|
By Gus Luxton
Tatu Ylonen, the inventor of the SSH protocol, has long warned that a single stolen SSH key "can in many cases lead to compromise of the entire server environment." But in the bare-metal and private cloud infrastructure of high-frequency or quantitative trading firms, privileged access to trading infrastructure often depends on shared or static credentials like SSH keys or hardcoded API tokens.
|
By Mayur Pipaliya
Most multi-site infrastructure teams manage access and audit logging site by site, using stacks that have been built up over time through different tools, different owners, and thousands of static credentials or standing admin privileges. This makes org-wide auditability nearly impossible to produce on demand, and adds complexity to regional compliance requirements.
|
By Mayur Pipaliya
Whether it’s vendors diagnosing GPU driver failures or network technicians troubleshooting switch configurations, organizations are often ready to do whatever it takes to get their infrastructure back to normal. For some, that may mean defaulting to the fastest access path available for third-party access, such as shared SSH keys, VPN credentials, or screen-sharing sessions.
|
By Mayur Pipaliya
Organizations that operate servers across data centers, cloud accounts, and colocated environments face a problem that grows with each site they add: identity fragmentation. If an engineer needs access to infrastructure in ten locations, it's highly likely that the identity and access systems governing those locations exist in ten separate configurations. Each new site or cloud deployment also creates thousands of new credentials, adding new paths and additional attack vectors.
|
By Matt Keib
Most Secure Shell (SSH) hardening advice starts and ends with two changes: move off port 22 or disable root login. Both are easy to implement, widely recommended — and almost entirely misunderstood.
|
By Kayne McGladrey
→ What DORA assessors actually evaluate → How DORA controls map to specific evidence requirements → Common evidence gaps that can interfere with audits → The evidence challenges of agentic AI → The full blueprint for DORA compliance now and in the future The Digital Operational Resilience Act (DORA), otherwise known as Regulation (EU) 2022/2554, represents a fundamental shift in how financial institutions must show their compliance.
|
By Steven Oakley
As a solutions architect, building out customer demo environments is part of the job. I regularly spin up lab scenarios to support evaluations and proof-of-concept work — and if you've done this before, you know it can eat up days of your life. So when I recently decided to refresh my homelab and migrate to Proxmox, I saw it as the perfect opportunity to put AI-assisted infrastructure automation to the test. The goal?
|
By Peter ONeill
Accessing modern infrastructure requires more than a network-level foothold. As services spread across clouds, clusters, and regions, the question of who can reach what stops being a network question and becomes an identity question. Reverse proxies are the component that answers it. A reverse proxy sits between clients and backend services, validating identity and enforcing authorization on every inbound request before any application is touched.
|
By Matthew Smith
AI agents are likely already running inside your infrastructure. They triage alerts, remediate incidents, provision resources, and make decisions without waiting for a human to approve each step. For teams aligned to NIST’s Cybersecurity Framework (CSF) 2.0, this creates a problem: the framework assumes human actors, human-speed decisions, and human-readable audit trails. Autonomous systems break all three assumptions. The good news is that CSF 2.0 was designed to be adapted.
→ Audit your AI systems against EU AI Act requirements now — validate Annex IV technical documentation, logging, and data governance. The initial August 2025 compliance date has passed, and full penalties begin in August 2026. → Build a continuous compliance evidence chain — document risk management across the full lifecycle (design, development, deployment, and post-market monitoring).
|
By Teleport
AI agents are rapidly moving into production, but most organizations are still deploying them on top of legacy identity systems built around passwords, secrets, and fragmented access models. In this video, we introduce the Teleport Agentic Identity Framework, a standards-driven approach for deploying AI agents securely across infrastructure using cryptographic identity, governed access, and continuous visibility.
|
By Teleport
Securing AI agents in Teleport, focused on unified identity, eliminating standing privileges, and enforcing real policy controls instead of relying on the whims of an agent.
|
By Teleport
Regulators don’t just want login logs anymore. They want immutable proof of every action and full session recordings. Steven Martin on how Teleport delivers that — and how AI-powered session summaries are changing what audit actually looks like.
|
By Teleport
There’s a moment in every Teleport demo where the customer lights up. They see session replay, Kubernetes playback, the scope of what’s possible — and something clicks. Gus Luxton on why that reaction never gets old.
|
By Teleport
AI agents are tireless, highly capable, eager to please, but difficult to manage. George Chamales (CriticalSec) and Josh Rector (Ace of Cloud) unpack the identity and access challenges posed by agentic AI. How do you verify it was the right agent, doing the right action, approved by the right person? How do we bound, constrain, govern agentic behavior? Ultimately, the same frameworks built for human identity and access should be applied to agents.
|
By Teleport
FedRAMP 20x → continuous monitoring. Moving from point-in-time audits to real-time visibility.
|
By Teleport
With just a Slack message, AI agents can triage and resolve Kubernetes failures. But what's stopping that agent from wiping your cluster?
|
By Teleport
In this video, we demonstrate how to securely grant an AI agent (OpenClaw) access to Teleport-protected Kubernetes resources using Teleport Machine Identity and tbot, without exposing secrets, API keys, or long-lived tokens. You’ll see how Teleport treats AI agents as first-class identities, enforcing strict RBAC controls so the agent can only do what it’s allowed to do, like reading logs, while being blocked from sensitive actions like deleting resources or accessing secrets.
|
By Teleport
SOC 2 was built for human-operated systems and predictable infrastructure. Agentic AI introduces systems that can act, adapt, and change over time, creating new governance and risk considerations.
|
By Teleport
Three methods for issuing identity to AI agents — and why static credentials will always eventually leak no matter how well you vault them. Ev Kontsevoy breaks down standard credentials, durable identity, and digital twins, and explains why the issuer of identity needs to be the same across your entire environment.
|
By Teleport
While SSH has always been a popular attack vector, the increased adoption of elastic, cloud infrastructure and dynamic, micro-service architecture using containerized application services (aka, "cloud-native" applications), has resulted in the additional complexity of having application services that can migrate across dynamic server infrastructure. This makes managing access to applications and their infrastructure through SSH more complicated and more prone to security threats.
|
By Teleport
With their rapidly changing architecture and API-driven automation, cloud platforms come with unique security challenges and opportunities. This hands-on book guides you through security best practices for multivendor cloud environments, whether your company plans to move legacy on-premises projects to the cloud or build a new infrastructure from the ground up.
|
By Teleport
In this paper, we will provide a brief description of what SSM Session Manager is and how it compares to Gravitational's Teleport privileged access management solution. We'll compare the significant design and feature differences and the operational overhead of the solutions. Because Session Manager is limited to AWS, we'll limit the scope of the discussion to that cloud provider. Finally, we have provided a feature matrix of the two solutions.
|
By Teleport
The goal of the paper is to identify key challenges and the most promising opportunities for small to medium sized server hosting providers in an era of rapid commoditization driven by AWS.
|
By Teleport
HIPAA, the Health Insurance Portability and Accountability Act, sets the standard for protecting sensitive patient data. Any company that deals with protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed.
- May 2026 (6)
- April 2026 (15)
- March 2026 (20)
- February 2026 (7)
- January 2026 (7)
- December 2025 (4)
- November 2025 (4)
- October 2025 (10)
- September 2025 (8)
- August 2025 (5)
- July 2025 (10)
- June 2025 (6)
- May 2025 (5)
- April 2025 (7)
- March 2025 (10)
- February 2025 (9)
- January 2025 (8)
- December 2024 (16)
- November 2024 (6)
- October 2024 (8)
- September 2024 (4)
- August 2024 (1)
- July 2024 (5)
- June 2024 (5)
- May 2024 (2)
- April 2024 (2)
- March 2024 (2)
- February 2024 (13)
- January 2024 (1)
- December 2023 (4)
- November 2023 (2)
- October 2023 (1)
- September 2023 (5)
- August 2023 (10)
- July 2023 (3)
- June 2023 (7)
- May 2023 (10)
- April 2023 (3)
- March 2023 (12)
- February 2023 (5)
- January 2023 (2)
- December 2022 (3)
- November 2022 (9)
- October 2022 (6)
- September 2022 (9)
- August 2022 (7)
- July 2022 (16)
- June 2022 (11)
- May 2022 (26)
- April 2022 (24)
- March 2022 (12)
- February 2022 (15)
- January 2022 (21)
- December 2021 (19)
- November 2021 (9)
- October 2021 (12)
- September 2021 (12)
- August 2021 (18)
- July 2021 (6)
- June 2021 (10)
- May 2021 (14)
- April 2021 (11)
- March 2021 (12)
- February 2021 (7)
- January 2021 (7)
- December 2020 (5)
- November 2020 (7)
- October 2020 (4)
- September 2020 (8)
- August 2020 (8)
- July 2020 (9)
- June 2020 (3)
- May 2020 (5)
- April 2020 (6)
- March 2020 (6)
- February 2020 (5)
- January 2020 (4)
- November 2019 (2)
- October 2019 (3)
- September 2019 (4)
- August 2019 (3)
- July 2019 (1)
- June 2019 (1)
- March 2019 (2)
- September 2018 (1)
- July 2018 (2)
Security and Compliance for Cloud Applications and Infrastructure. Cloud-native application delivery with robust Day-2 operations across many clouds, in restricted, regulated and remote environments.
Get compliance and security best practices out-of-the-box and make it easy for engineers to access SSH and Kubernetes environments across many clouds, data centers and edge devices. Deploy and Run Kubernetes applications on your customers' clouds, on the edge, and even in air-gapped server rooms, without overloading your DevOps teams.
Our products are open-source and based on open standards:
- Teleport: Access Kubernetes and Linux infrastructure across clouds, datacenters and IoT devices while enforcing industry best-practices for security and compliance.
- Gravity: Deploy and run cloud-native applications in hundreds of locations where security and compliance matter, on your customers' clouds or on the edge.
- Teleconsole: Teleconsole is a free service to share your terminal session with people you trust. Your friends can join via a command line via SSH or via their browser over HTTPS. Use this to ask for help or to connect to your own devices sitting behind NAT.
Grow your business across many production environments without having to worry about the vendor lock-in.