In the past, the most common way to manage cloud server login accounts was to store them in a central identity repository, such as an Active Directory or LDAP database.
This common technique, at first glance, seems to adhere to the desirable design principles of Don’t Repeat Yourself (DRY), data normalization, and data centralization, also known as the “single source of truth.”
Unfortunately, recent research by the IEEE Center for Secure Design demonstrates that this first-generation approach is insecure, prone to bottlenecks, and unreliable across a network, with unpredictable latencies or outright outages. These issues are compounded in a dynamic cloud environment, where servers may have a lifespan measured in minutes.
Another common problem with legacy solutions is the insecurity of passwords, especially when passwords are be stored in a central location, even if the passwords are securely hashed. The passwords still have to be transmitted to both the central location and into each Linux server during login.
For example, if a DBA wants to log into a Database Server, the DBA first transmits a password to the Database Server during authentication, which then transmits the password to the Directory Server, before returning failure or success back to the Database Server and ultimately back to the client.
Malware or a compromise in either the Database Server or the Directory Server would result in password compromise, even if the password was being transmitted over a secure connection such as TLS, and even if the passwords are securely hashed by the Directory Server, and even if the password comparison function is immune to timing attacks. (SAML can reduce the threat model slightly, but doesn’t mitigate all of these attack vectors.)
In addition to the security issues, the traditional model suffers from a reliability problem: because every single login has to go through both the Database Server and the Directory Server, any outage of the Directory Server, or even a network disruption, can prevent the user from logging into the Database Server that they actually intend to log into in the first place.
Userify resolves this issue with a far more secure approach: public key cryptography. The result is that the security, performance, and reliability of servers will never be compromised. Userify aids clients to easily log-in to their servers without the hassle and insecurity of checking with an centralized authentication server, but still providing a centralized Enterprise management dashboard.
With public key cryptography, a DBA uses a login key that has two parts: a private and a public key. The public key can be truly public and it is effectively impossible to derive the private key from the public key. Unlike a password, the secret material (the private key) is never transmitted outside the developer’s laptop and is not stored in a centralized location that can be attacked.
Even with these significant security and reliability benefits, decentralized operation is difficult to manage at Enterprise scale, and so public key cryptography has seen slow embrace in server authentication. Userify has resolved that with an innovative approach: by splitting management and distribution into two different pieces.
With Userify, management is simplified in a centralized web dashboard that allows developers and engineers to keep their keys updated and, crucially, allows management to easily distribute permissions across entire groups of servers, while still maintaining a clear separation and fully distributed authentication model using public-key cryptography. This also satisfies the key security principles of separation of concerns and isolation of secrets.
In the Userify model (see diagram below), the DBA can login directly to the Database Server using the public-key that is distributed to the Database Server. There is no third gatekeeper; the Database server itself manages its own authentication and authorization. The destination server synchronizes to Userify in the background to ensure centralized management, while operating in a decentralized fashion. And, because the login model uses keys, there’s no risk of a password getting compromised from any of the destination servers and being used to log into other destination servers, since the private key never leaves the developer’s laptop.
Userify resolves this issue with a far more secure approach: public key cryptography
Userify leverages Secure Shell (SSH), a standarized Internet protocol that is available for both Linux and Windows, as well as cryptographic key distribution and user rolesto allow users to access cloudservers over a network securely.
The robust solution that Userify offers empowers DevOps to generate their own SSH private and public keys on their laptops or desktops and update those public keys across all servers that they have access to log into through an easy web-based dashboard.
Even better, the dashboard provides management teams with a full graphical management tool, protected by multi-factor authentication (MFA) to control which users can log into any particular group of servers. The dashboard can even be configured to authenticate and synchronize user status from a traditional directory server (such as Microsoft Active Directory), while still enabling safe logins directly into servers with SSH keys.
Userify’s dashboard buttons enable changing the level of permissions that a user has in one click, and any such change is reflected across all of the servers in that server group. With color-coded permission roles you can change a user’s permissions across your entire server group in five seconds or less. Userify ensures that the private key to access servers never gets stored in a central location, can be easily rotated, and is managed at the point of use. All these capabilities enable the company to comply with PCI DSS, SOX security regulations,and HIPAA Security Rule account requirements of one user per account.
Userify’s solution can be deployed in milliseconds, and integrates in seconds with the clients’ software provisioning and configuration management tools, such as Ansible, Chef, Puppet, shell scripts, and Terraform. Once Userify is deployed, the holistic solution detects the server platform and automatically configures itself during installation.
In fact, the solution discerns the clients’ entire operating system, and works within the clients’ environment and supports disparate operating systems. Userify is built on modern tech and crypto, including Curve 25519 for data at rest, and TLS 1.2 for data in motion, and hardened against XSS, CSRF, inclusion, and injection attacks. Designed for the cloud from the very beginning, Userify has built-in support for Auto Scaling Groups (ASGs) at EC2, GCP, and other popular clouds. Servers are managed as groups instead of individually, making the management of very large server clusters easy.
As an Advanced Tier AWS partner, Userify has been through extensive AWS Security and Well Architected framework reviews. “We want to make security accessible for regular people without slowing them down, as increasing security often results in loss of convenience and utility,” says Jamieson Becker, Userify’s Co-Founder and CEO, and adds, “many security products are very difficult to use; we want to make it easy and fun to use our products.”
Other security features set Userify apart. For example, other IAM systems only authenticate when users first log in, and afterward they can remain in the system permanently, even if their authorization is revoked. Userify terminates all active user sessions when the user’s authorization is revoked to prevent long-running sessions from becoming a security risk.
And, with Userify, the user’s old home directory is retained for forensics, auditing, or access to work files by team members, and the home directoy is automatically rebuilt if the user’s account is restored.
Today, Userify caters to major universities and more than 2,500 companies on six continents. Their clientele includes a majority of the Fortune 500 as well as several Ivy League universities. Despite fast growth, the company continues to focus on security and speed:“The simpler and cleaner that you can make your security product, the more secure it is going to be and the easier it is going to be for people to use,” concludes Becker.