MASTERCLASS SERIES
Real stories about standing privileges, audit blind spots, and developer friction — and what security teams gain when infrastructure identity is unified.
What You'll Learn
Why standing privileges and static credentials create identity risks that go undetected — and how just-in-time privileges eliminate that risk
Why security that meshes with developer workflows — using the same terminals, IDEs, and tools — drives adoption without friction
How siloed tools for AWS, GCP, databases, and on-prem infrastructure create visibility gaps that make incidents hard to catch and harder to investigate
How centralized audit logs and session recordings give you complete, defensible audit trails for SOC2, SOX, and more.
3 minutes, 37 seconds
Real Practitioner Stories
Read Full Transcript
I talked to one CISO from the Philippines who runs a fintech company and he was telling me a story in which there was a huge incident that happened in which they found a quarter of a million stolen from this organization. Eventually it comes to him and he's like okay how do we know this instance happened? The instance was disclosed to him through the finance team. The finance team had figured out that they had wired obviously a large amount of money. But the thing that caught it was it was using a coupon code from the last quarter. So was kind of suspicious. When they dived into it, they found that they had hired a contractor who had access to production systems and he had basically written a program to do like a salami scam. It's sort of like the classic meme of office spaces. It's kind of ironic, you know, office spaces in which they run this salami scam and then eventually the office burns down and they get away with it. But, you know, this was like last year that this is happening. And it sort of got me thinking about why is it still possible to run salami scams or these kind of attacks and it's normally because you give people too much access. You know, in this case, this contractor probably shouldn't have had access to this production system. He should have been moved to like just in time access.
Traditional tools create silos. You might have one tool for accessing your databases. You might have one tool for AWS, one tool for GCP, one tool for on premise and it sort of leaves a whole range of gaps. So you might have one relatively locked down. You have developers copying data from one cloud provider to another. The controls are a bit looser. The relationships are kind of tougher to figure out what's happening. If you don't have one centralized infrastructure identity control plane, you can't gate the access to everything.
A common use case that people use for Teleport is for auditing and they come with a range of problems. The developers are touching multiple systems. Often companies have certain controls. It can be SOC 2. These regimes have certain requirements. So you might need to have certain controls. One of the benefits of Teleport is you can tell the difference between a read control or a write control. And it makes it much easier when it comes to audit time to know what the developers have done on the system. The platform itself captures audit logs and screen recordings. So when auditors come in, it's very quick for them to know what happened in their systems and it's an easy checkbox.
I think ideally developers don't have to think about it. They just go about their day-to-day work. Teleport tries to be as developer friendly as possible. Developers, they access all of their resources through Teleport. They might log in once a day. They log in their identity provider, then they get access to their full suite of resources.
Once we've deployed Teleport, generally developers are quite happy with it. They're happy for it for all you have to do is SSO in once and then you get access to all of your resources. Everything works with your standard tooling. People can use their same terminals, the same IDEs, their same database GUIs. Everything sort of works out of the box. Developers are unique in their flows. They like to keep standard flow and tooling and Teleport just works with what they have. Security teams love it too because you get the visibility in the audit. But from a productivity aspect, people log in, they can just go about their work and generally the Teleport platform is sort of hidden from view. People just go about it and they have sort of little idea that they're even using Teleport.

A contractor wrote a program to skim tiny amounts. Finance caught it with an old coupon code. This happened last year. The problem? Standing privileges. Short-lived privileges would have prevented it.
One tool for databases, one for AWS, one for GCP, one for on-prem. Controls are tighter in some places, looser in others. Without a unified identity layer, you can't gate everything.
SOC2, SOX, and other compliance frameworks all have requirements. Teleport collects and governs every infrastructure event — logins, executed commands, deployments — as structured audit logs with session recordings. Read and write controls are clearly differentiated. When auditors arrive, the evidence is already structured and ready.
Developers log in once a day through their identity provider. Then they get their full suite of resources. No friction. Same terminals, same IDEs, same database GUIs. Everything works out of the box.
Security teams love the visibility and control. But from a productivity standpoint, the platform is hidden from view. Developers just go about their work. That invisibility is the highest praise.

00:30
Every agent, server, and workload in your infrastructure is a potential target. Treating each one as an identity — and protecting it — is what closes those gaps.

00:25
The power of giving every human, machine and AI agent an identity in your infrastructure—and why that matters.

00:40
Engineers keep their tools, terminals, and workflows. That's what unlocks velocity.
Operational discussion starters:
1. Do you know which contractors and third parties have standing privileged access to your production systems — and could you revoke it instantly if needed?
2. Do you have visibility into ungoverned access paths across AWS, GCP, databases, and on-prem — or are there blind spots between tools?
3. Can you prove identity activity across your infrastructure for every human, machine, and AI agent — or are there gaps in your audit trail?
4. How much time do engineers spend getting to the infrastructure they need to do their work?
30-Minute Identity Security Assessment
Map your identity surface with Teleport's Director of Product
Read Guide
How to simplify audit prep and meet compliance requirements
Read Article
New compliance considerations for AI in production