BrainBlog for Teleport by Jason Bloomberg
Does your corporate network treat users on VPNs as trusted regardless of who they are?
Does your web server connect to its database as a fictitious user with a password in a config file somewhere?
Or perhaps the most frightening scenario: did your platform engineer log in as root to configure your CI/CD pipeline toolchain?
These three situations are all examples of anonymous users – someone taking action somewhere on your network or in one of your cloud accounts without identifying themselves.
In each case, such anonymity presents a massive hole in your threat surface: a hole that attackers are actively exploiting.
Locking down such vulnerabilities, however, is more difficult than it sounds.
Each situation results from someone trying to get some work done. Introducing a security measure that prevents people from doing what they need to do is a non-starter.
What organizations require is a comprehensive approach to eliminating the risks of anonymous computing that doesn’t interfere with anyone’s work.
The key to that approach? Rethinking how your organization handles identity.
Click here to read the entire article.
