Aembit Earns Prestigious Runner-Up Spot at RSA Innovation Sandbox Contest! Watch the Announcement

RSAC™ Innovation Sandbox FINALIST 2024 banner
Aembit wins the 2024 RSA Conference Innovation Sandbox contest! Read the news
RSAC™ Innovation Sandbox FINALIST 2024 banner
Aembit is an RSA Conference Innovation Sandbox finalist! Read the news
Blog

Aembit Overview January 2023

Video and transcript of a presentation and overview of Aembit (January 2023). Aembit helps customers manage, enforce, and audit access between workloads.
Aembit Overview header image with aembit architecture

Aembit Overview Video Transcript

Hi, I’m David Goldschlag, the co-founder of Aembit.

Aembit is Identity and Access Management for Workloads. Workloads are any type of application or service. Aembit secures access between workloads. 

With the rise of APIs, applications today are highly distributed. Workloads run on multiple clouds, and the workloads access databases, APIs, SaaS, and also partners.

It is critical to secure access between these components. We’ve learned from user access that if you don’t do authentication correctly, other security measures don’t matter.

Securing access today is mainly done using secrets, and secrets are causing a lot of pain and risk. Aembit lets you manage access, not secrets.

Aembit makes secure access fit into the modern DevOps model. Aembit lets DevOps manage access, and Aembit fully automates the life cycle of secrets. Aembit lets Security define patterns and audit access, and Aembit makes authentication transparent for Developers.

How does Aembit work?

Aembit is the control plane for access management. When a workload wants to access the service, the workload reaches to Aembit. Aembit authenticates the workload, then checks the access policy and then issues the credential. Your application traffic doesn’t travel over Aembit’s network. Aembit also logs all access and access attempts as events for analytics and audit, and alerting.

Aembit service has two-sided Federation. Aembit federates with the workloads’ environment to use attestation for secret-less workload identity. This means that you get identity from the environment instead of needing to add one more secret to the workload.

Aembit also federates with the service and its environment to get credentials using Aembit’s credential provider. And Aembit makes auth transparent for developers through pre-built integrations. This means that developers can build the logic in the apps and not worry about auth. Aembit takes care of auth for them. 

Here’s an example of a deployed Aembit Design Partner. The design partner is multi-cloud. They use AWS and Azure. They build custom applications. This design partner has 40 custom applications. Those
applications access lots of services like databases and APIs, both native and behind Apigee, they also use Salesforce as a customer database, and they have partners that need to access their APIs.

They solve the secure access problem today using secrets. The data owner decides that access is permitted and gives the developer a secret. The secret may be emailed and then copied and pasted. The developer may put the secret in a vault or may not – it’s all very manual.

Aembit makes secure access easier and more secure by giving the data owner a place to set access policies and automatically granting the client application the credential dynamically when the authorized application needs it. 

We find that the manual process is common at many companies. Aembit gives the company a platform to manage access policies, and the management of secrets recedes into the plumbing.

Aembit is the solution for secure access for federated applications.

I’m looking forward to following up to learn how Aembit can help you secure your applications.

You might also like

Modern software development accelerates progress but introduces security risks that must be managed to protect organizational integrity and reputation.
As the demand for API access continues to grow, so does the urgency of adopting more secure authentication methods.
A string of recent compromises involving non-human identity credentials are putting organizations on high alert. Here's what you can do about it.