We’ve expanded to support VM-based workloads. Read about it!


Aembit Overview January 2023

Video and transcript of a presentation and overview of Aembit (January 2023). Aembit helps customers manage, enforce, and audit access between workloads.
Aembit Overview header image with aembit architecture

Aembit Overview Video Transcript

Hi, I’m David Goldschlag, the co-founder of Aembit.

Aembit is Identity and Access Management for Workloads. Workloads are any type of application or service. Aembit secures access between workloads. 

With the rise of APIs, applications today are highly distributed. Workloads run on multiple clouds, and the workloads access databases, APIs, SaaS, and also partners.

It is critical to secure access between these components. We’ve learned from user access that if you don’t do authentication correctly, other security measures don’t matter.

Securing access today is mainly done using secrets, and secrets are causing a lot of pain and risk. Aembit lets you manage access, not secrets.

Aembit makes secure access fit into the modern DevOps model. Aembit lets DevOps manage access, and Aembit fully automates the life cycle of secrets. Aembit lets Security define patterns and audit access, and Aembit makes authentication transparent for Developers.

How does Aembit work?

Aembit is the control plane for access management. When a workload wants to access the service, the workload reaches to Aembit. Aembit authenticates the workload, then checks the access policy and then issues the credential. Your application traffic doesn’t travel over Aembit’s network. Aembit also logs all access and access attempts as events for analytics and audit, and alerting.

Aembit service has two-sided Federation. Aembit federates with the workloads’ environment to use attestation for secret-less workload identity. This means that you get identity from the environment instead of needing to add one more secret to the workload.

Aembit also federates with the service and its environment to get credentials using Aembit’s credential provider. And Aembit makes auth transparent for developers through pre-built integrations. This means that developers can build the logic in the apps and not worry about auth. Aembit takes care of auth for them. 

Here’s an example of a deployed Aembit Design Partner. The design partner is multi-cloud. They use AWS and Azure. They build custom applications. This design partner has 40 custom applications. Those
applications access lots of services like databases and APIs, both native and behind Apigee, they also use Salesforce as a customer database, and they have partners that need to access their APIs.

They solve the secure access problem today using secrets. The data owner decides that access is permitted and gives the developer a secret. The secret may be emailed and then copied and pasted. The developer may put the secret in a vault or may not – it’s all very manual.

Aembit makes secure access easier and more secure by giving the data owner a place to set access policies and automatically granting the client application the credential dynamically when the authorized application needs it. 

We find that the manual process is common at many companies. Aembit gives the company a platform to manage access policies, and the management of secrets recedes into the plumbing.

Aembit is the solution for secure access for federated applications.

I’m looking forward to following up to learn how Aembit can help you secure your applications.

You might also like

In the span of a few weeks, three leading tech authorities published findings on non-human identity security challenges. What does...
Our latest update enables secure, seamless connectivity for workloads across cloud and Kubernetes, without trust domain restrictions....
OAuth 2.0 has emerged as a de facto standard for secure authentication. Here is a step-by-step tutorial for configuring it...