Episode 112 - GluuFederation/identerati-office-hours GitHub Wiki

Title: Introduce ZSP to support Zero Trust inititatives

Channels

Description

Reducing persistent attack surfaces caused by standing privileges. ZSP ensures no identity has access beyond what's needed in the moment. Extending Zero Trust security beyond authentication to authorization and enforcing least privileged access upon request. ZSP ensures that even in the event of a compromise, the blast radius will be limited if there are no high-risk privileges attached.

Homework

Britive Blogs

Takeaways

  • ⚡ Britive is a modern PAM system that has a lot of out-of-the-box features for cloud infrastructure access control and APIs to integrate other applications. Their approach is to upgrade the entitlements for the actual user performing the action, which is an improvement over granting temporary access to privileged accounts.

  • ⚡ Like any PAM platform, Britive offers operational leverage by giving you a single control plane for multiple systems. One "one-off" is better then five one-offs! But like all PAM systems, it's not a panacea for enterprise access control.

  • ⚡ With a more modern design and a SaaS delivery model, Britive offers more deployment velocity then traditional PAM systems. With proper executive leadership, this means you can show value quickly, especially for cloud platforms where many of the integrations are well trodden (e.g. AWS, GCP, Azure, Oracle cloud).

  • ⚡ Britive provides a mechanism to map enterprise policies to application/cloud capabilities. You could even say Britive can enable our enteprise to implement token based access control ("TBAC"), because you can map claims in tokens to capabilities. This even works for claims about non-human identities, for example, using the aud claim of a token to identify a workload identity.

Livestream Audio Archive

here