Trust is an omnipresent concept in the B2E, B2C and non-human identity worlds – where the paradox of ideas like zero trust, personalised experiences and secure-by-design are common.
But one area that is fundamental to the delivery of APIs, data and applications is the underlying infrastructure – the storage, compute power, networking and now more latterly AI components. How can that be secured?
Infrastructure is now distributed across both cloud service providers, on premises virtual machines, containers and more. Each often has specialised tooling, isolated ways of being managed with numerous different entry points for both configuration and usage.
Privileged Access Management and Non-Human Identity management systems have evolved in the past decade to try and cover both more systems and more use cases. However we are now seeing the emergence of specialist tooling to delivery secure end–to–end access and management for infrastructure – that covers a multitude of identity types, protocols and communications methods.
That end-2-end assurance model sees us trying to left–shift our security controls to as early a part of the identity life cycle as possible – then take the output of that and leverage it through both authentication and access control decision making stages.
For infrastructure and programmatic ways of access – we start to move towards both cryptographic challenge response for authentication, then trusted states of software via root of trust attestation. Like most security controls the ability to create a secure baseline, then observe changes from that, becomes a repeatable and scalable way of handling assurance.
A guest article I wrote for Teleport amplifies the view that we now need to see infrastructure needing a specialist protection model, with a wide and varied set of access pathways – covering humans, non-humans and programmatic access – all across a range of different protocols and entry points.
Reach out for further information or to book an inquiry call.