-
Tags
-
Author
-
José Luis Pereira, Co-Founder & CTO
-
March 11, 2020
We’re very excited to announce our new feature - wildcard domain support to access resources. It is an important milestone for Fyde’s product arsenal since it will help companies, especially those that don't yet have a complete list of resources/workloads documented and configured. It will speed the adoption of the Zero Trust model and help companies transition and migrate from legacy systems. How?
Aggregate dynamically created servers with ease
Let’s say you have a set of servers that serve a similar purpose, such as your CI/CD servers. Typically, when deploying a Zero Trust access solution, you would have to register each resource individually and assign a similar policy to each. The wildcard support feature simplifies this task by adding a wildcard “*.” to the hostname, such as *.ci.acmecorp.local. This allows you to safely automate these tasks.
Simplify access to recycling servers
If you have many servers that are constantly recycled with constantly changing hostnames, such as in a cloud setup, it can be hard to continuously track and register/deregister resources. With the wildcard feature, you will be able to access those servers as long as you registered them with a wildcard and in a way that matches the hostname.
Transition to Zero Trust faster
The Wildcard feature helps companies transition to the Zero Trust model faster and in a more efficient way. Imagine that you have a 10-year-old company. You are not entirely sure which resources employees access regularly.
How would you go about registering them? Instead of blocking access to everything upfront and setting up IT admins for a flood of support tickets, you can use Fyde wildcard support. First, add a wildcard for subdomains of your internal resources. This will match all the relevant resources and allow everyone from the company to access them. Users will have time to adapt to the new product. Then, it will be easier for you to start spotting patterns and transition to more specific resources and policies, as Zero Trust dictates.
Role and attribute-based security controls
In theory, when you add a wildcard it means that all the other domains or hostnames that have that main component will be accessed. If someone erroneously registers a server that has a hostname that matches the wildcard, the resources will be accessible within that policy. However, Fyde’s role-based and access-based attributes help to ensure that only the right people access the right resources with the right device. Be mindful of that when setting up policies.
Is wildcard support an anti-pattern for Zero Trust? Some people would say yes. However, we need to have a balance between ease of use and deployment of a new system and security. Wildcard support should be the first step towards transitioning to a full Zero Trust system.
Learn more about how Fyde implements Zero Trust:
Zero Trust security: the ultimate guide
How Fyde implements Zero Trust to enhance security and productivity