InfoconDB

Presented at BSidesSF 2017, Feb. 13, 2017, 3:30 p.m. (30 minutes)

A lot of startups, like the one I work in, use a lot of third-party SaaS services as part of their day-to-day job. Services like Google Apps, AWS, Slack, Salesforce GitHub, Atlassian Suite, etc. are commonplace. The ITOps teams, however, have to live the nightmare of managing access to all of these different tools and services - especially during onboarding and offboarding. Add to this mix internal services such as VPN, SSH Servers, internal tools, etc., it becomes almost impossible to handle access control manually. Faced with this very same problems, we created a tool called Concierge. Concierge aims to be the one-stop-shop for all access control related solutions - sync with the HR directory, automatically sync with AD/LDAP and add people to appropriate groups, as well as grant access to various tools and services based on their roles, and provide the ITOps team a holistic view of who has access to what. Concierge also revokes access upon offboarding, role change, or any other event as necessary.

Presenters:

Karthik Rangarajan
Karthik Rangarajan is an experienced security engineer with a focus on application and infrastructure security. Karthik has worked in various roles in the past, and has a unique perspective on securing and attacking applications. Currently, Karthik works at Addepar, helping secure their wealth management platform. Previously, Karthik worked as a senior principal consultant for a Fortune 500 company, heading large application assessment projects, penetration tests and vulnerability assessments. Karthik used to be a co-host of the InfoSec Daily Podcast, and has appeared on other podcasts as well.

Access Control with Concierge: One Tool to Rule Them All

Presenters:

Links:

Similar Presentations: