Delinea Receives United States Patent for Delegated Machine Credentials
Brad Shewmake
Recognized innovation helps DevOps and DevSecOps teams reduce risk and streamline workflows through machine federation
San Francisco, CA — December 7, 2023 – Delinea, a leading provider of solutions that seamlessly extend Privileged Access Management (PAM), today announced that it has been awarded a patent for Delegated Machine Credentials (DMC), a capability within Server PAM, its solution that provides privileged access to and authorization for servers. DMC reduces risk and empowers automation for DevOps and DevSecOps teams building applications that require privileged access to and for workloads on cloud and on-premise infrastructure. By delegating entitlements of a specific machine to the workloads running on it, there is a significant reduction of service accounts needed, thus reducing the attack surface and improving the agility of development teams.
According to GitHub, 1 in 10 software authors exposed a secret in their repository in 2022, 67% of those are considered generic secrets like username and password. The use of hard-coded credentials is easier for developers who are under pressure to deliver code quickly, but it presents a significant risk for the organization. A mechanism that allows developers to use fewer service accounts when connecting application layers supports their need for agility and avoids the need for hard coding credentials. The patented DMC capability makes this even more secure by utilizing the federated authentication and trust already established with the machine and extending that trust to the workloads that need to be connected in the application.
Simplified privileged access in code using machine federation
For organizations looking for an alternative to a vault-centric approach already addressed by Delinea DevOps Secrets Vault, customers can streamline privilege controls on their infrastructure while providing secure and efficient machine access using Delegated Machine Credentials in the Server PAM solution.
When a machine is first enrolled in Server PAM, a client is installed on that machine and, as part of enrollment, the machine is automatically given a unique identity with roles, rights, and entitlements. With DMC, this trust relationship can be assigned to any of the authorized applications, services, containers, or other workloads running on that machine. The machine has binding trust through Server PAM which in turn is delegated to workloads, effectively reducing the number of service accounts needed from one per workload to one automatically managed per machine. When developers use these service accounts to connect components of an application, a federation token is provided rather than a static credential, leaving nothing in the code that can be compromised. Utilizing the same privileged access policies for the workloads that are already applied to the machine ensures that manual Privileged Access Management tasks are minimized for DevOps teams.
Using a client-based approach and leveraging a cloud-first architecture, the Delegated Machine Credentials capability solves a headache for DevOps teams by federating access for machine identities. By streamlining infrastructure operations, drastically reducing the number of service accounts that could be used as a vulnerability, and supporting agility, practically all the privileged access requirements are fulfilled for DevSecOps teams.
“We're very pleased to see Delinea’s innovation recognized with this new US patent for Delegated Machine Credentials,” said David McNeely, Chief Technology Officer at Delinea. "This approach drastically simplifies workload authentication versus traditional application-to-application password management (AAPM) approaches. Those have been more of a band-aid that took embedded credentials out of code but then required the creation of hundreds or thousands of new service accounts in the vault. Our commitment to seamless privileged access and making usable cybersecurity is what drives us to evolve Privileged Access Management.”
By capitalizing on machine trust and eliminating the need for extensive service account use, Delegated Machine Credentials empowers developers and security teams with both reliable and efficient AAPM capabilities to effectively secure IT environments while reducing service account privilege sprawl.
For more information about US Patent 11,706,209, visit https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/11706209
For a free trial of Delegated Machine Credentials within Delinea Server PAM, visit https://delinea.com/products/server-pam.
About Delinea
Delinea is a leading provider of Privileged Access Management (PAM) solutions for the modern, hybrid enterprise. The Delinea Platform seamlessly extends PAM by providing authorization for all identities, granting access to an organization’s most critical hybrid cloud infrastructure and sensitive data to help reduce risk, ensure compliance, and simplify security. Delinea removes complexity and defines the boundaries of access for thousands of customers worldwide. Our customers range from small businesses to the world's largest financial institutions, intelligence agencies, and critical infrastructure companies. Learn more about Delinea on LinkedIn, Twitter, and YouTube.
© Delinea Inc. 2023. Delinea™ is a trademark of Delinea Inc. All other trademarks are property of their respective owners.