Background image

Ask Pam

Pam character winking

I am Pam, your virtual cybersecurity expert.
Ask me anything about the industry best practices for protecting cloud infrastructure!

Try Teleport

Secure Infrastructure Access Management Checklist

Access control for complex cloud environments is both critical and difficult to get right. The primary source of pain is growing complexity: proliferation of different cloud resources and growing diversity of access types.

The checklist below is how you simplify access management by breaking access silos, and dramatically improve engineering productivity.

  1. Consolidated inventory

    Build a live inventory of all computing resources and client devices. This is a prerequisite for building a single access control system for everything in your cloud.

  2. Humans = Machines

    Treat humans and machines the same. Engineers, CI/CD automation, and microservices all need access. The same access control system should enforce policy for all subjects.

  3. Ditch the secrets in favor of true identity

    Secrets such as private keys, API keys, passwords or cookies are vulnerable to phishing. Introduce additional factors such as biometrics for humans, TPMs for client devices, and HSM on servers.

  4. Single source of truth for all permissions

    Maintain a single source of truth for policy. All permissions for all computing resources should be stored in one place, analogous to the single source of truth created by Single Sign-On (SSO) for authentication.

  5. Embrace Zero Trust

    Network perimeter no longer plays a role in security. All connectivity should be consolidated through identity-aware proxies (IAPs) that only permit authenticated and encrypted connections.

  6. Continuous Monitoring

    Consolidate audit and security logs in one place. Invest in threat detection to analyze security events from every service, application, and resource.

Pam character waving
Pam character illustration

Try Teleport today

The easiest and most secure way to access and protect all your infrastructure.

Free 14-day Trial