Traditional secret-based credentials can't scale to meet the complexity and size of cloud and on-premises infrastructure. Today's applications are spread across a diverse range of clouds and colocation facilities, as well as on-prem data centers. Each layer of this modern stack has its own attack vectors and protocols to consider.

How can you secure access to diverse infrastructure components, from bare metal to ephemeral containers, consistently and simply? In this practical book, authors Ev Kontsevoy, Sakshyam Shah, and Peter Conrad break this topic down into manageable pieces. You'll discover how different parts of the approach fit together in a way that enables engineering teams to build more secure applications without slowing down productivity.

With this book, you'll learn:

• The four pillars of access: connectivity, authentication, authorization, and audit
• Why every attack follows the same pattern, and how to make this threat impossible
• How to implement identity-based access across your entire infrastructure with digital certificates
• Why it's time for secret-based credentials to go away
• How to securely connect to remote resources including servers, databases, K8s Pods, and internal applications such as Jenkins and GitLab
• Authentication and authorization methods for gaining access to and permission for using protected resources

Table of Contents

Chapter 1. Introduction: The Pillars of Access

Chapter 2. Identity

Chapter 3. Secure Connectivity

Chapter 4. Authentication

Chapter 5. Authorization

Chapter 6. Auditing

Chapter 7. Scaling Access: An Example Using Teleport

Chapter 8. A Call to Action

The challenge of securing infrastructure is no secret. As an organization scales and more people need access, a lush forest of policies and tools grows organically, resulting in both inconvenience and vulnerability across the entire infrastructure.

This is very bad.

This book provides theory and real-world advice to help organizations step up to the new challenge of securing infrastructure: no secrets! The following chapters consider all aspects of identity-based access management, addressing topics from identity proofing to auditing. By bringing identity-based, unified policy to both humans and machines, this book aims to solve vulnerability and inconvenience in one stroke.

After all, the point of infrastructure access is to let the right people in so they can work together easily.

Who Should Read This Book

As a company grows, infrastructure access becomes more important and more difficult. Secret-based perimeter defenses don’t scale. This book is for anyone facing the challenges of defending an ever-growing infrastructure, whether on-premises, in the cloud, or both. The book is accessible to a reader with a modicum of technical skill and a passing familiarity with IT, networking, and the Linux command line.

Whether you’re an executive, an IT policymaker, or a DevOps engineer, if you have responsibility for helping secure heterogeneous computing infrastructure, this book is for you.

Goals of the Book

The world is changing. Infrastructure will continue to evolve. New tools, platforms, and technologies will spring into use alongside legacy products and services. Securing infrastructure will become more and more crucial, but also more difficult. The old approaches don’t work anymore. Without a basis in proven identity, vulnerabilities and friction inevitably develop, leading to increasing cost and a breakdown in trust.

This book outlines an approach designed to bring trust back, providing chains of trust and chains of proof that reduce vulnerability and human error while making access policies easier to follow. By rebuilding trust, we aim to make it easier for people to work together securely. In fact, security should be something the average user doesn’t have to think about.

About the Author

Ev Kontsevoy is Co-Founder and CEO of Teleport. An engineer by training, Kontsevoy launched Teleport in 2015 to provide other engineers solutions that allow them to quickly access and run any computing resource anywhere on the planet without having to worry about security and compliance issues. A serial entrepreneur, Ev was CEO and co-founder of Mailgun, which he successfully sold to Rackspace. Prior to Mailgun, Ev has had a variety of engineering roles. He holds a BS degree in Mathematics from Siberian Federal University, and has a passion for trains and vintage-film cameras.

Sakshyam Shah is a cybersecurity architect by profession and currently an engineer at Teleport. Besides cybersecurity, he loves to read and write about indie hackers, bootstrapped businesses, and early-stage venture funding.

Peter Conrad is an author, artist, and technical content strategist with experience ranging from consumer electronics and telecommunications to IoT and enterprise software.