ConductorOne Releases Baton, First and Only Open Source Toolkit for Auditing Infrastructure Access
Developers and security engineers can use the Baton connectors to extract, normalize, and interact with user account and access data in any IaaS, SaaS, or on-prem application
PORTLAND, Ore., December 6, 2022 /PRNewswire/ — ConductorOne, Inc. announced the open sourcing of their identity connectors under the Apache 2.0 license in a project called Baton. Each connector gives developers the ability to extract, normalize, and interact with workforce identity data such as user accounts, permissions, roles, groups, resources, and more, so they can audit infrastructure access, start to automate user access reviews, and enforce the principle of least privilege.
Understanding user permissions across internal applications and infrastructure is a tedious exercise, requiring downloads or screenshots from each app, makeshift python scripting, inconsistent spreadsheets of unstructured data, and a never-ending cycle of that data going stale. Security engineers are tasked with getting this identity data to secure infrastructure access, for user access reviews, and to investigate security incidents. Without access to identity data in a normalized format it’s difficult to accomplish any of those tasks without a lot of manual effort and time.
With the belief that identity data should be visible, understandable, extensible, and usable for anyone, the engineers at ConductorOne spent over two years building Baton, and are now making it available to everyone.
“We believe everyone, whether our customer or not, should have access to their own identity data,” said Paul Querna, CTO and co-founder of ConductorOne. “We decided to open source what we’ve built to support that belief. Identity data is the foundation for access control, and access control is the method for establishing zero trust. We hope that Baton helps any security team get one step closer to zero trust.”
The connectors provide an automated way to extract data like user accounts, permissions, roles, groups, and other access details from applications in a single, standardized output file that can be extended to any identity security or governance project. For example, run user access reviews on every repository in Github without manually going through each one, compare production role changes in AWS over a set
period of time, identify all of the resources and user permissions in your MySQL or Postgres database, or alert any time a contractor gets added to an Okta LDAP group.
Anyone can start using Baton today. Baton provides an SDK for any application from SaaS, IaaS, on-prem, home grown, to back office, and connectors for Okta, AWS, GitHub, MySQL, and Postgres with many more to come. Get started with a specific application by deploying the connector as a docker image hosted on-prem or in the cloud and adding application credentials. Each connector provides the source code to
audit behavior and data access for security purposes, and can also be forked to add custom sync, discovery, or provisioning logic. Use the SDK to start building a new connector, available in Go language, or any language using buffers.
To get started, visit github.com/conductorone/baton Get inspiration from a tutorial, learn more in the documentation, or start building from Github today.