Securing identity and access for on-prem + cloud native infrastructure is within reach!
We understand that every business has a unique technology stack and architecture. Some companies operate entirely on-premise due to stringent security or regulatory needs. Some companies have gone through digital transformation and are on the journey of adopting SaaS and cloud infrastructure. Some companies are multi-cloud. Some companies have on-prem directories and cloud directories. Some companies (usually those started in the last few years) are cloud-native: using only SaaS and public cloud.
One thing is clear, many companies live in a hybrid world where they have adopted cloud but still manage some infrastructure or directories. These hybrid architectures pose numerous challenges. IT and security teams must deal with multiple identity “sources of truth” e.g. HR systems, on-prem directory, LDAP, cloud directories, and so forth. This can make building an inventory of identities challenging. Furthermore, mapping those identities to account ownership and understanding access rights and permissions can feel out of reach. Provisioning identities and permissions, if not orchestrated properly across systems, can leave orphaned accounts that pose a security risk. Proactively identifying and remediating identity centric threats is extremely challenging, yet crucial to preventing identity based breaches. Relevantly, you can’t protect what you can’t see.
Announcing our hybrid infrastructure support
We’re thrilled to announce hybrid infrastructure support. With our new connectors for LDAP, Postgres, MySQL, MS SQL, on-prem Active Directory (and more!) , connecting to all of your self hosted native infrastructure is now possible. With our Baton SDK, you can also connect to homegrown or back office support portals. And, these connectors can be hosted with full capabilities to ingest identities and permissions and make access changes, from within your infrastructure, without having to modify ingress or firewall rules.
On-Prem Directories
Active Directory and LDAP are still very commonly used in many organizations. These directories store user information and enforce authorization for downstream and connected systems via group memberships. Given the sensitivity of these directories, they tend to be very protected. Access control is locked down and they are firewalled off to prevent mis-use.
We’re pleased to announce our LDAP and Active Directory connectors to support these directories. These connectors can be deployed alongside your directories to provide complete visibility into users and access rights and automate identity workflows such as UARs and provisioning.
Databases
In addition to supporting on-prem directories, we’re also launching connectors for database tools such as MS SQL Server, Postgres, and MySQL. These databases have complex, local permissions models that can make it very difficult to understand identity and permissions. As with on-prem directories, they store your most sensitive company information: customer and application data. Similarly to our directories support, with these new connectors, ConductorOne can provide an inventory of identities and permissions in these systems, and orchestrate identity workflows such as UARs and provisioning.
Deployment Options
All of this is possible due to our flexible connector deployment model. The ConductorOne platform is agentless for connecting to cloud infrastructure and SaaS tools. Baton Connectors provide added deployment flexibility for connecting to hosted or on-prem infrastructure through a container based deployment model that can run alongside your infrastructure. This provides several advantages:
- Key residency: ConductorOne has no access to the credentials used to authenticate to the connected system.
- Continuous and On-demand operating modes: connectors can be executed on demand or run in service mode (i.e. continuously operating). The latter provides continual, real-time identity security.
- Self hosting: Connectors are run as containers within your on-prem or private/public cloud infrastructure. This allows ConductorOne to protect assets that would otherwise be out of reach for a cloud platform.
What’s next
We recognize that identity and access control is complicated and messy. With this launch, we’re delighted to help companies secure all of their apps and infrastructure with the benefits of a centralized cloud platform that can connect to on-prem or private cloud directories and tooling. No matter where you are on your digital transformation journey, you can secure identity for your most precious assets with ConductorOne.
Follow us on LinkedIn to stay up to date with the latest launches and updates!