Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Our journey with GitHub proxy support began with an internal challenge: securing our most critical repositories against unauthorized acess. As a company that manages infrastructure as code, including sensitive systems like Hardening Okta with Terraform, we needed an ironclad solution to lock down acess to our codebase. The problem was that traditional authentication methods like SSH keys and Personal Access Tokens (PATs) left our repositories vulnerable to unauthorized access.

In this day and age, establishing cryptographic trust and encryption between internal services is a must. Without this, attackers who gain access to your internal networks can easily impersonate services and intercept exchanged data. As time has gone on, the potential impact of compromise has only grown as machines are trusted with increasingly sensitive data and completing increasingly important tasks.

As organizations evolve to embrace cloud-native architectures and distributed teams, the limitations of legacy access solutions like virtual private networks (VPNs) and bastion hosts have become apparent. Once reliable for securing static, on-premises environments, these tools do not scale well for securing modern infrastructure, are expensive to maintain, increase security vulnerabilities, and can hinder regulatory compliance.

The Digital Operational Resilience Act (DORA) comes into full effect on January 17, 2025. This deadline marks a monumental shift in how financial institutions and their technology providers prioritize and maintain operational resilience and cybersecurity standards – and sets in stone real business and regulatory consequences to ensure resilience is achieved. And like any sweeping security regulation, organizations must embark on an uphill journey to earn full compliance.

The explosive growth of computing infrastructure has ushered in a new era of complexity for engineering, infrastructure, and security teams. Managing access, identities, and policies across thousands—or even tens of thousands—of resources such as physical servers, multi-cloud platforms, and web apps is no small feat in itself.

Teleport 17 marks our final major release of the year, bringing significant enhancements to our platform. In the six months since Teleport 16, we've not only developed this major release but also introduced several valuable features through minor and patch updates. A core theme for this release is scalable, secure, and resilient infrastructure access. This starts with our expanded focus on AWS Access. Teleport 17 includes preview support for AWS IAM Identity Center.

The AI hype cycle is in full swing, and “AI” has become the latest buzzword getting attention in boardrooms. Hyperscalers like Salesforce, Microsoft, and Google are racing to make agentic AI, that is AI that can operate independently of human intervention, available to the wider public. There is broad commercial support for it: 82% of executives surveyed by Capgemini plan to implement AI agents within the next three years.

It’s been a year since we debated if Santa is an insider threat. For this festive newsletter, I’m going to be following up with how to wrangle in the elves. Historically Santa elves are known for their workshop skills, putting together cute wood toys and sewing holiday stockings. Fast forward to the 21st century and the skills required to be a modern elf have exploded.

Companies may scale their cloud resources in pursuit of product, cost, or process innovation. However, this does not come without a cost of its own. The resulting infrastructure complexity, created from a growing sprawl of access silos, can introduce friction into engineer and security workflows.

At Teleport we love modern infrastructure and open-source software, but don't like static credentials and passwords. This created a challenge for us when deploying Temporal, an open-source workflow automation software on EKS: Temporal always requires a password to authenticate to the backend RDS database. To solve this problem, we turned to Teleport Machine & Workload Identity.