Teleport Extends Access Management Gateway to Software
Teleport today made available an update to its access management platform that can now also apply an identity to software.
In addition, Teleport 9 makes a Teleport Desktop Access module generally available with support for Windows session recordings, copy-and-paste via a clipboard and multifactor authentication included.
Finally, Teleport extended its Teleport Database Access module to add support for Redis, MariaDB and Microsoft SQL Server databases along with the auto-discovery of Amazon Redshift clusters running on the Amazon Web Services (AWS) cloud.
Teleport CEO Ev Kontsevoy said that the latest edition of the open source Teleport Access Plane in Teleport 9 adds a Teleport Machine ID capability that can be applied to, for example, continuous integration/continuous delivery (CI/CD) platforms, cloud services and even custom code in applications.
Previously, Teleport could only manage access to IT infrastructure such as servers. Now the management of credentials for both hardware and software can be consolidated to better enforce zero-trust IT policies, said Kontsevoy. Teleport 9 also now supports moderated sessions through which multiple authorized individuals can be jointly connected to the same session.
Legacy approaches to accessing IT resources generally rely on hard-coded shared credentials, such as passwords or keys, that provide access to application programming interfaces (APIs). The Teleport Access Plane makes it possible to programmatically issue certificates in a way that also provides a single source of truth for the management of credentials, Kontsevoy noted. In the event that a credential is lost or stolen the potential blast radius of that breach is limited to how long the certificate used to access a limited set of resources remains valid, he noted.
The identities of all users, infrastructure resources and custom applications are mapped to specific roles that both authorize access and create boundaries that fit each role. All events are also logged, tracked and monitored.
A recent survey of 1,000 IT and security professionals published today by Teleport found that 83% of respondents could not guarantee that ex-employees couldn’t access their infrastructure. Well over half (59%) of IT, DevOps and security professionals said they are “concerned” or “very concerned” about ex-employees leaving with secrets and/or knowledge about how their organization accesses infrastructure. More than half of respondents (53%) also said their organization implemented new security methods that employees failed to adopt. A full 61% of respondents said their organization experienced a time when an engineer has been unable to contribute to the resolution of an issue because of access issues.
A full 70% of respondents also said they still use passwords to grant infrastructure access, with over half (53%) using virtual private networks (VPNs). Just under a third (32%) said they currently rely on short-lived identity-based certificates to grant infrastructure access. However, in the absence of a dedicated security gateway to manage access, it’s relatively trivial for a malicious actor to escalate privileges once they compromise a credential. Any real zero-trust approach to security needs to encompass not just the identity of end users but also the applications and machines. Otherwise, it’s a relatively simple matter for any determined cybercriminal to use a stolen credential to access just about anything.
