How do you secure human-to-machine access? This is a problem that is solved and yet not solved. At scale, granting humans access to a VM, a database, a container, or a remote system remains difficult. Let us try to understand this in greater depth.
VPNs, jump servers/bastion hosts, firewalls, and other security measures have traditionally been used to secure human-to-machine access. Each step in this traditional workflow has multiple issues.
- Starting with VPN, the onboarding and offboarding of users to VPN is a cumbersome workflow. Managing routing, access lists, and so on is difficult. Offboarding users is also difficult.
- Trust but verify architecture means that malicious internal actors or compromised accounts have complete network access.
- Furthermore, if the credentials used to connect to the VPN or SSH host are lost or stolen, an adversary could gain access to the entire network.
- The entire network serves as the attack surface, with a massive blast radius.
- To restrict the user’s access to specific resources, a network firewall is required. They typically operate based on IP addresses and…
