Happy New Year from Noq!

Happy New Year from Noq! 

Introducing IAMOps

Every Cloud practitioner has had their own individual irritations with IAM, but as adoption accelerates across the enterprise, separate Dev, Sec, and Ops teams struggle to scale IAM securely. Noq is here to help increase developer velocity, reduce security risks, and increase operational efficiency – all at the same time.

Just as DevOps emerged to empower developers to “shift-left” the responsibility and authority to deploy code changes to production, Noq is investing in IAMOps so developers can share responsibility for Cloud security with self-service workflows – without waiting for approval from administrators. As we put it in our post, Paving a Path to Least-Privilege:

IAMOps are how Dev, Sec, and Ops teams share responsibility for operating Cloud IAM at least privilege, with less effort

Here are a few concrete cases to illustrate those abstractions:

• Choose the right role
  Developers can climb a ladder of cookie-cutter roles: from limited levels, by default; to asking for admin access, temporarily; or break-glass to respond to incidents, instantly. Noq integrates with single sign-on identity providers to associate individuals and teams with AWS IAM identities and allows for customized IAMOps processes.

• Design the right policies
  Operation teams can offer users smarter self-service wizards that allow users to request access or permissions in plain language. Such requests will be routed to the right teams, or simply automatically approved if they’re considered low-risk by the team. 

• Guard the right resources
  Security can get straight answers about who can access what, and how that access was acquired. Compliance reviews require unraveling several layers of AWS policy evaluation logic that Noq automatically analyzes for privilege escalation risks. By simplifying permissions and subtracting unused ones, even wildcards aren’t wild cards anymore.

Checking your privilege

The original inspiration for Noq was ConsoleMe, an open-source service created at Netflix to make it easier to operate without permanent privileges. Freedom and responsibility for developers clashed with efforts by the cloud infrastructure security team to reduce excessive over-privilege and meet compliance standards. ConsoleMe enabled developers to easily get the minimum necessary permissions for themselves and their applications, while also reducing friction. 

Provide too few permissions, though, and some services might stop working. Until users get up-and-running again, the time it takes to restore access is tantamount to an outage. The duration of each interruption indicates how much effort developers and operations teams invest by operating at the lower-bound of least-privilege. These tradeoffs and moving targets make Cloud security “a Journey, not a Destination.” 

We developed NoqMeter to calculate the costs and benefits of improving IAMOps, and to help our design partners gain a deeper understanding of their cloud environment and the security tradeoffs they are making. It provides a summary of CloudTrail statistics and collects IAM configuration data without requiring access to a customer's entire environment via the Noq Platform. As a result, NoqMeter has proven to be an effective tool for identifying qualified leads.

DevOps and IAMOps are both better -as-Code

Noq provides a centralized location for up-to-date visibility, management, and organization-wide controls. Unlike infrastructure as code (IaC) tools that only operate within a single account, Noq offers these features across multiple accounts, and even multiple organizations.

The Noq platform allows customers to review and apply requested changes to their cloud environment without giving Noq direct write access. The platform provides a clear and concise overview of the changes that are being requested.

Noq in the New Year 

We’ve learned a lot during our first year while assembling a world-class team, including our new Head of Design, Noah Iliinsky, who helped design Quicksight at AWS. We’re also on the lookout for hiring great SRE leaders and eager Python developers. Please apply at hello@noq.dev.

In the coming year, we are excited to assist more design partners in addressing the complexities of cloud security through Noq's IAMOps solutions, which offer safe, strong, and intelligent approaches to granting, obtaining, and protecting access.