Teleport released Teleport 10, the latest version of its Teleport Access Plane offering. Teleport 10 features passwordless access, a single sign-on infrastructure access solution that eliminates the need for usernames, passwords, private keys, and other secrets.
Integrating secure biometric solutions such as TouchID, Windows Hello, Yubikey BIO, and other biometric hardware, Teleport 10 offers scalable identity-based access while reducing the probability of lost, shared or stolen credentials. Teleport Passwordless Access is based on the Fast Identity Online (FIDO) Alliance WebAuthn standard of biometrics solutions and provides not only security but also user experience.
Teleport recently joined the Alliance and this product release aims to extend FIDO’s mission of making biometric passwordless authentication the standard across all infrastructure.
According to the Verizon Business 2022 Data Breach Investigations Report, the most common causes of data breaches are traced to human error, such as stolen, lost, or misconfigured passwords. By replacing secrets like passwords and keys with biometrics that cannot be duplicated, lost, stolen, or sold, Teleport 10 eliminates the probability of stolen credentials being used in an attack.
“Stolen credentials are the number one cause of data breaches. Once bad actors gain access to an organization’s infrastructure, they can then pivot within the system and access as much sensitive information as possible,” said Alan Goode, CEO & Chief Analyst at Goode Intelligence. “Teleport 10 disrupts this common pattern with biometric identity-based access management that supports FIDO authentication standards – a first for infrastructure settings. Any enterprise can benefit directly from this transition to a new access paradigm.”
“Identity is not something you possess like a password or key, it is what you are. Passwords, usernames, private keys and even browser cookies can be copied, lost, or stolen. That’s not the case with biometrics read using specialized hardware. Those cannot be copied and uploaded anywhere,” said Ev Kontsevoy, CEO and co-founder, Teleport. “Increasingly, companies are realizing the need for an access management solution that doesn’t rely on secrets. Teleport 10 represents the beginning of an industry-wide shift toward biometric-based access management, which establishes an inalienable identity for every engineer within an enterprise’s infrastructure.”
Simplified access — No secrets
Teleport 10 enables single sign-on to any infrastructure resource without passwords, usernames or other digital secrets like SSH keys. By authenticating with a physical attribute such as a fingerprint, users can gain access to protected resources like Linux or Windows servers, databases, Kubernetes clusters, and internal private applications. Biometric attributes read using specialized hardware create a single identity which cannot be shared, lost or stolen.
In addition to Passwordless Access, Teleport 10 includes several new key features:
- Just-in-time access requests: Because of the risks associated with credential misuse, organizations are moving to a model of zero standing privileges where users do not have access by default. However, this can complicate the process of getting access when needed. New in Teleport 10, Just-in-time resource access requests allow an engineer to request access to one or more individual resources when they need it and have the request approved automatically based on policy or via modern tools like Slack or Jira, making it possible to implement zero standing privileges without impacting productivity.
- More Machine ID use cases: Teleport Machine ID delivers identity-based access and audit for engineers and the applications they write. By consolidating credentials, Teleport reduces the risk of compromised infrastructure being used in an attack. By expanding Machine ID support for Kubernetes clusters and databases, Teleport 10 protects resources from unauthorized access by microservices and other applications that may have been compromised.
- Additional supported databases: Teleport 10 adds support for five additional databases to the already long list of supported offerings: Snowflake, Elasticsearch, Cassandra, Amazon Elasticache, and Amazon MemoryDB. Now customers can protect access to their mission critical data stores and monitor access including what queries are being run and by who.
A popular database used by Teleport customers is CockroachDB. Cockroach Labs had this to say about Teleport: “By integrating Teleport with CockroachDB and leveraging their Zero Trust model for managing database access, DBAs are able to scale their environments without diminishing security,” said Jeff Miller, chief revenue officer at Cockroach Labs. “With Teleport 10’s new Passwordless Access feature, a customer’s security posture may be more enhanced by reducing reliance on usernames and passwords.”
- Global scale deployments: As Teleport protects more engineers and applications, customers can achieve unprecedented scale with their Teleport deployment. Teleport Proxy Peering allows customers to reduce network congestion and latency for large-scale Teleport deployments of more than 15,000 nodes, so engineering teams can securely access global resources without impacting productivity.