Provides a web-scale, unified platform to broker and issue service identities
Project Cosigno provides security and infrastructure engineering teams a web-scale, unified platform to broker and issue service identities. Unlike other approaches, the solution provides scalable, cryptographic, platform agnostic identities based on open standards (SPIFFE). As a result, it enables you to boost security operations and developer productivity, reduce application on-boarding, accelerate cloud or container adoption while strengthening your overall security posture.
Deploy standard, cryptographic service identities across heterogeneous platforms including cloud, containers and on-premises infrastructure. These identities are based an open-standard, SPIFFE, backed by the Cloud Native Computing Foundation (CNCF).
Instead of authenticating service-to-service communication with long-lived credentials that must be provisioned and rotated with the service, Project Consigno identifies services through real-time multi-factor authentication policies.
Authentication can be deployed and governed by infrastructure and operations teams and made available as consistent a “dial-tone” API to any engineering team.
Encapsulates complexity by unifying service identities across IdPs spanning cloud, container and on-premise identity providers through a single service-facing API.
Enables you to extend your existing identity providers and authentication infrastructure (such as Active Directory) to the cloud and containers and allows services running in one cloud to assume identities in others.
Ensure compliance and precisely identify where and when service credentials are generated and delivered with granular tracing even in highly elastic and dynamic environments.
BUILT ON CNCF’S SPIFFE AND SPIRE OPEN SOURCE PROJECTS
Introduction to SPIFFE and SPIRE
HPE is the leading contributor to Cloud Native Computing Foundation’s (CNCF) SPIFFE and SPIRE open source projects. Inspired by production infrastructure at Facebook, Google, Netflix and more, SPIFFE is a set of open-source standards for securely authenticating services in dynamic and heterogeneous environments through the use of platform-agnostic, cryptographic identities. SPIRE is an open-source system that implements the SPIFFE specification in a wide variety of environments.
Project Cosigno Extends SPIRE
Project Cosigno extends SPIRE by including a web-based management console, operator logging and integration into enterprise SSO, IAM and SIEM management platforms. It also enables enterprises to easily re-use their existing on-premise service authentication protocols (such as Kerberos and OAuth) upon their burgeoning dynamic computing platforms, including cloud and containers.
PROJECT COSIGNO USE CASES
Extend Kerberos based authentication to cloud
The solution securely issues short-lived credentials from on-premises identity providers (IdPs) such as Active Directory to cloud and container-based services.
Secure database authentication
The solution enables rapid and secure authentication with popular databases such as MySQL and PostgreSQL.
Secretless authentication into cloud providers
Project Cosigno-issued identities (X.509 certificates) directly authenticate to public cloud providers using OpenID Connect (OIDC) federation.
Demo Request
See how Project Cosigno enables zero trust by issuing and brokering continuously attested, cryptographic service identity across cloud, container and on-premise infrastructure.