Day Two Cloud 172: Lock Down Access With Zero Standing Privilege (Sponsored)
The Everything Feed - All Packet Pushers Pods - A podcast by Packet Pushers
Categories:
Welcome to Day Two Cloud! In today’s sponsored episode, strongDM is back. In case you’ve forgotten, strongDM bills themselves as the “Infrastructure Access Platform”–a tool that gives your ops folks secure access they need to the infrastructure they manage no matter where they are, and all without a VPN. You can get as granular with the access as you like, and everything can be logged. On today’s episode, we’re talking once again with Britt Crawford, Director of Product. Britt’s going to talk through the idea of “zero standing privilege”. Zero standing privilege is an evolution of credentials management. Let’s say you start with the simplest always-on usernames and passwords, move from there to privileged access that provides tighter controls, and then get to just-in-time accounts where credentials don’t live forever. What’s beyond that? Zero standing privilege. Britt explains the big ideas here, and then we’ll tease out the nerdy details. We discuss: * Changing models of access control and credential management * StrongDM’s definition of zero standing privilege * Use cases for this approach—widespread or limited to the riskiest/most sensitive systems? * Attack vectors against zero standing privilege * Operational implications of the zero standing privilege approach * What happens if something breaks * More Show Links: strongDM Blog @strongdm – strongDM on Twitter Day Two Cloud 134: Simplifying Infrastructure Access With StrongDM (Sponsored) – Packet Pushers Day Two Cloud 152: How To Right-Size Access With strongDM (Sponsored) – Packet Pushers Transcript: [00:00:09.540] – Ethan Welcome to day two. Cloud. And in today’s sponsored episode, StrongDM is back. In case you’ve forgotten, StrongDM builds themselves as the infrastructure access platform, a tool that gives your Ops folks secure access they need to the infrastructure they manage no matter where they are. And all without a VPN. You can get as granular with the access as you like and everything can be logged. Listen to day two cloud episodes 134 and 152. If you want a StrongDM refresher on today’s episode, we are talking once again with Britt Crawford, director of Product at StrongDM. Britt’s going to talk Ned and me through the idea of zerostanding privilege, zero standing. Privilege is an evolution of credentials management. Let’s say you start with the simplest always on usernames and passwords, right? We’ve all done that. You move from there to some sort of privileged access that provides tighter controls, and then you get to just in time accounts where credentials don’t live forever. And well, what’s beyond that? Zerostanding privilege. And I’m going to let Britt explain the big ideas here. And then Ned and I are going to do our usual job of teasing out the nerdy details. [00:01:10.450] – Ethan Britt. Welcome back to day two. Cloud. And to set this discussion up, Brit, I think you got to walk us through the evolution of the security model that I was hinting at there, starting with the basics of Kubernetes and passwords. So walk us through this evolution. [00:01:24.260] – Britt Thanks for having me back. Yeah. So at StrongDM, we’ve kind of taken some of the best practice around security and sort of the evolution of that thinking and solidified it into w...