Ask Pam
I am Pam, your virtual cybersecurity expert.
Ask me anything about the industry best practices for protecting cloud infrastructure!
Secure Infrastructure Access Management Checklist
Access control for complex cloud environments is both critical and difficult to get right. The primary source of pain is growing complexity: proliferation of different cloud resources and growing diversity of access types.
The checklist below is how you simplify access management by breaking access silos, and dramatically improve engineering productivity.
- Consolidated inventory
Build a live inventory of all computing resources and client devices. This is a prerequisite for building a single access control system for everything in your cloud.
- Humans = Machines
Treat humans and machines the same. Engineers, CI/CD automation, and microservices all need access. The same access control system should enforce policy for all subjects.
- Ditch the secrets in favor of true identity
Secrets such as private keys, API keys, passwords or cookies are vulnerable to phishing. Introduce additional factors such as biometrics for humans, TPMs for client devices, and HSM on servers.
- Single source of truth for all permissions
Maintain a single source of truth for policy. All permissions for all computing resources should be stored in one place, analogous to the single source of truth created by Single Sign-On (SSO) for authentication.
- Embrace Zero Trust
Network perimeter no longer plays a role in security. All connectivity should be consolidated through identity-aware proxies (IAPs) that only permit authenticated and encrypted connections.
- Continuous Monitoring
Consolidate audit and security logs in one place. Invest in threat detection to analyze security events from every service, application, and resource.
Try Teleport today
The easiest and most secure way to access and protect all your infrastructure.
Free 14-day Trial