As infrastructure as a service opened the doors for infrastructure as code, developer teams started to use programmatic APIs to spawn new resources quickly, and on demand. Boosted by scalability and automation, the IaC approach strengthened DevOps teams, but the rapidity of application iterations ofent left security teams justifiably concerned.
The solution: applying the IaC mindset to data protection, crafting a method to support security and policy as code. Now DevSecOps teams can automate tasks such as pen testing, curbing infamous delays in production time.
“If you want to have a set of rules that govern who or what and when, and under what circumstances can access what data… wouldn’t it be nice to use code for it? Teleport does [that] with policy.” said Ev Kontsevoy (pictured), co-founder and chief executive officer of Teleport (Gravitational Inc.) “So essentially, if you want security as code, that’s what Teleport provides.”
Kontsevoy spoke with theCUBE industry analyst Savannah Peterson and John Furrier at AWS re:Invent, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed identity-native and security-as-code trends. (* Disclosure below.)
The following has been edited for clarity.
Peterson: Teleport is about identity, right? Give us a little bit of a pitch.
Kontsevoy: Teleport is the first identity-native infrastructure access platform. It’s used by engineers and by machines. First, identity-native. What does it mean? Identity-native consists of three things. The first component of identity-native access is moving away from secrets toward true identity. By secrets, I mean things like passwords, private keys, browser cookies, session tokens, and API keys. All of these things are secrets, and they make you vulnerable… We use something called True Identity; it’s a combination of your biometrics as well as the identity of your machines. That’s [trusted platform modules, hardware security modules, YubiKeys], etc.
The second component is zero trust. Teleport is built to not trust the network. So every resource inside your data center automatically gets configured as if there is no perimeter. It’s as safe as it was on the public network. And the third one is that we keep the access policy in one place. So, Kubernetes clusters, databases, [remote desktop and all of these protocols], the access policy will be in one place.
Peterson: How much more secure is leveraging biometric data for identity than the secrets we’ve been using historically?
The fact is that I don’t see how your credentials will be stolen in this system simply because your TPM on your laptop and your fingerprint cannot be downloaded. A lot of people ask us a slightly different question; it’s almost the opposite of it. Like how can I trust you with my biometrics? When I use my fingerprint, that’s my information; I don’t want my company to get my fingerprint. The answer to that question is, your fingerprint doesn’t leave your laptop. Teleport doesn’t see your fingerprint.
Furrier: What are your conversations with customers at re:Invent? Because this is a much broader conversation on the architectural refracturing of organizations.
Kontsevoy: I will mention two trends I observed. The first one is not even security related. It’s basically how, as the cloud becomes more mature, organizations develop their own internal ways of doing cloud properly. And they’re not the same. For example, some companies love having, ideally, just one enormous Kubernetes cluster with a bunch of applications on it. And other companies create Kubernetes clusters for different workloads. Both believe that they’re doing it properly.
The second trend is security related. Every organization is struggling with the access silos, dreaming about a day where they have one place, with great user experience, that simply spells out, ‘this is what policy is to access this particular data,’ and it gets automatically enforced. But every single cloud provider, but every single application, but every single protocol, but every single resource — we don’t have that unfortunately. Teleport is slowly becoming that.
Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of AWS re:Invent:
(* Disclosure: Teleport (Gravitational Inc.) sponsored this segment of theCUBE. Neither Teleport nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.