Delinea, a leading provider of solutions that seamlessly extend Privileged Access Management (PAM), today announced that it has been awarded a patent for Delegated Machine Credentials (DMC), a capability within Server PAM, its solution that provides privileged access to and authorisation for servers. DMC reduces risk and empowers automation for DevOps and DevSecOps teams building applications that require privileged access to and for workloads on cloud and on-premise infrastructure. By delegating entitlements of a specific machine to the workloads running on it, there is a significant reduction of service accounts needed, thus reducing the attack surface and improving the agility of development teams.
According to GitHub, 1 in 10 software authors exposed a secret in their repository in 2022, 67% of those are considered generic secrets like username and password. The use of hard-coded credentials is easier for developers who are under pressure to deliver code quickly, but it presents a significant risk for the organisation. A mechanism that allows developers to use fewer service accounts when connecting application layers supports their need for agility and avoids the need for hard coding credentials. The patented DMC capability makes this even more secure by utilising the federated authentication and trust already established with the machine and extending that trust to the workloads that need to be connected in the application.
Simplified privileged access in code using machine federation
For organisations looking for an alternative to a vault-centric approach already addressed by Delinea DevOps Secrets Vault, customers can streamline privilege controls on their infrastructure while providing secure and efficient machine access using Delegated Machine Credentials in the Server PAM solution.
When a machine is first enrolled in Server PAM, a client is installed on that machine and, as part of enrollment, the machine is automatically given a unique identity with roles, rights, and entitlements. With DMC, this trust relationship can be assigned to any of the authorised applications, services, containers, or other workloads running on that machine. The machine has binding trust through Server PAM which in turn is delegated to workloads, effectively reducing the number of service accounts needed from one per workload to one automatically managed per machine. When developers use these service accounts to connect components of an application, a federation token is provided rather than a static credential, leaving nothing in the code that can be compromised. Utilising the same privileged access policies for the workloads that are already applied to the machine ensures that manual Privileged Access Management tasks are minimised for DevOps teams.
Using a client-based approach and leveraging a cloud-first architecture, the Delegated Machine Credentials capability solves a headache for DevOps teams by federating access for machine identities. By streamlining infrastructure operations, drastically reducing the number of service accounts that could be used as a vulnerability, and supporting agility, practically all the privileged access requirements are fulfilled for DevSecOps teams.
Also Read: Busting the Top Cybersecurity Myths: Insights for CISOs
“We’re very pleased to see Delinea’s innovation recognised with this new US patent for Delegated Machine Credentials,” said David McNeely, Chief Technology Officer at Delinea. “This approach drastically simplifies workload authentication versus traditional application-to-application password management (AAPM) approaches. Those have been more of a band-aid that took embedded credentials out of code but then required the creation of hundreds or thousands of new service accounts in the vault. Our commitment to seamless privileged access and making usable cybersecurity is what drives us to evolve Privileged Access Management.”
By capitalising on machine trust and eliminating the need for extensive service account use, Delegated Machine Credentials empowers developers and security teams with both reliable and efficient AAPM capabilities to effectively secure IT environments while reducing service account privilege sprawl.
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
