The 8 Principles of Modern Infrastructure Access
Introduction
Your infrastructure resources are some of the most sensitive and valuable assets across your corporate network. Whether in the cloud or on-prem, controlling access to servers and databases is a top priority for IT and Security departments. Traditional methods are laser-focused on “protecting the keys”, yet admin credential breaches continue to slam businesses year over year. Something has to change.
This whitepaper examines the core challenges with securing access to infrastructure, and why we need to revisit the approach our industry has taken to date. Building on Forrester’s Zero Trust model, we’ve developed a modern methodology for infrastructure access. This methodology is bound by eight principles that set the foundation for a more secure environment—one that’s fit for the modern cloud era.
Traditional Measures Don’t Cut It
With static credentials, possession is 100% of the law—there is no direct link to identity
We have a credential problem. Any password or key-based system—which currently represents a majority—presents a serious issue. The core challenge with securing infrastructure lies in the credential mechanism used to log in to servers. Any user with the correct login key or password can access the system, no matter how that credential was acquired. Stolen credentials then become a carte blanche for any attacker. This has brought about a number of products and practices that attempt to address the credential problem. These solutions mostly center on wrapping a management layer around credentials so they can’t be lost, stolen, or misused. Despite being a step up from self management, these solutions are still rooted in the concept that the credential holds the key to access the system, not the user.
Problems with traditional solutions:
• Static credentials. Even with a management layer protecting credentials, their inherent properties do not change. Multiple users can hold the same credential, and there’s no way to guarantee or track identity.
• Painful to operate. Products in this space are widely recognized as a burden on operations, especially in highly automated, elastic cloud environments. Th