Simplifying FedRAMP Compliance with Teleport
Jun 27
Virtual
Register Today
Teleport logoTry For Free
Home > Additional Resources > Compare

StrongDM vs Teleport

Posted 16th Mar 2023 by Michael Ferranti

What is StrongDM?

StrongDM is a cloud-hosted infrastructure access platform designed to streamline the management of infrastructure access. With StrongDM, organizations can manage access to infrastructure tools such as servers via SSH, Kubernetes, databases and other applications across multiple environments. The platform provides a proxy layer and centralized hosted console where administrators can manage user access, set permissions and monitor activity.

StrongDM can be used for remote access to infrastructure via secrets like passwords and keys. It offers a secret store to house credentials used to access infrastructure resources and integrates with 3rd party secret stores like Hashicorp Vault and Amazon AWS KMS.

Known for ease of use, StrongDM integrates with an existing password and key vaults and is a great fit for teams who do not need capabilities such as dual authorization, session moderation, session locking, per-session MFA, or device verification as part of their Zero Trust strategy.

As a cloud-hosted solution, StrongDM can be used by organizations that do not have requirements for keeping their access layer within their own data center or cloud VPC. StrongDM is a proprietary solution that is preferred by some organizations over open-source solutions.

What is Teleport?

Teleport is an open-source, infrastructure access platform for engineers and machines. By replacing insecure secrets like passwords, keys and tokens with true identity based on biometrics and security modules, Teleport delivers phishing-proof zero trust for every engineer and service connected to your global infrastructure.

The open-source Teleport Access Platform consolidates connectivity, authentication, authorization, and audit trail into a single source of truth for access policy across your entire infrastructure while delivering a frictionless developer experience. Teleport replaces VPNs, shared credentials, secrets vaults and legacy privileged access management (PAM) solutions, improving security and engineering productivity.

When comparing Teleport to StrongDM, it is worth highlighting several key Teleport features:

1. Teleport is open-source

We believe that the best security solutions are built in the open. You can view the Teleport source code here and contribute in our open community.

2. Teleport can be self-hosted for FedRAMP or other compliance needs

Teleport offers a self-hosted version that keeps access and data within corporate networks. Teleport has helped multiple organizations obtain multiple compliance regimes, such as FedRAMP and SOC2 certification, using the Teleport Enterprise FIPS binary.

3. Teleport is secretless

Secrets like passwords and keys are the number one cause of breaches. Keeping secrets and passwords in a secrets manager is better than using Post-It notes, but they are still a breach waiting to happen. Teleport replaces secrets like passwords and keys with secure, short-lived certificates based on human and machine identity. Fundamentally, we believe that using secrets to access something as critical as infrastructure is a design flaw.

4. Teleport is a full Zero Trust solution

Teleport combines an identity-aware access proxy with sophisticated authorization, audit, and device attestation to provide a complete Zero Trust solution. Read about how Teleport fully implements a BeyondCorp and Federal Zero Trust Architecture Strategy and how we ensure that only trusted devices are used to access infrastructure.

5. Teleport provides advanced security & compliance capabilities

Teleport is used by organizations with sophisticated access control requirements needed to achieve FedRAMP, SOC2, ISO 27001 and other compliance standards. Below is a partial list of these capabilities.

  • Dual Authorization: Requires the approval of multiple team members to perform some critical actions.
  • Session Moderation: Requires one or more other users to be present in a session. Depending on the requirements, these users can observe the session in real-time, participate in the session and terminate the session at will.
  • Device verification: Teleport Device Trust requires that only registered devices can be used to access infrastructure resources.
  • Kernel-level logging: By using eBPF, Teleport enhanced session recording doesn’t just record what happens in the terminal, which can be obfuscated, but what happens down the kernel level.
  • SSO Support: Teleport offers a range of support for SAML and OIDC SSO Providers. Including Okta, GitHub, Microsoft Azure AD and Google Workspace.
  • Session Locking: System administrators can disable a compromised user or node — or prevent access during cluster maintenance — by placing a lock on a session, user or host identity using Teleport’s API
  • Per-session MFA: Teleport supports requiring additional multi-factor authentication checks when starting a new session to protect users against compromises of their on-disk Teleport certificates. One of many extra options as part of Teleport role-based access control system, along with Device Trust and IP Pinning.
  • Strict session recordings: Administrators can optionally elect to terminate SSH sessions if there is a problem with a recording, such as a full disk error.
  • Full Identity-provider: Teleport can be used as a complete replacement for existing identity management tools. As an SSO SAML identity provider, Teleport can be used by teams as an identity provider to access apps.

6. Teleport can run in Agentless mode

Teleport can be used with OpenSSH to provide agentless options for connecting to Linux server hosts. Agentless is a great option when options for running an agent on a host are limited or if connecting to a larger legacy fleet.

Teleport vs StrongDM

To conclude, both Teleport and StrongDM can be used to access your infrastructure. One of the best ways to evaluate both products is with a 14-day trial offered by both Teleport and StrongDM with their SaaS offerings.

If you’re looking for a longer-term trial and want to host yourself, the Teleport Community edition is a perfect open-source version that can secure everything from your business to your home lab.