In a recent announcement, Banyan Security unveiled new features for its Zero Trust Remote Access Platform, which reportedly are designed to help engineers and software developers access critical engineering resources and environments. Banyan’s platform provides access to resources like the Kubernetes API server, development environments, Linux and Windows servers, web applications, IaaS, and SaaS resources.
Banyan says its real-time authorization provides the ability to revoke access mid-session based on the Banyan TrustScore which continuously reflects the user’s security posture, accounting for user privilege changes, or their devices being compromised.
“Engineers access the company’s crown jewels on a regular basis, and that makes them a prime target for hackers,” said Jayanth Gummaraju, co-founder and CEO, Banyan Security. “In a single day engineers or contractors with different privileges might have to access everything from internal servers to AWS or Azure to Kubernetes to GitHub. It’s an incredibly complex security problem to manage access for multiple personas to each resource and it requires a much more nuanced solution than VPNs to keep them safe.”
Engineering departments including software developers, DevOps, and customer success engineers need access to test, staging, and production environments, as well as access to remote servers and databases. Companies have to provide fast and differentiated access to each user based on which resource they’re accessing, their level of privilege, and the device they’re using to access. These resources often include sensitive data such as PII, security keys, and source code, as well as provide critical infrastructure for the company. Known VPN vulnerabilities along with a poor user experience have created a need for alternate methods of access to these valuable resources.
“The type of access each team needs is quite different. Perhaps your SRE needs access to production environments to see why a load balancer is misbehaving, but does the on-call developer supporting them need access? The DevOps team wants access to the build and development tools, such as the git and build servers, plus cloud environments, but should they have full access to production? Each access decision requires discussion and design. What was previously one size fits all now works for none,” said Colin Rand, VP of engineering, Banyan Security.
Ken Briodagh is a storyteller, writer and editor with about two decades of experience under his belt. He is in love with technology and if he had his druthers would beta test everything from shoe phones to flying cars.
Edited by Ken Briodagh