Scytale Enterprise, an industry-first service identity platform, enables secure and rapid authentication with public cloud providers such as Amazon Web Services (AWS). The solution allows organizations to use Scytale Enterprise-issued identities (X.509 certificates) to directly authenticate to public cloud providers using OpenID Connect (OIDC) federation. The solution allows you to federate trust across multiple cloud providers and technology platforms without the need to generate or manage secrets.
Scytale Enterprise orchestrates a real-time, zero-trust attestation process that can lean on a configurable union of trusted third parties to provide a strongly attested identity (X.509 certificate), based on SPIFFE open standard (backed by the Cloud Native Computing Foundation). Service identity is thus conferred by a detailed set of identifying attributes of the service looking to authenticate (in this case the Web Service) to a cloud provider resource, rather than by the presence of a password, service ticket or an IP address. In addition, Scytale Enterprise service identities are based on automatically provisioned, short-lived asymmetric keys. These are more resilient in distributed systems and are not subject to replay attacks.
The Web Service uses its newly minted identity to request access through AWS S3 API. AWS validates the identity of the Web Service by using Scytale Enterprise provided public keys. Once verified, provided that AWS IAM can confirm that the requested role is allowed, an STS token for the role is provided to the AWS SDK client (this is invisible to the programmer), and the Web Service is able to access the S3 bucket without the need to keep or manage any AWS secrets.
Reduce operational complexity in a hybrid environment
Secure access to public cloud-based resources
Scale authentication policies across the platforms
Easily meet compliance needs