Service Identity Fabric for Zero Trust Security Model

Project Cosigno, based on SPIFFE and SPIRE projects, helps establish a standards-based, fine-grained service authentication layer to support zero trust between services running on hybrid enterprise IT infrastructure.

+ 顯示更多

Provides a web-scale, unified platform to broker and issue service identities

Project Cosigno provides security and infrastructure engineering teams a web-scale, unified platform to broker and issue service identities. Unlike other approaches, the solution provides scalable, cryptographic, platform agnostic identities based on open standards (SPIFFE). As a result, it enables you to boost security operations and developer productivity, reduce application on-boarding, accelerate cloud or container adoption while strengthening your overall security posture. 

INNOVATIONS
FEATURES OF PROJECT COSIGNO

Project Consigno provides a web-scale, unified service identity platform that enables security and infrastructure engineering teams to standards.

FEATURES OF PROJECT COSIGNO

Project Consigno provides a web-scale, unified service identity platform that enables security and infrastructure engineering teams to standards.

Scalable, cryptographic, platform agnostic service identity
Multi-factor service authentication
Dial tone authentication
Unified service directory and credential delivery
Identity brokering
Comprehesive auditability
Scalable, cryptographic, platform agnostic service identity
Scalable, cryptographic, platform agnostic service identity

Deploy standard, cryptographic service identities across heterogeneous platforms including cloud, containers, and on-premises infrastructure. These identities are based an open-standard, SPIFFE, backed by the Cloud Native Computing Foundation (CNCF).

Multi-factor service authentication
Multi-factor service authentication

Instead of authenticating service-to-service communication with long-lived credentials that must be provisioned and rotated with the service, Project Consigno identifies services through real-time multi-factor authentication policies.

Dial tone authentication
Dial tone authentication

Authentication can be deployed and governed by infrastructure and operations teams, and made available as consistent a “dial-tone” API to any engineering team.

Unified service directory and credential delivery
Unified service directory and credential delivery

Encapsulates complexity by unifying service identities across IdPs spanning cloud, container, and on-premise identity providers through a single service-facing API.

Identity brokering
Identity brokering

Enables you to extend your existing identity providers and authentication infrastructure (such as Active Directory) to the cloud and containers, and allows services running in one cloud to assume identities in others.

Comprehesive auditability
Comprehesive auditability

Ensure compliance and precisely identify where and when service credentials are generated and delivered with granular tracing even in highly elastic and dynamic environments.

BUILT ON CNCF’S SPIFFE AND SPIRE OPEN SOURCE PROJECTS

Introduction to SPIFFE and SPIRE

HPE is the leading contributor to Cloud Native Computing Foundation’s (CNCF) SPIFFE and SPIRE open source projects. Inspired by production infrastructure at Facebook, Google, Netflix, and more, SPIFFE is a set of open-source standards for securely authenticating services in dynamic and heterogeneous environments through the use of platform-agnostic, cryptographic identities. SPIRE is an open-source system that implements the SPIFFE specification in a wide variety of environments.

Project Cosigno Extends SPIRE

Project Cosigno extends SPIRE by including a web-based management console, operator logging, and integration into enterprise SSO, IAM, and SIEM management platforms. It also enables enterprises to easily re-use their existing on-premise service authentication protocols (such as Kerberos and OAuth) upon their burgeoning dynamic computing platforms, including cloud and containers. 

PROJECT COSIGNO USE CASES

Extend Kerberos based authentication to cloud

The solution securely issues short-lived credentials from on-premises identity providers (IdPs) such as Active Directory to cloud and container-based services.

Secure database authentication

The solution enables rapid and secure authentication with popular databases such as MySQL and PostgreSQL.

Secretless authentication into cloud providers

Project Cosigno-issued identities (X.509 certificates) directly authenticate to public cloud providers using OpenID Connect (OIDC) federation.

Demo Request

See how Project Cosigno enables zero trust by issuing and brokering continuously attested, cryptographic service identity across cloud, container and on-premise infrastructure.

Thank you

Thank for your interest. Someone from HPE will reach out to you within 2 business days.