyone’s like: ‘I log into my computer, that’s my identity.’ But it’s not,” Nielsen stated. “Those are attributes. They are something that is secret for a period of time, until you write it down.”
Interestingly, Teleport is pitching itself at DevOps individuals, not IT departments.
“If you really look at who’s dealing with infrastructure on a day-to-day basis, those are DevOps individuals,” Nielsen said. “That is who is our primary customer. We bring machines, engineers, databases, applications, Kubernetes, Linux, Windows, we don’t care,” he said of the environments that could be included.
Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the KubeCon + CloudNativeCon NA 2022 event:
(* Disclosure: Teleport (Gravitational Inc.) sponsored this segment of theCUBE. Neither Teleport nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)