Zero Trust Infrastructure Automation with Twingate

by Alex Marshall

Zero Trust Infrastructure Automation with Twingate

One of the challenges with introducing a new technology paradigm like Zero Trust into an established organization is the level of change that can be required, from infrastructure to end users. The reason that we founded Twingate is that we firmly believe that with the right combination of thoughtful product design, smart automation, and powerful underlying technology, the migration to a Zero Trust security model can be surprisingly simple. Our team is energized by working on this mission every day, and we’re extremely proud of the trust that our customers have put into our vision of a simpler, human-centric approach to network security and Zero Trust.

On the theme of ease of use, we’re excited to announce the availability of several new product developments that our team has been working hard on for the past several months. We know that the Zero Trust journey involves many different teams within companies, and in particular, involves a close collaboration between IT and DevOps.

Today’s updates not only make collaboration between these teams easier, but also introduce the ability to apply consistent controls across users and automated processes alike. These new features are part of our long-term roadmap to bring powerful automation capabilities to Twingate and make deploying, managing, and maintaining a Zero Trust security posture easy for companies of all sizes.

Service accounts: secure access for services

One of our top customer requests this year has been for Twingate to support Zero Trust controls for automated processes such as CI/CD pipelines and other unattended tasks. Automated processes often need authorization to privileged resources, which can be both difficult to secure and complex to manage, particularly since rules typically depend on static configurations of network routes and firewalls.

This need for access was previously only solved by either deploying automated processes or applications directly into the privileged network, or by using a legacy VPN connection to achieve the same end goal. Both of these approaches have potential security shortcomings, typically mitigated by complex and brittle rules, which compounds the overhead of maintenance over time. Add the need to authorize third party SaaS applications into this picture, and you have a recipe for both complexity and potential vulnerabilities.

CircleCI Staging Service Account

Twingate’s service accounts address these issues by solving the primary pain points:

  • Apply consistent controls across end users and services, all in one place. Service accounts are a first-class citizen in Twingate’s existing Zero Trust architecture, so you can easily assign access to existing resources—or define new ones—in your Twingate admin console, giving you a single view of access across your network and organization.
  • Easily integrate with existing processes. Twingate’s Linux and Windows clients now support “headless” modes, allowing you to connect using service account credentials in a single command line. This allows easy deployment in either proprietary or third party applications such as Github Actions.
  • Instantly modify access rules as needs change. There is no longer any need to modify firewall rules or re-configure IP allow list configurations. Authorization rules can be modified and keys can be rotated and revoked, ensuring that access remains current without needing to deploy potentially disruptive network changes.

To make it easy to get started, we’ve provided example configuration profiles for both CircleCI and Github Actions. If you are using either a different CI/CD pipeline or custom automation, these examples can be used as templates to automate starting up Twingate in headless mode and providing programmatic access to protected resources in any scenario.

Service accounts are now available for any Enterprise tier customer, and the latest Linux and Windows clients both support service account headless modes.

Twingate’s Terraform Provider and Admin API

Infrastructure-as-Code has revolutionized the ability to deploy, maintain, and manage complex infrastructure deployments at scale. Infrastructure deployment is primarily concerned with properly supporting core applications and services, with remote access often deployed after infrastructure has been designed. This is often because infrastructure and access are handled by different teams, in conflict with each other’s goals, or both.

Our goal in supporting our Terraform Provider is to bring Zero Trust access into the infrastructure planning conversation. By making it as simple as adding a few lines of code to your Terraform configuration to deploy a Twingate connector, secure access now becomes an integral part of your configuration, allowing changes to be made seamlessly as your infrastructure changes.

Twingate Terraform

Customers are using our Terraform Provider to:

  • Automatically define and assign Twingate resources as they are deployed in Terraform.
  • Scale and deploy connectors as usage and needs change.
  • Ensure that their deployment is up to date with every configuration update.

Our Terraform Provider is made possible by our Admin API, which we aim to maintain at parity with our interactive product functionality. Although we spend effort ensuring that our admin console offers high quality experience, we’re delighted to see many of our customers automating their Twingate deployments using both our Admin API and our Terraform Provider.

Powered by our customer community

We’ve invested heavily in automation at Blend and Twingate is a powerful platform that allows us to programmatically deploy and maintain a zero trust approach to our infrastructure.

- Paul Guthrie, Information Security Officer at Blend

Since our public launch last year, we’ve been humbled by the reception we’ve received from companies all around the world. With the acceleration of cloud adoption and increasingly distributed workforces, it’s clear that the legacy, perimeter-based models are quickly being left behind in favor of modern zero trust approaches.

One of the most energizing aspects of building Twingate is the opportunity to partner with our customers. We work with some of the most innovative companies in the world, and we pool our expertise with our community to develop our roadmap. In particular, the teams at The Pill Club and Frame.io were terrific sounding boards for our approach to service accounts — huge thanks!

New Customers Logo Wall

The ease of use with the terraform provider really sealed the deal for me.

- One of our favorite quotes from a DevOps engineer

We pride ourselves on being customer-driven to help us shape our roadmap and we’re thrilled to welcome some fantastic new members to the Twingate community over the past few months. These companies are some of the fastest-growing, most innovative organizations in their markets and we look forward to partnering with them to bring our vision of simple, human-centric security to life.

This is just the beginning

We have made a lot of headway in 2021, but we are just getting started and can’t wait to share more capabilities in the months to come. Our mission is to make Zero Trust easy for companies of all sizes, so give Twingate a try for free today. We’d love to hear what you think.

"We evaluated several competing vendors for zero trust and Twingate was clearly the easiest to deploy. We got Twingate up in minutes."
Christian Trummer
CTO at Bitpanda

Get set up in minutes

Try Twingate today and give your team access to private applications in minutes