Taking a Zero-Trust Defense Against Cyberattacks: Q&A With Teleport’s Ev Kontsevoy

Data breaches and cyberattacks are only getting more sophisticated at an alarmingly fast pace. In 2024 so far alone, there have been approximately 875,603,100 known records breached in 1,819 publicly disclosed incidents, as reported by It Governance.

According to a Cybersecurity Ventures report, the cost of cybercrime hit $8 trillion in 2023—translating to more than $250,000 per second. The total annual cost is projected to rise to $10.5 trillion by 2025.

IBM also revealed that the average global cost of a data breach was $4.45 million, while the average data breach cost in the U.S. was $9.48 million. Across all indus­tries, the average cost of a data breach was $4.45 million, with the healthcare industry facing the highest average data breach cost at $10.93 million.

Since most attacks focus on identity, theft of creden­tials, or human error, Ev Kontsevoy, CEO of Teleport, believes security must be a company’s philosophy from Day One. Apple, for example, built the iPhone from scratch on zero-trust principles. But data centers? They implicitly make trust assumptions and rely on old hardware compo­nents incompatible with zero trust, explained Kontsevoy.

According to the Teleport website, “An engineer by training, Kontsevoy launched Teleport in 2015 to provide other engineers solutions…without having to worry about security and compliance issues.” A serial entrepre­neur, he was CEO and co-founder of Mailgun, which he sold to Rackspace. Kontsevoy had a variety of engineer­ing roles prior to founding Mailgun.

Kontsevoy built Teleport to provide on-demand, least-privileged infrastructure access on a foundation of cryp­tographic identity and zero trust, with built-in identity and policy governance that allows companies to scale rapidly and safely.

Can you elaborate on the state of data breaches today and how they affect data centers and cloud companies?

Data breaches are accelerating and can have a devastating impact. These breaches can be extremely disruptive. The recent attack on United Healthcare Group’s subsidiary, Change Health­care, is expected to cost more than $1.3b, with widespread disruption for prescription refills and reimbursements.

The most common way threat actors gain access to an orga­nization is through stolen credentials. Seventy-four percent of breaches include the human element, with 49% involving cre­dentials. This is because threat actors have learned that manip­ulating humans to share confidential information is easier than identifying and exploiting something like a zero-day vulnera­bility. So, phishing, social engineering, impersonating identi­ties—these are all ways in which threat actors have learned that they can force a human error that can provide a gateway to breach and pivot strategies.

The complexity of computing infrastructure, combined with the use of artificial impersonation to lower the cost of identity-based attacks, has created perfect storm conditions for threat actors to target organizations using these methods.

What is zero-trust architecture?

Zero trust means that users and devices should not be trusted by default and that every connection request requires authentication. One of the well-understood applications of zero trust is network authentication. In former perimeter-based models, if an employee authenticated to a network, they could then freely access network resources. The zero-trust network model of “never trust, always verify” requires authentication for every network resource access request.

Teleport has extended the zero-trust model to the comput­ing infrastructure stack. We employ zero trust for all connec­tions between humans and nonhuman identities with infra structure resources—such as servers, databases, applications, and workloads—as well as between infrastructure resources— such as a workload accessing another workload. This secures the entire infrastructure stack. With this architecture, it means that it does not matter if the infrastructure resides on a public or private network; it is secure. This is why when companies implement Teleport, they no longer need VPNs or other similar boundary protections for their compute stack.

How can companies with legacy architecture implement these principles/solutions?

Large organizations always have a blend of legacy systems— older applications or hardware—and modern computing infra­structure such as container-based deployments orchestrated with Kubernetes. The challenge that companies face is that each type of technology is designed with its own security and access model. This creates what we call “access silos” in the organi­zation, where managing different access patterns and security models inevitably creates complexity that drives risk.

Because of the complexity of these different access silos, in most organizations, we have seen zero trust more broadly adopted at the network level, but not within infrastructure itself.

How can Teleport help with this?

Teleport has spent years integrating with all different types of infrastructure that resides in clouds and data centers—serv­ers (SSH), databases, applications, clouds, Windows desktops, and Kubernetes. As a result, we can generate and enforce cryp­tographic identity for all the different users, machines, devices, and resources that you find in the infrastructure and that need to access the infrastructure. We can then unify access control across what currently are all of these different access silos, using zero-trust principles. We can then further unify policy across the full infrastructure stack, enabling organizations to deploy policies such as, “Developers cannot have access to customer data.”

What are your predictions for security and governance solutions and innovations in 2024 and beyond?

I see four major trends in 2024 already playing out. Engineer­ing and security teams will partner to protect infrastructure from growing identity attacks. Second, the increasing frequency and cost of breaches will motivate organizations to shift from pass­words to secretless access, that is, access based on cryptographic identity. We’ll see more M&A activity that consolidates tool and solution sprawl. And, the industry as a whole will experience more regulatory pressure.


Subscribe to Big Data Quarterly E-Edition