Today we are announcing the availability of conditional access policies that work in addition to our core identity-based policies for workload-to-workload access. Additionally, we’re happy to announce that our first integration for conditional access is based on CrowdStrike posture assessment, and this is available on the CrowdStrike marketplace now.
Given the complexity of cloud environments, ensuring the security and integrity of your workloads is paramount. This involves controlling which workloads have access to your sensitive data and resources, and under what conditions.
Traditionally, access control has relied on static methods, like IAM roles and hard-coded secrets, which offer limited flexibility and granularity and can pose security risks.
Enter workload IAM, a robust solution for managing identities and access across your cloud workloads. Workload IAM provides a centralized platform for validating identities, managing access policies, issuing short-lived credentials, and auditing access. This empowers you to enforce least privilege and ensure only authorized workloads have access to specific resources, all in an automated fashion.
However, even with workload IAM, access control can still fall short of enterprise needs. For enterprises moving to Zero Trust for workload access, they need the ability to dynamically adapt to changing circumstances or enforce access based on real-time context. This can protect your workloads from unauthorized access and security breaches, even against the backdrop of changing conditions and more specific access requirements.
Introducing Conditional Access
We are thrilled to announce the availability of conditional access, a revolutionary new feature for workload IAM. Conditional access addresses these limitations by providing a dynamic and adaptable approach to access control.
We’re especially excited to announce this capability in partnership with CrowdStrike, and to link our products in order to provide enterprises with Zero Trust for workloads.
With conditional access, you can define parameters that must be met before access is granted. This criteria can include:
- Time of day: Restrict access to specific times or days.
- Location: Allow access only from authorized locations.
- Device: Limit access to specific devices or configurations.
- Posture: Define access based on specified security requirements.
We’re specifically offering conditional access based on posture with CrowdStrike – and will be expanding these capabilities over time.
Benefits of Conditional Access
- Enhanced Security: Implement granular access control based on pre-defined conditions, significantly reducing the risk of unauthorized access.
- Reduced Risk: Dynamically adapt access based on real-time context, mitigating the impact of potential security threats.
- Improved Compliance: Simplify industry and regulatory requirements by ensuring access adheres to specific mandates and policies.
Getting Started
Implementing conditional access in Aembit consists of just two steps:
1) Define an Access Condition
An access condition allows you to specify a set of parameters that need to be met. In the case of leveraging data from another application or service, the integration details (such as API endpoint or credential) can also be specified. Based on the access condition defined, you may have additional options. For example, with the CrowdStrike integration, you can define whether to restrict access based on ‘Reduced Functionality’ mode.
2) Add Conditional Access to a Policy
Once you’ve defined a condition, you can add it to as many policies as appropriate. This allows you to quickly and easily scale an access condition across your infrastructure and a range of different policies.
Availability
Conditional access with CrowdStrike is generally available. The feature is available within our newly created ‘Enterprise’ tier. Also see our listing on the CrowdStrike Marketplace.
If you’re using our ‘Free Forever’ tier (sign up here), we can enable conditional access for you so you can test it out yourselves.
The Workload IAM Company
Manage Access, Not Secrets
Boost Productivity, Slash DevSecOps Time
No-Code, Centralized Access Management