Latest articles

P0 raises $5 million in seed funding led by Lightspeed Venture Partners to secure access for cloud-native companies

Announcing P0’s general availability! P0 is the first unified offering that helps security practitioners secure cloud access for all identities, without impacting developer productivity. We are also proud to announce a $5M seed investment, led by Lightspeed Venture Partners, with participation from SV Angel and several prominent angel investors. With this seed funding, we'll continue to build and enhance our flagship product.

  • GA
  • secure access
  • announcing funding
Shashwat SehgalShashwat Sehgal -

Enhancing Cloud Database Security in PostgreSQL

Enhancing the security of PostgreSQL cloud databases through the adoption of IAM (Identity and Access Management) database authentication within Google Cloud SQL.

  • cloudsql
  • PostgreSQL
AnoopAnoop -

Detect transitive access to sensitive Google Cloud resources

Transitive access via service accounts is a common security vulnerability in Google Cloud configurations. This post explains what transitive access is, the permissions that allow it, and how to detect it using the Google Policy Analyzer or alternative methods. It also provides best practices for securing service account keys and recommends using P0, a tool for assessing IAM configurations, to secure Google Cloud resources.

  • google cloud
  • IAM
Komal DhullKomal Dhull -

Alternatives to Google Cloud Platform’s Policy Intelligence

Google announced that as of January 15, 2024, Policy Intelligence will become part of the Security Command Center SKU. The IAM Recommender and Policy Analyzer will come with limitations, requiring security teams to consider upgrading or exploring alternatives. Upgrading to the new SKU or engaging specialized vendors are options, but for those seeking free alternatives, P0's starter tier offers the same capabilities, including risk-weighted permissions, contextual data, IAM configuration management, and secure service account key monitoring.

  • gcp
Shashwat SehgalShashwat Sehgal -

Investigate Service Account Key Origins and Usage with Best Practices

This blog post provides detailed instructions on investigating service account key origins and usage, including analyzing authentication patterns, monitoring authentication events, and examining service account impersonation and key usage. IAM best practices for Google Cloud Platform (GCP) are shared.

  • gcp
  • IAM
  • access-control
Komal DhullKomal Dhull -

How Afresh automated access escalations, improving security and developer experience

Afresh faced security and operational challenges with their IAM set up. P0 helped them implement strict access controls on sensitive cloud systems and customer data, and move to a framework of just-in-time escalated access. The impact was improved security posture and developer experience, with mean-time-to-resolution of access requests dropping from hours to minutes.

  • case study
Shashwat SehgalShashwat Sehgal -

Security features for Kubernetes

P0's Kubernetes integration grants temporary access to sensitive resources, automating privilege escalations and improving security posture. In this post, we talk about how this integration works, and the steps we take to insure that this integration is safe, and can not be used to compromise a customer environment.

  • JIT
  • kubernetes
  • least privilege
  • access-control
  • rbac
Gergely DanyiGergely Danyi -

Enabling Just-In-Time (JIT) Access for AWS S3 Buckets

This blog post explores the concept of granting temporary access to an AWS S3 bucket using IAM policies and presigned URLs, ensuring a secure and flexible approach. It also provides best practices for securing sensitive systems and data, and shows how you can use P0 to automate privileged access to S3 buckets, and any other AWS resources.

  • aws
  • access-control
  • IAM
  • JIT
AnoopAnoop -

Granting Temporary Access in Google Cloud

Granting temporary access in Google Cloud with conditional IAM improves security posture, preventing unintentional impacts on production environments, and simplifying access reviews. IAM conditions can be added via the Google Cloud Console or directly set via CLI or API, but there are limitations to this approach. In this post, we explain the advantages of P0’s solution for temporary escalations.

  • google cloud
  • IAM
  • least privilege
Komal DhullKomal Dhull -

Announcing P0’s beta release!

P0 helps cloud security engineers control entitlements for their developers. It automates IAM audits, remediates access, and automates access workflows. P0 offers a sandbox for testing and a free Starter tier for Slack-based access requests and IAM audits.

  • beta
Shashwat SehgalShashwat Sehgal -

Automate Least Privilege in Snowflake

P0 automates least-privilege access for customers by integrating with authorization controls within customer systems. To prevent privilege escalation, P0 integrates with Snowflake using stored procedures to simulate custom privileges, granting only minimum privileges to the integration account.

  • security
  • snowflake
Nathan BrahmsNathan Brahms -

P0’s Security Features for AWS

P0's integration with AWS allow security engineers to implement least privileged access for their developers. In this post, we examine how we built this integration, and the safeguards we took to ensure the safety of a customer’s AWS environment.

  • security
  • aws
VarunVarun -

P0’s security features for GCP: A primer

P0's integration with Google Cloud projects allow security engineers to implement least privileged access for their developers. In this post, we examine how we built this integration, and the safeguards we took to ensure the safety of a customer environment.

  • gcp
  • security
Komal DhullKomal Dhull -

Uber Breach and Identity Hygiene

The Uber breach highlights the unique security challenges posed by cloud-native infrastructure, particularly for access management. In this post, we describe the details of the attack, and examine how organizations can implement best practices, that might have prevented such an incident.

  • security
Shashwat SehgalShashwat Sehgal -

Provide privileged access in under 5 minutes

No credit card needed.