Access

Discovering “who has access to what” is critical for zero trust and PAM. These six steps will get you started with Access Management.

Role & Access Discovery aims to answer “Does this person, in this role, need access to that system?” Learn why this is a critical part of access management.

Today we’re going to take a closer look at the principle of least privilege (PoLP)—what it is, why it matters, and how to implement it in your organization. Understanding the principle of least privilege is critical, as network administrators must strike a balance between ease and security—protecting network access without causing friction for users. If access is too restrictive, employees won’t be able to do their jobs. Too lax, and the door to attack is open.

Zombie accounts: forgotten accounts that open the door to bad actors looking to insert malware, steal data, and damage your internal systems. Even though you may already use Privileged Access Management (PAM) to safeguard your most sensitive accounts, the credential management techniques below will expand on PAM to help you detect zombie credentials--and prevent them from wreaking havoc in your organization.

It’s easy to assume that individuals with privileged access will inherently do the right thing, or simply know what they’re doing when accessing systems. That isn’t always the case. Similarly, how often do you check in on your systems with privileged access to understand what they're up to?

Offboarding technical employees can be a complex and arduous process with a lot of moving parts. The key to successful offboarding is to have a clear understanding of what needs to be done, who does it, and how to monitor for any shenanigans from former employees.

Identity-Aware Proxy (IAP) is a Google Cloud Platform service that centralizes user access to SaaS applications and other cloud resources accessed by HTTPS. IAP secures authentication for requests made to virtual machines running on GCP and other cloud-based and on-premises applications, only granting access to users you authorize. With IAP, users can connect from untrusted networks without using a VPN.

strongDM’s CTO and co-founder, Justin McCarthy, sat down with Drew Blas, Director of Internal Engineering at Betterment, to discuss sources of friction in infrastructure access and how automating access and auditing has helped enable Betterment expand its teams, move to Kubernetes, and explore multi-cloud environments.

Terraform, we are a go for launch on the strongDM provider! We are happy to announce that strongDM has officially launched as a Terraform provider. That means that in one single configuration you can spin up a fleet of servers, import them into strongDM, and provision your users access in a matter of minutes.

Twingate started in 2019 in response to the growing challenges of managing access for a remote workforce. The product offers a zero-trust, cloud-based solution that aims to replace Virtual Private Networks (VPNs) by providing a secure, quick-to-implement solution for IT admins and everyday users. However, if you have a distributed workforce in need of access to databases, Kubernetes clusters, cloud CLIs, switches, routers, or internal web applications, there are other tools to consider. In this blog post, we’ll discuss the strengths and weaknesses of a few alternatives. But first, a side-by-side look at the features you may want to consider.

Thycotic was founded in 1996 as a consulting company and has evolved into a leading provider of Privileged Access Management (PAM). Thycotic’s Privilege Manager is a tool that allows organizations to secure access for privileged administrators (typically systems and database administrators) to Windows Servers, Linux servers, and some database management systems through a centralized authentication method. It does not secure access to modern and cloud-native databases, Kubernetes clusters, the cloud CLIs, switches, routers, or internal web applications.

Tailscale is a zero-configuration virtual private cloud that builds secure networks for WireGuard-encrypted traffic. Tailscale replaces traditional VPNs with a coordination node that acts as a control plane to manage keys and identities. This allows you to create a secure network between cloud resources without the need for firewall configuration changes. However, if your goal is to centralize and secure access to databases, servers, Kubernetes, and more, a VPN (even a fancy modern one) may not be the best approach. In this blog post, we’ll look at the strengths and weaknesses of a few alternatives. First, however, a quick comparison matrix of features may give you the information you’re looking for right away.