Cloud
Cybersecurity
Security
June 28, 2023 By Henrik Loeser 3 min read

Trusted profiles can serve as a foundation for secure cloud environments and as a building block for secure cloud solutions. In our new IBM Cloud solution tutorial, you are going to learn about trusted profiles, their use cases and how to utilize them for enhanced security.

Cloud environments and cloud security are always changing and evolving. If you are interested in or have to care about cloud security, you should be interested in our new IBM Cloud solution tutorial.

It looks at a feature of Identity and Access Management (IAM) that provides a special identity and can be used for access policies: Trusted profiles. You’ll learn about trusted profiles and then can follow the tutorial to create and utilize a trusted profile and discover and interpret related security logs. Get started to enhance security in your cloud environments.

Solution architecture for app performing privileged tasks.

New tutorial

In our new tutorial Use trusted profiles as foundation for secure cloud environments, we give an overview of what trusted profiles are and their typical use cases.

Similar to users and service IDs, trusted profiles are a type of identity supported by IBM Cloud Identity and Access Management (IAM). As such, they can be granted access in IAM policies. A difference from users and service IDs is that trusted profiles cannot own IAM API keys or, like users, may have passwords. They are an identity within a specific account that serves as a “gateway” for someone or something else to work within that account without the need for an API key. They can assume the identity of that trusted profile.

In the tutorial, you will learn how to use one of these gateways. You are going to create a trusted profile that is used by an application deployed to a Kubernetes cluster (see the architecture diagram above). You configure the trusted profile to accept the application in its namespace as a trusted environment—a so-called compute resource. With that, the app can switch to the identity of a specific trusted profile and perform (privileged administrative) tasks in the IBM Cloud account.

You will learn how to manage trusted profiles and to look for and understand related security logs. The screenshot below shows parts of an event logged to IBM Cloud Activity Tracker. It lists the trusted profile that was used for a request and information on the compute resource that was utilized to assume the identity.

Activity Tracker log record for security event.

Get started

To learn about trusted profiles and their role for secure cloud environments, check out our new tutorial.

Use trusted profiles as a foundation for secure cloud environments

The steps in the tutorial are all performed in the web browser. Moreover, the tutorial uses a pre-built container image for the app, so you don’t need to prepare. But if you are curious and want to learn more, then we can help. The source code for the Python app and its Dockerfile are available in a GitHub repository.

If you have feedback, suggestions, or questions about this post, please reach out to me on Twitter (@data_henrik), Mastodon (@data_henrik@mastodon.social) or LinkedIn.

Was this article helpful?
YesNo

Tags

Henrik Loeser
Technical Offering Manager / Developer Advocate

More from Cloud
May 29, 2024

IBM Cloud Reference Architectures unleashed

2 min read - The ability to onboard workloads to cloud quickly and seamlessly is paramount to accelerate enterprises digital transformation journey. At IBM Cloud, we're thrilled to introduce the IBM Cloud® Reference Architectures designed to empower clients, technical architects, strategists and partners to revolutionize the way businesses harness the power of the cloud. VPC resiliency: Strengthening your foundation Explore the resilience of IBM Cloud Virtual Private Cloud through our comprehensive resources. Dive into our VPC Resiliency white paper, a blueprint for building robust…

May 23, 2024

Enhance your data security posture with a no-code approach to application-level encryption

4 min read - Data is the lifeblood of every organization. As your organization’s data footprint expands across the clouds and between your own business lines to drive value, it is essential to secure data at all stages of the cloud adoption and throughout the data lifecycle. While there are different mechanisms available to encrypt data throughout its lifecycle (in transit, at rest and in use), application-level encryption (ALE) provides an additional layer of protection by encrypting data at its source. ALE can enhance…

May 23, 2024

Attention new clients: exciting financial incentives for VMware Cloud Foundation on IBM Cloud

4 min read - New client specials: Get up to 50% off when you commit to a 1- or 3-year term contract on new VCF-as-a-Service offerings, plus an additional value of up to USD 200K in credits through 30 June 2025 when you migrate your VMware workloads to IBM Cloud®.1 Low starting prices: On-demand VCF-as-a-Service deployments begin under USD 200 per month.2 The IBM Cloud benefit: See the potential for a 201%3 return on investment (ROI) over 3 years with reduced downtime, cost and…

IBM Newsletters

 Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters