As developers, at some point or the other, we have all experienced it. The frustration, the annoyance, the endless wait. Of not possessing the right permissions to do our job, whether it means troubleshooting an on-call incident, trying to access Snowflake/S3/Cloud Storage buckets that contains customer data, or deploying a change to a production EKS/GKE cluster.
In smaller startups and teams, there is an easy fix: give every engineer admin or owner access to most, if not all, cloud resources. However, this approach does not scale. There is the obvious risk of an engineer fat-fingering a mistake in a production environment. Beyond that, growing companies, especially in a B2B market, need certifications such as SOC2 and ISO 27001 to qualify as a vendor for large enterprise customers. Most of these certifications require companies to implement least privilege access to sensitive resources.
Let’s look at this problem from the perspective of a security or platform engineer. As companies scale, they want to implement least privilege as a core part of company strategy. However, they face several challenges in doing so.
- Security engineers lack visibility into which identities have access to which sensitive systems
- It is not easy to identify which permissions could lead to sensitive systems being compromised
- Security teams may be wary of removing cloud privileges that reduce developer velocity.
- Platform teams usually manage permissions using JIRA or ServiceNow. These ticketing systems are slow, and result in excessive permissions that are not revoked.
Enter P0. Our product helps cloud security engineers control entitlements for their developers. Using P0, you can:
- Automate IAM Audits: run regular access reviews (as required by SOC2 or ISO 27001) to evaluate which cloud-identities have excessive (and dangerous) permissions to sensitive cloud resources.
- Remediate access: Remove sensitive access from within our tool
- Automate access workflows: With our Slackbot, engineers can request just-in-time and short-lived access to cloud resources.
How can you test our product? We have created a sandbox here, and configured P0 on a sample GCP account. Feel free to login (using any gmail account) and play around with the IAM Audit report.
If you would like to test our Slackbot, you can also sign up for P0’s Starter tier here. This tier is completely free, and you do not need a credit card for registering. This tier lets you run an IAM Audit, and also gives you a limited number of Slack-based access requests.
We would love to hear your feedback - what you like, what you do not like, and what you would like us to build. You can reach us at email@example.com.