温馨提示:本站仅提供公开网络链接索引服务,不存储、不篡改任何第三方内容,所有内容版权归原作者所有
AI智能索引来源:http://www.ssh.com/blog/secure-privileged-access-to-containers-with-privx20
点击访问原文链接

Running privileged access management in containers with PrivX 20

进入原网站 导航首页
Running privileged access management in containers with PrivX 20 About us Investors Partners Careers Solutions SOLUTIONS Zero Trust Suite Quantum-Safe Cryptography (QSC) SalaX Secure Collaboration Security Risk Assessment, Quantification & Mitigation By Topic Just-in-Time Access Secure vendor access Credentials & Secrets Management Hybrid & multi-cloud access management Interactive tour: Privileged Access in the Cloud M2M connections IT Audits & Compliance Secure file transfer By Industry Managed Service Providers (MSP) Operational Technology (OT) Federal Government Security Products SECURE ACCESS & SECRETS MANAGEMENT SECURE FILE TRANSFER & ENCRYPTION NQX™ quantum-ready encryption Tectia™ SSH Client/Server Tectia™ z/OS SalaX Secure Collaboration Secure Mail 2024 Secure Messaging 2024 SalaX Secure Collaboration Solutions SOLUTIONS PrivX Zero Trust Suite SalaX Secure Collaboration Strong ID-based access with Entra ID & Zero Trust Suite Quantum-Safe Cryptography (QSC) Security Risk Assessment, Quantification & Mitigation Device trust & access and identity verification Identity-based authentication & converged IAM and PAM TOPICS Just-in-Time Access Secure vendor access Credentials & Secrets Management Hybrid & Multi-Cloud Access Management Interactive tour: Privileged Access in the Cloud M2M Connections Management IT Audits & Compliance Secure File Transfer INDUSTRIES Managed Service Providers (MSP) Operational Technology (OT) Federal Government Security Healthcare Data Security OT Security IT/OT convergence of data & systems Zero Trust Access and ZSP Workflow approvals Secure remote access  Secure patch management  OT Compliance Discovery and threat intelligence Phishing-resistant MFA & device trust Products SalaX SECURE COLLABORATION Secure Mail Secure Messaging Secure Sign SalaX Secure Collaboration FQX File Encryptor SECURE ACCESS & SECRETS MANAGEMENT PrivX™ PAM PrivX™ OT Edition PrivX Key Manager SECURE FILE TRANSFER & ENCRYPTION Tectia™ SSH Server Tectia™ SSH Server for IBM z/OS PrivX Desktop NQX™ quantum-safe encryption Services SSH Risk Assessment™ Professional Services Support Contact us Customer cases PrivX Zero Trust PAM Enterprise Key Management UKM Tectia SFTP for servers & mainframes SSH Secure Collaboration Resources SSH Academy Content library Blog References Press releases Downloads Manuals Events & Webinars Media Legal Report a vulnerability Solutions SOLUTIONS PrivX Zero Trust Suite SalaX Secure Collaboration Strong ID-based access with Entra ID & Zero Trust Suite Quantum-Safe Cryptography (QSC) Security Risk Assessment, Quantification & Mitigation Device trust & access and identity verification Identity-based authentication & converged IAM and PAM TOPICS Just-in-Time Access Secure vendor access Credentials & Secrets Management Hybrid & Multi-Cloud Access Management Interactive tour: Privileged Access in the Cloud M2M Connections Management IT Audits & Compliance Secure File Transfer INDUSTRIES Managed Service Providers (MSP) Operational Technology (OT) Federal Government Security Healthcare Data Security OT Security IT/OT convergence of data & systems Zero Trust Access and ZSP Workflow approvals Secure remote access  Secure patch management  OT Compliance Discovery and threat intelligence Phishing-resistant MFA & device trust Products SalaX SECURE COLLABORATION Secure Mail Secure Messaging Secure Sign SalaX Secure Collaboration FQX File Encryptor SECURE ACCESS & SECRETS MANAGEMENT PrivX™ PAM PrivX™ OT Edition PrivX Key Manager SECURE FILE TRANSFER & ENCRYPTION Tectia™ SSH Server Tectia™ SSH Server for IBM z/OS PrivX Desktop NQX™ quantum-safe encryption Services SSH Risk Assessment™ Professional Services Support Contact us Customer cases PrivX Zero Trust PAM Enterprise Key Management UKM Tectia SFTP for servers & mainframes SSH Secure Collaboration Resources SSH Academy Content library Blog References Press releases Downloads Manuals Events & Webinars Media Legal Report a vulnerability About us Investors Partners Careers December 18, 2021 Running privileged access management in containers with PrivX 20 Written by: Esa Tornikoski TL;DR; PrivX 20 can now be deployed in containers orchestrated by Kubernetes, OIDC login support for native SSH clients and the option to launch our Zero Trust Universal SSH Key Manager from PrivX for future proof enterprise SSH key management.

Containers have been around since 2013. Even though the technology itself is eight years old, it is still considered to be relatively modern and even futuristic by many companies, and therefore its large-scale use has been rather limited.
But as often is the case, a shift to something new is first gradual until it gains momentum.

We at SSH launched our container support for our Zero Trust and just-in-time (JIT) privileged access management (PAM) solution PrivX two years ago at RSA. Since then, we have been developing the technology further together with our key customers.

Now, the first Kubernetes implementations are being deployed in customer environments, and we announced our first “container-first” privileged access management (PAM) deal just recently

Companies at the cutting edge of technology are serious about securing their Kubernetes-orchestrated environments. Learn more about why a Fortune 500 company decided to implement our container-friendly PAM solution to secure their SSH connections to container environments.

PrivX 20 and secure Kubernetes orchestration Building a solution that not only solves the problems that exist today but is also future-proof takes some first-mover courage. And now, there’s growing interest for solutions that allow customers to not only solve their current privileged access management (PAM) challenges, but migrate from legacy to the future at their own pace.

Companies who are already running their applications and services in containers orchestrated by Kubernetes, or are planning to make the move in the future, can really benefit from the new deployment model of PrivX.

Running PrivX on Kubernetes takes full advantage of the PAM solution’s modern microservices architecture. Case in point: service-specific scalability can be done based on the load. For example, if there is a sudden spike in the number of concurrent SSH sessions needed, you only need to scale up the PrivX SSH proxies, instead of entire instances. The same logic applies to all other PrivX microservices.

Since PrivX saves resources by scaling up only the services needed at a particular time, it has a direct link to reducing costs. In an environment with thousands of users and thousands of dynamic hosts, these resource and cost savings are significant. No need to buy extra hardware or processing power to secure your environment. Instead, you can optimize the use of existing resources to the maximum with a containerized approach while still maintaining the required redudancy levels.
On-prem, cloud or hybrid: choose your deployment Auto-scaling of PrivX instances has been available for cloud deployments (AWS, Azure, GCP) for a while, but with PrivX 20, this feature is now possible on your own hardware. The result is that high availability (HA) environments are easier to setup. With PrivX 20 you can run your container estate in the cloud, on-premises or as hybrid, since you still get the same level of performance and automation in both worlds.

Some generic benefits of running applications and services on Kubernetes apply to PrivX:

Easy maintenance Monitoring and access management on the Kubernetes level Security isolation, immutabilty (learn more about access management and immutable infrastructure here) Self-healing environments and resiliency Running PrivX in container environments takes the already future proof solution to the next level. Since we don’t live in an ideal world, we understand that the customer environments host technologies at various stages of maturity. That is why the array of supported technologies in PrivX range all the way from legacy on-prem installations to cloud services to modern containers. 

Passwordless, keyless and just-in-time access aligning with Zero Trust PrivX builds you a path to passwordless, just-in-time (JIT) and Zero Trust access. Simply put it means that your privileged users never handle or see any secrets when establishing a connection. In fact, the connection is made using short-lived, ephemeral certificates that are created just-in time at the time of the connection. They contain all the secrets needed for the session (like passwords), but after the connection is made, the certificates expire automatically.

This means that there are no credentials, passwords, keys or secrets to manage, lose or misuse! Furthermore, this approach radically reduces the overhead of managing secrets, since there are less of them to manage. With thousands of users and thousands of dynamic servers, the reduction in processing power is radical.

Since a new session is verified in a similar fashion every time, PrivX aligns perfectly with Zero Trust, since no one has permanent access to the environment.

Environments very in their technological maturity level. This is why PrivX comes equipped with a secrets vaultfor those contexts where passwordless authentication  is not possible but you still need to vault secrets. 

PrivX simply is your trusted and centralized gatekeeper to manage access to legacy and future-driven apps.

OIDC login support for native SSH clients We highly recommend using browsers to make SSH connections, but in some cases there is a need to use native clients. That is why the support for native clients has been in PrivX for years.

In PrivX 11 we introduced the feature to use the bastion syntax for making SSH connections through PrivX. PrivX 18 made it possible to use native clients without a need to make any changes to existing commands or scripts (no need to use bastion syntax).

Now we bring the Open ID Connect (OIDC) to the fold. With PrivX 20, it is possible to do a browser based OIDC login and then use authorized keys to log in to the SSH-bastion.

Zero Trust PrivX Key Manager and PrivX - better together You might have noticed that we have aligned our entire solution portfolio with the Zero Trust and Just-in-Time frameworks. In release 20, it is possible to launch our enterprise key management solution - Universal SSH Key Manager- directly from the PrivX UI.

Our classic PrivX Key Manager solution allows customers to take control of their large SSH key estates by discovering rogue keys and providing a complete view of how their keys are used. Customers can identify policy or compliance violating keys, find those that grant access from test to production or are still used by that 3rd party consultant who left the project two years ago – and then remedy the situation.

This solution is largely used by heavily-regulated and audited Fortune 500 companies with large, legacy key estates. 

Zero Trust key management with just-in-time access Our PrivX Key Manager Zero Trust solutionnot only allows customers to manage keys, but significantly reduce the number of keys they need to manage in the first place. In this model, an SSH connection is no longer established using keys but with ephemeral certificates that are created just-in-time (JIT)and that contain the key secrets needed for the connection. If this sounds familiar, it's because I explained it just a few sections before!

So why to bring certificate-based authentication to key management?

Think about the reduction in the management overhead in key estates that encompass tens or hundreds of thousands of keys and servers. With Fortune 500 companies, this is often the case. Even with the best solution on the market, we are talking about rotating thousands of keys per day!

When you gradually start moving to ephemeral access, you simply decrease the size and complexity of the risk you are trying to manage in the first place. It really boils down to the question: would you rather manage thousands of secrets by using more and more resources or manage less without the need to add resources?

With the combined Just-in-Time Zero Trust solution of PrivX Key Manager and PrivX, you have a lot of bases covered: you manage, secure and vault those secrets (keys, API tokens, passwords, etc) that you still have to while you gradually start to migrate to a keyless and passwordless world. That's where the futureis heading anyway.



PS. The PrivX project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 881221.

Tag(s): Privileged Access Management , PrivX Esa Tornikoski Esa Tornikoski is Product Manager for PrivX and Crypto Auditor products. Esa joined SSH late 2017. Prior SSH he has been working in Product management roles at Telecom and IT security companies (Elisa, F-Secure and Siemens). He has a Master of Science degree in Computer Science from Lappeenranta University of...

Other posts you might be interested in Privileged Access Management 10 min read | May 17, 2024 Overcoming Implementation Challenges in Privileged Access Management: A Step-by-Step Guide Read More Zero Trust 12 min read | January 9, 2020 Cool PAM with great auditing and easy access to IT assets in the cloud Read More Privileged Access Management 13 min read | May 17, 2024 How to do a Privileged Access Management Audit? Read More Subscribe to email updates SSH is a leading defensive cybersecurity company that secures communications between humans, systems, and networks. We specialize in Zero Trust Privileged Access Controls and Quantum Safe Network Security. Our customers include a diverse range of enterprises, from multiple Fortune 500 companies to SMBs across various sectors such as Finance, Retail, Technology, Industrial, Healthcare, and Government. 25% of Fortune 100 companies rely on SSH’s solutions. Recent strategic focus has expanded SSH business to Defence, Critical Infrastructure Operators, Manufacturing OT Security and Public Safety.

Leonardo S.p.A invests 20.0 million EUR in SSH, becoming the largest shareholder of the company. SSH solutions form a Center of Excellence for Zero Trust privileged access management and quantum-safe network encryption in Leonardo - a global industrial group that creates multi-domain technological capabilities in the Aerospace, Defence and Security sector with 17.8 billion EUR revenue in 2024. SSH company’s shares (SSH1V) are listed on Nasdaq Helsinki.

 

Solutions Zero Trust Suite Zero Trust Suite & Entra ID Integration Quantum-Safe Cryptography (QSC) SalaX Secure Collaboration Security Risk Mitigation OT security MSP Security Device Trust Monitoring & Threat Intelligence Credentials & Secrets Management IT Audits & Compliance Products PrivX™ Hybrid PAM PrivX Key Manager Tectia SSH Client/Server™ Tectia™ z/OS Secure Messaging Secure Mail Secure Sign NQX™ Quantum-Safe Services SSH Risk Assessment™ Professional Services Support Resources Careers References Downloads Manuals Events & Webinars Blog Company About us Contact Investors Partners Press Stay on top of the latest in cybersecurity Be the first to know about SSH’s new solutions, product updates, new features, and other SSH news!

Thanks for submitting the form. © Copyright SSH • 2025 • Legal

智能索引记录