Scytale EnterpriseService Identity Platform for the Cloud Native Enterprise

Scytale Enterprise provides a web-scale, unified service identity platform that enables security and infrastructure engineering teams to stan-dardize, scale, and accelerate service to service authentication across cloud, container-based, and on-premise platforms. Unlike other approach-es, Scytale Enterprise allows you to issue and broker scalable, cryptographic, platform agnostic identities based on open standards. As a result,

it enables you to boost security operations and developer productivity, reduce application on-boarding times, accelerate cloud or container adoption while strengthening your overall security posture.

CHALLENGE

Modern enterprise applications are increasingly being built upon interconnected software services that are often managed by different lines of business. These services are deployed on platforms that often include capabilities like cloud hosting, elastic scaling, and container orchestration. The recent explosion in both the number of services and underlying platforms creates substantial service-to-service authentication challenges.

Security products such as network/application firewalls and API gateways, and authentication protocols such as Kerberos and oAuth, are not addressing the service-to-service authentication needs of modern enterprise applications. According to a research*, 93% of IT executives are concerned about their service authentication credentials, while 83% agree that their technologies and processes to mutually authenticate services cannot scale as their organization adopts a more dynamic, hybrid cloud strategy. Employing continuously-attested identities for services (not humans) helps them take their early “zero trust” steps.

BENEFITS Strengthen your security posture and protect your existing investments Multifactor policies establish greater trust in provisioned identities. Short lived credentials reduce threat radius. The ability to broker identities across your existing on-premise IdPs—such as Active Directory—to cloud and container services strengthens your security posture, reduces the risk of compromise, and eliminates the need to rewrite code or rearchitect for cloud and container platforms.

Boost staff and developer productivity API-driven, automated controls mean that your developers spend less time writing code for security controls or waiting for tickets; and operations teams are able to deploy, operate, and scale authentication easily across dynamic, heterogeneous infrastructures.

Speed cloud and container adoption Leverage a common, scalable identity model that works with your existing IdP and is designed for cloud- and container-based environments to seamlessly and securely authorize services across any platform. Reduce time to market from weeks to minutes Eliminate manual processes and development efforts to authorize a service across multiple platforms. Automated, uniform service identity management reduces application onboarding times from weeks to minutes.

For information please visit scytale.io* https://scytale.io/resources/state-of-service-authentication-in-the-cloud-native-enterprise/

USECASES

Extend existing identity providers to the cloud: Enable cloud services to access on-premise services without exposing Kerberos based identity providers to the internet or changing existing risk policies. Provide scalable authentication for bursty services: Protect your existing identity provider from load spikes and avoid service disruptions.

Synchronize identities between multiple clouds: Allow services running in one cloud to assume identities in other clouds and on-premise directories, and vice-versa Build a foundation for zero-trust: Establish a standards-based, fine-grained service authentication layer to support zero trust communication between services running on trusted corporate IT assets (including those in the cloud).

KEY FEATURES

Scalable, cryptographic, platform agnostic service identity based upon an open standard (SPIFFE) Deploy standard service identities across heterogeneous platforms including cloud, containers, and on-premise infrastructure. In contrast to traditional authentication mechanisms like Kerberos and oAuth, Scytale Enterprise service identities are based on automatically provisioned, short-lived asymmetric keys. These are more resilient in distributed systems, not subject to replay attacks and can also be used to ensure confidentiality using mTLS. Applications can authenticate directly without relying on the availability of a trusted third party during authentication. These identities are based an open-standard, SPIFFE, backed by the Cloud Native Computing Foundation (CNCF).

Multi-factor service authentication Instead of authenticating service-to-service communication with long-lived credentials that must be provisioned and rotated with the workload, Scytale Enterprise identifies services through real-time multi-factor authentication policies. Scytale Enterprise’s real-time attestation engine leverages a union of trusted third parties including cloud provider control planes, container orchestrators, signatures from CI/CD pipelines, trusted OS kernels, Hardware Security Modules, and existing machine identity frameworks to provide a strongly trusted authentication for cloud and on-premises services. This eliminates long-lived credentials and mitigates credential exfiltration attacks.

Dial tone authentication Authentication can be deployed and governed by infrastructure and operations teams, and made available as consistent a “dial-tone” API to any engineering team. With Scytale Enterprise since all developers have to do is call an API for real-time identity and authentication, it eliminates the need to configure manage credentials manually and avoids potential outages caused as a result of engineers deploying the wrong credentials to the wrong environment.

Unified service directory and credential deliveryEncapsulates complexity by unifying service identities across IdPs spanning cloud, container, and on-premise identity providers through a single service-facing API.

Identity brokeringEnables you to extend your existing identity providers and authentication infrastructure (such as Active Directory) to the cloud and containers, and allows services running in one cloud to assume identities in others. For example, Scytale Enterprise can deliver Kerberos service tickets from an on-premises Active Directory installation.

Comprehensive auditabilityEnsure compliance and precisely identify where and when service credentials are generated and delivered with granular tracing even in highly elastic and dynamic environments. By leveraging the service metadata collected for multi-factor authentication, Scytale Enterprise can provide a comprehensive picture of where tokens are delivered, and avoid ephemeral identifiers like IP address.

Scales to next-generation architecturesScytale Enterprise is designed from the ground up for hybrid- and multi-cloud deployments, and elastically scaled and dynamically scheduled workloads. It has been built and maintained by a team with deep expertise in distributed architectures. It helps protect legacy identity providers from overload from burst and scale.

For information please visit scytale.ioCopyright © 2019 Scytale Inc. All rights reserved. All trademarks referenced herein belong to their respective companies. This document is for your informational purposes only, and does not form any type of warranty.