AWS re:Invent 2022
Identity Native Infrastructure Access on Aws with Teleport Prt041

Title

AWS re:Invent 2022 - Identity-native infrastructure access on AWS with Teleport (PRT041)

Summary

  • Teleport is an identity-native access solution designed to secure infrastructure by assigning identities to humans, machines, microservices, and applications.
  • Common breaches involve human error and pivoting to maximize damage; Teleport mitigates this by using hardware-level security, such as TPMs and HSMs, to protect identities.
  • Teleport began as an internal tool and evolved into a product due to demand, emphasizing identity from the start, unlike competitors who are "identity washing" their services.
  • Teleport uses mutual TLS for secure connections and provides a single platform for accessing various infrastructure resources like databases, Kubernetes clusters, and SSH nodes.
  • The platform includes a proxy for user-resource connections and an auth service with an audit log and certificate authority for issuing short-lived X509 certificates.
  • Teleport's RBAC roles integrate with other identity systems like AWS IAM, providing granular access control and a single source of truth for permissions.
  • It supports Zero Trust infrastructure access, rendering phishing and pivot attacks ineffective, and simplifies audit and compliance processes.
  • Teleport offers a Community Edition with core security features and an Enterprise Edition with additional SSO integrations and FIPS compliance.
  • The platform supports SSH, Kubernetes, database, and Windows access, with session recording and moderated sessions.
  • DoorDash's case study illustrates the scalability and security benefits of Teleport, transitioning from a homegrown solution to Teleport's enterprise offering.
  • Teleport emphasizes engineering productivity with security, offering a simple and secure solution that integrates with biometrics and consolidates access across different platforms.

Insights

  • Identity-native infrastructure access is becoming increasingly important in cloud environments to prevent breaches and secure resources.
  • Teleport's approach to security focuses on eliminating long-lived credentials and using short-lived certificates, which is a key aspect of modern security practices.
  • The use of hardware-level security measures, such as TPMs and HSMs, is a strong defense against physical theft and unauthorized access.
  • Teleport's mutual TLS connections and reverse proxy tunneling demonstrate a commitment to secure data in transit as well as at rest.
  • The case study of DoorDash highlights a common challenge in the industry: scaling access solutions as companies grow. Teleport's ability to handle this transition effectively is a significant selling point.
  • The distinction between Teleport's Community and Enterprise editions allows for flexibility and scalability for organizations of different sizes and security needs.
  • Teleport's emphasis on not disrupting engineering workflows while maintaining security is a critical consideration for adoption, as cumbersome security measures can lead to workarounds and reduced compliance.
  • The session highlights the importance of a unified access plane, which simplifies management and reduces the potential for configuration errors and security gaps.
Idea to Production on Amazon Sagemaker with Thomson Reuters Aim208Impact through Cutting Edge Ml Research with Amazon Research Awards Aim408