"Open-Source Tool for Security Engineers Helps Automate Access Reviews"

ConductorOne made their identity connectors open-source in a project called Baton, which is available on GitHub. Each connector enables developers to extract, normalize, and interact with workforce identity data such as user accounts, permissions, roles, groups, resources, and more, allowing them to audit infrastructure access, begin automating user access reviews, and enforce the principle of least privilege. Understanding user permissions across internal applications and infrastructure is a time-consuming process that involves downloading or screenshotting each app, improvised python scripting, inconsistent spreadsheets of unstructured data, and a never-ending cycle of that data becoming stale. Security engineers are responsible for obtaining this identity data in order to secure infrastructure access, conduct user access reviews, and investigate security incidents. It is difficult to complete any of those tasks without much manual effort and time if you do not have access to identity data in a standardized format. Engineers spent over two years building Baton with the belief that identity data should be visible, understandable, extensible, and usable by anyone. The connectors enable the automation of data extraction from applications such as access details into a single, standardized output file that can be extended to any identity security or governance project. For example, with the connectors, one can run user access reviews on all GitHub repositories without manually going through each one, compare AWS production role changes over a set period of time, identify all of the resources and user permissions in a MySQL or Postgres database, or receive an alert whenever a contractor is added to an Okta LDAP group. This article continues to discuss the identity connectors open-sourced by ConductorOne to help security engineers. 

Help Net Security reports "Open-Source Tool for Security Engineers Helps Automate Access Reviews"