Teleport Blog - Is Santa an insider threat? - Dec 14, 2023
Is Santa an insider threat?
Is Santa an insider threat? He breaks into your home, consumes cookies, drinks milk/whisky and leaves a collection of items hidden behind highly decorated wrapping paper. Rumor has it that he can tell if you’re naughty or nice and is actively tracked by NORAD. Can we trust Santa with his elevated access? The answer is, of course, Yes, because we are all Santa. Santa is ultimate trusted Certificate Authority, entrusting intermediate trust to parents worldwide.
I had planned to do a larger bit about Santa but ran out of content, so I’ve decided to do a quick retrospective and focus on a few highlights for the year.
From 12 to 14
We started the year with Teleport 12, with a preview of Device Trust and full support for Windows hosts, for both AD & non-AD Connected hosts, and per-Pod RBAC. Followed up by Teleport 13, with automatic agent updates and TLS routing through ALBs for Server & Kubernetes access. Teleport 14 was released in September with a collection of Identity, Governance and Security features, including Access Lists and Access Monitoring. As we ship on a 4 month basis, it can be hard to keep up with feature releases. We are exploring launching a monthly product newsletter; if you want to sign up for the monthly digest, sign up here.
Automatic Agent Updates
In our recent community survey, we received many comments that keeping Teleport up-to-date was a pain point for teams. With the launch of Teleport Team and Teleport Cloud, our team now provides zero-downtime upgrades for the main cluster, but you’ll still need to keep deployed agents updated. Learn more about setting up Automatic Agent Upgrades.
If you have trouble keeping agents updated, an easy solution to remove the toil of updating agents is to use our new Agentless options. Agentless can help scale by completely removing the need to install an agent. With AWS EC2 Instance Connect, Teleport can connect to hosts via Instance Connect without needing the Teleport agent or SSH. Another Agentless option is the range of autodiscovery options for AWS databases and EKS Cluster autodiscovery.
This year we launched Teleport Team, a SaaS offering perfect for startups, rapidly expanding businesses or even hobbyists looking to secure their infrastructure without having to update/deploy or maintain a Teleport Cluster. Since launching in May, we’ve seen great adoption, and I’ve heard great feedback from teams that want to focus on building. Teleport Team starts at $15/user a month and has a 14-Day Trial.
Teleport Connect 2023
We hosted our 2nd in-person user conference in San Francisco, with a chance to hear from our community and our engineering team. It was a great event with a lot of great content. We recorded the event and will have a replay on Feb 8, 2024. RSVP for Free
For the past few years, we’ve been helping companies big and small protect their infrastructure with identity-first concepts. We believe this is a fundamental shift in providing access. In Identity-Native Infrastructure Access Management, we deep-dive into the concepts that we believe must be true for modern infrastructure access. Our CEO Ev Kontsevoy, Sakshyam Shah and Peter Conrad have laid out the fundamental ideas and concepts of how the largest tech companies deploy secure access at scale. The book is available in print or as a free PDF copy from our website.
Launch of Identity, Governance and Security
At Teleport Connect 2023 we launched our latest Identity, Governance and Security solution for teams. This solution helps protect identities across all of your Teleport infrastructure and lets you easily eliminate weak access patterns and minimize the attack surface by using Access Requests. If there is an issue, teams now have the ability to lock users, devices or servers to respond to threats quickly. Learn more here.
Prediction for 2024
Last year, I wrote my prediction for Passkeys being adopted at large in 2023. I’m still to finalize my 2024 prediction but I’m keeping a close eye on a few trends… Better understanding Policy as Code, Device Trust and Device Posture, adopting OIDC join methods for machine-to-machine communication.
- [Webinar] Teleport Connect Virtual - Feb. 8th.
- [Webinar] Legitimizing Zero Trust: A buzzword no longer? - March 21st
Stay up-to-date with the newest Teleport releases by subscribing to our monthly updates.