Announcing P0’s general availability! P0 is the first unified offering that helps security practitioners secure cloud access for all identities, without impacting developer productivity. We are also proud to announce a $5M seed investment, led by Lightspeed Venture Partners, with participation from SV Angel and several prominent angel investors. With this seed funding, we'll continue to build and enhance our flagship product.
A real-world guide for setting up federated identity using OpenID Connect (OIDC) in any combination of a managed Kubernetes cluster (AWS, Google Cloud Platform), and an Identity Provider (Okta, Microsoft Entra ID, Google Workspace, JumpCloud).
Transitive access via service accounts is a common security vulnerability in Google Cloud configurations. This post explains what transitive access is, the permissions that allow it, and how to detect it using the Google Policy Analyzer or alternative methods. It also provides best practices for securing service account keys and recommends using P0, a tool for assessing IAM configurations, to secure Google Cloud resources.
Google announced that as of January 15, 2024, Policy Intelligence will become part of the Security Command Center SKU. The IAM Recommender and Policy Analyzer will come with limitations, requiring security teams to consider upgrading or exploring alternatives. Upgrading to the new SKU or engaging specialized vendors are options, but for those seeking free alternatives, P0's starter tier offers the same capabilities, including risk-weighted permissions, contextual data, IAM configuration management, and secure service account key monitoring.
This blog post provides detailed instructions on investigating service account key origins and usage, including analyzing authentication patterns, monitoring authentication events, and examining service account impersonation and key usage. IAM best practices for Google Cloud Platform (GCP) are shared.
Afresh faced security and operational challenges with their IAM set up. P0 helped them implement strict access controls on sensitive cloud systems and customer data, and move to a framework of just-in-time escalated access. The impact was improved security posture and developer experience, with mean-time-to-resolution of access requests dropping from hours to minutes.
P0's Kubernetes integration grants temporary access to sensitive resources, automating privilege escalations and improving security posture. In this post, we talk about how this integration works, and the steps we take to insure that this integration is safe, and can not be used to compromise a customer environment.
This blog post explores the concept of granting temporary access to an AWS S3 bucket using IAM policies and presigned URLs, ensuring a secure and flexible approach. It also provides best practices for securing sensitive systems and data, and shows how you can use P0 to automate privileged access to S3 buckets, and any other AWS resources.
Granting temporary access in Google Cloud with conditional IAM improves security posture, preventing unintentional impacts on production environments, and simplifying access reviews. IAM conditions can be added via the Google Cloud Console or directly set via CLI or API, but there are limitations to this approach. In this post, we explain the advantages of P0’s solution for temporary escalations.
P0 helps cloud security engineers control entitlements for their developers. It automates IAM audits, remediates access, and automates access workflows. P0 offers a sandbox for testing and a free Starter tier for Slack-based access requests and IAM audits.
P0 automates least-privilege access for customers by integrating with authorization controls within customer systems. To prevent privilege escalation, P0 integrates with Snowflake using stored procedures to simulate custom privileges, granting only minimum privileges to the integration account.
P0's integration with AWS allow security engineers to implement least privileged access for their developers. In this post, we examine how we built this integration, and the safeguards we took to ensure the safety of a customer’s AWS environment.
P0's integration with Google Cloud projects allow security engineers to implement least privileged access for their developers. In this post, we examine how we built this integration, and the safeguards we took to ensure the safety of a customer environment.
The Uber breach highlights the unique security challenges posed by cloud-native infrastructure, particularly for access management. In this post, we describe the details of the attack, and examine how organizations can implement best practices, that might have prevented such an incident.