Empowering organisations to unify access control and policy across infrastructure

Amid rampant cyber breaches, Teleport Policy gives organisations real-time insights and centralized policy management for all infrastructure access.

  • Wednesday, 7th February 2024 Posted 10 months ago in by Phil Alsop

Infrastructure access firm Teleport has launched a new product to help break access silos and reduce cyber risk from today’s increasingly complex DevOps infrastructure. The solution, Teleport Policy, offers organizations instant visibility and unified policy management over how engineers, users and workloads access infrastructure and data.

The rapid growth of clouds, data centers, and everything within has fragmented infrastructure into access silos. These silos service different operational needs of the organization but make it difficult for security leaders to quickly view access relationships, implement policy across infrastructure, or respond to incidents. Meanwhile, threat actors are taking aim at static and standing privileges, as well as secrets, to hijack infrastructure and data, highlighting the urgent need for more efficient ways to implement security policy.

“Our data shows that over the past year, most organizations (76%) have experienced multiple incidents of account or credentials compromise, often resulting in cybersecurity attacks or lateral movement,” said Melinda Marks, Practice Director, Cybersecurity, at Enterprise Strategy Group. “Organizations need a better approach to deliver consistency in how they manage permissions and access, including better visibility of identities and relationships to resources across environments and better ways to manage permissions, to support DevOps and security needs when operating at scale.”

Teleport Policy solves these challenges by giving customers complete information on access relationships across a company’s clouds and data centers. With actionable insights, customers can harden their security posture by removing standing or stale privileges, as well as instantly view who has access to an infrastructure resource. From there, they can intervene in a breach before a threat actor can laterally move elsewhere in the infrastructure.

“It’s an inconvenient truth that the software industry has lost the plot on who has access to what infrastructure across applications and workloads,” says Ev Kontsevoy, CEO of Teleport. “We’ve heard from infrastructure heads across the industry that, at best, it takes days on average to trace all access relationships attributed to a specific user or resource. In today’s world of rampant cyberattacks, however, that’s not agile enough to intervene in threat incidents. Our goal is to give people this much-needed visibility and control over access. Any company should be able to comprehensively apply and enforce policies like, ‘developers should not have access to production code,’ across their infrastructure.”

A report from Teleport in 2022 found that access management is becoming increasingly complicated, and there are no signs of slowing down. On average, organizations use 5.7 different tools to manage access policy, making it arduous and time-consuming to lock access for compromised users or systems.

“As identity-centered attacks increase, the ability to intervene in compromised systems is critical to prevent threat actors from laterally moving from breaches to other locations on the network that house sensitive data,” says Sasha Klizhentas, CTO of Teleport.

”Infrastructure-as-code offers tremendous flexibility, but its inherent complexity creates challenges with access control and policy management,” says Amado Gramajo, Vice President, Infrastructure & DevOps at Nasdaq, a Teleport customer. “The ability to deploy policy everywhere from one place, paired with enforced least privileged access and secure remote access from anywhere, significantly reduces management overhead and shrinks the attack surface.”

Like last year’s introduction of Teleport Identity, Teleport Policy is an extension of the company’s core Teleport Access Platform. This platform provides on-demand, least-privileged access on a foundation of cryptographic identity and zero trust. These tightly coupled products pair access control with identity and policy governance, enabling organizations to remediate compromised identities or modify policy across all infrastructure with a single click. In doing so, they also improve the engineer experience when accessing infrastructure, boosting productivity in the process.

Teleport Policy includes the following features:

Harden security posture by identifying and replacing standing or stale privileges, over-permissive roles or roles granting too many standing privileges.

Accelerate investigations and responses with visibility over access relationships in a unified Access Graph

Unify policy management across infrastructure silos, with the ability to query and manage policy using SQL*, replacing esoteric languages and file formats (*SQL management coming in fall 2024)