Smallstep

We've created a lightweight Okta? SSO integration for device identity, that offers the strongest possible guarantee that your Okta apps are only available on trusted devices. Now you can lock down your most sensitive resources with next-gen device authentication?? But how does it work? ?? Our cross-platform desktop application issues every authorized device a cryptographic ID that’s bound to a device’s silicon. Unlike a security token or a key file, it cannot be brought to another device. This feature strongly constrains any attack surface area involving sensitive resources. ?? Check out the demo from Carl Tashian on the Smallstep blog: https://hubs.ly/Q02Mbl4t0 If you'd like to speak with someone on our team to learn more about how this solution ups your game from the standard Okta Device Identity, reach out to us! https://lnkd.in/gXA6RekK

Headed to RSA Conference or DEF CON this year?? We’ll see you there! ??

Revolutionizing Mac Security with Jamf Pro and Smallstep??: How can we ensure a higher level of security for Macs in today's interconnected world? Our new podcast episode discusses how device identity is a game-changer, offering insights on integration, automation, and enhanced security strategies. Whether you're managing the devices or safeguarding sensitive data, you won’t want to miss this episode. Check it out on our podcast series today! https://lnkd.in/gb9nEDMN

Now live on the Jamf Marketplace! ??

Listen on your favorite podcast platform ??

?? Are we finally seeing the end of VPNs? Or do they still have a place in enterprise security? We’ve seen it over and over—compromised VPN credentials lead to full network breaches. And once inside, attackers can scan for vulnerabilities, steal data, and move laterally. The problem? VPNs trust too much. They assume that if you have the credentials, you should have access. But who holds the key to a lock should matter. That’s why companies like Apple are excited about MASQUE Network Relays—a more secure, faster, and fine-grained way to manage remote access. Instead of granting network-wide access, MASQUE Network Relays: ?? Verifies device identity before allowing a connection ?? Restricts access to only specific applications, not entire subnets ? Uses QUIC & HTTP/3 for better security and lower latency Read the full breakdown here ?? https://hubs.ly/Q0355gg80

??An ex-employee still has access to your servers. Their SSH key was never removed. No one noticed. And since SSH keys never expire, that access could last forever. Now imagine a different world—where SSH credentials automatically expire, role-based access is enforced, and you don’t have to manually distribute or revoke keys. That world exists, and it’s powered by SSH certificates. But most engineers don't know much about SSH certificates, compared to their precious X509 certificates. In this article, we explain how they're different and how SSH certificates work. ?? Read the full post:https://hubs.ly/Q0356-tt0

Are VPNs still the best option for secure remote access, or is it time to rethink our approach? They’ve been the standard for remote access for years, but they come with a fundamental problem—they often grant broad access once a user logs in. If credentials get compromised, attackers can scan networks, move laterally, and access sensitive resources with little resistance. The question isn’t whether VPNs work—it’s whether they’re the best option we have today. That’s where MASQUE relays come in, and we're so excited about them. ? They’re built on QUIC & HTTP/3, making connections faster and more efficient. ??? They enforce application-level access, so users only reach what they need. In our latest blog, we break down: ? Why major platforms like Apple are shifting towards MASQUE ? How MASQUE relays provide more control with less risk ?The biggest security gap in traditional VPNs ?? Read more here: https://hubs.ly/Q0355ggK0

?? Ever wondered how companies secure their most valuable data? Our new AI podcast series has answers! Join us for the premiere episode, "Unlocking the Future: High Assurance Device Identity," as we explore the revolutionary role of ACME DA in digital security. This is just the beginning—future episodes will delve deeper into game-changing tech solutions. Don't miss out! ???? #Podcast #DataSecurity https://lnkd.in/gGjvFi3V

Have you tried this year’s Holiday Project yet?! Carl Tashian and Mariano Cano have devised a delightful Capture the Flag style challenge. Complete the challenge AND the 2024 Device Identity survey for TWO chances to win ???? Find the links to both by checking out the blog ???♀?