What is Identity-Native Infrastructure Access?
Identity-Native Infrastructure Access is the concept of linking access to an identity. Instead of sharing passwords or other secrets, access is granted on an individual's identity. Deployed by the world's largest tech companies, it's the only way to securely scale access. So, how can you secure access to diverse infrastructure components, from bare metal to ephemeral containers, consistently and simply? In this practical book, authors Ev Kontsevoy, Sakshyam Shah, and Peter Conrad break this topic down into manageable pieces.
What you will learn
Traditional secret-based credentials can't scale to meet the complexity and size of cloud and on-premises infrastructure. Today's applications are spread across a diverse range of clouds and colocation facilities, as well as on-prem data centers. Each layer of this modern stack has its own attack vectors and protocols to consider.
How can you secure access to diverse infrastructure components, from bare metal to ephemeral containers, consistently and simply? In this practical book, authors Ev Kontsevoy, Sakshyam Shah, and Peter Conrad break this topic down into manageable pieces. You'll discover how different parts of the approach fit together in a way that enables engineering teams to build more secure applications without slowing down productivity.
With this book, you'll learn:
- The four pillars of access: connectivity, authentication, authorization, and audit
- Why every attack follows the same pattern, and how to make this threat impossible
- How to implement identity-based access across your entire infrastructure with digital certificates
- Why it's time for secret-based credentials to go away
- How to securely connect to remote resources including servers, databases, K8s Pods, and internal applications such as Jenkins and GitLab
- Authentication and authorization methods for gaining access to and permission for using protected resources
Book Outline
Chapter 1: The Pillars of Access
In a modern DevOps-driven infrastructure management, access should be both secure and scalable. To achieve such security and scalability, organizations must move away from traditional secret-based access to identity-based access. For an effective identity-based access, true context identity must be applied to each stage of access.
This chapter introduces four core stages of access: connectivity, authentication, authorization and audit, which we essentially term as the Pillars of Access. We also introduce the importance of security versus convenience and the foundation of identity-based access.
Chapter 2: Identity
Traditional access control has always been based on possession of some form of secrets, such as passwords, private keys etc. But since these forms of secrets are vulnerable to human error, and are easy to steal, spoof, lose, or misuse, secretless access based on true identity proposes a secure alternative.
But how can we derive true identity and use that for access? For humans, true identity can be derived from biological factors (such as fingerprint, retina etc). For machines, hardware with TPM can be used to store machine-specific digital certificates, attested by manufacturers. This chapter dives into more details about how these true identities can then be attested by a certifying authority in a process called identity proofing, paving a way for identity-based access.
Chapter 3: Secure Connectivity
This chapter starts with a brief introduction to cryptography, symmetric and asymmetric encryption and digital certificates, which are fundamental technology that enables identity-based access. This chapter then introduces zero trust approaches for secure connectivity.
Historically, network connectivity used to be synonymous with access. An ethernet cable connecting the client's computer to the office network would literally mean the client can “access” the network, and server hosted on that network. Gradually, security champions started to add authentication and encryption to a perimeter-defined network and VPN was born. VPN’s did a great job to secure access to the network. But that’s an obsolete model which no longer makes sense because:
- The perimeter-based model worked by treating clients connecting from outside the perimeter to be insecure and clients inside the network to be secure. This model means that if an attacker would be able to breach the perimeter, then they would have an open pass to access and compromise the internal network.
- Computing infrastructure itself is spread out between multiple data centers and cloud providers. There’s no single corporate network where perimeter can be easily defined. Shoehorning would only increase complexity while adding little value.
- Furthermore, most of the infrastructure attacks target application layer, where a VPN based security can have a complete blind spot. Addressing these challenges, this chapter lays out techniques for modern zero trust connectivity.
Chapter 4: Authentication
Traditional Secret-based authentication has two major security flaws:
- Insecure by design: there’s no default security boundary, requires high entropy and sets of constraints in place (e.g. minimum character, special characters etc), requires careful (hash+salt) storage in the backend
- Insecure in practice: depends on the user not writing them down on sticky notes, developer not pushing them in git commit, susceptible to phishing etc.
Besides security, there’s also an operational side of managing authentication, i.e., scaling the authentication to several hundreds and thousands of clients on demand and being able to authenticate properly both humans and bots. This chapter evaluates different schemes and methods of authentication appropriate for secure and scalable authentication.
Chapter 5: Authorization
Authorization must be scalable, expressive and account for insider threats. Access policy should be context driven, based on identity, roles, intent and attributes rather than trust. This chapter explores the three evolutions in access control: From simple access control models such as MAC, DAV, RBAC to privileged access management to zero trust and identity-based authorization. Finally we introduce core concepts and techniques on identity-based authorization.
Chapter 6: Audit
A detailed audit log (who did what, when and how) is an important artifact that is valuable to investigate a security incident. Real-time audit logging can even help detect anomalies before an incident. But when it comes to access audit logs, there’s a catch: when access control depends on secrets, and spoofable identities, audit data can be meaningless.
This chapter goes into details on the basics of auditing with an emphasis on identity-aware logging.
Chapter 7: Scaling Access
The best form of access control is the one that lets us scale infrastructure operation without compromising on security. At the end, an obtrusive security may hinder engineering workflow, costing more than the assumed security incident itself.
This chapter discusses how identity-native systems enable for scalable and secure infrastructure access and lay out technical concepts to implement an identity-native system.
Chapter 8: Call to Action
In the previous chapters, we’ve talked a lot about what we don’t want to allow: human error, vulnerabilities, attacks, and threats. But the point of the book is about access—letting people in, not shutting them out. We want people to be able to work together easily.
This chapter will offer some parting words on security and convenience at scale, the future of Trust, infrastructure as one big machine, and the future of security threats.
Authors
Ev Kontsevoy
CEO, Teleport
Sakshyam Shah
Software Engineer, Teleport
Peter Conrad
Author of What is KubeVirt?,
Clients
Trusted by leading organizations