Trustle vs ConductorOne

If you’re a ConductorOne customer, you’re not alone when you ask your screen “why does this have to be so difficult?” From implementation to approval policies to understanding who actually needs their privileges, ConductorOne capabilities range from making you question yourself to completely impossible. Getting fully set up, aligning it to your company IAM policies, and actually verifying least privilege should be a starting point—but instead it’s an endless journey.

‍

ConductorOne - Implementation Challenges

The challenge with ConductorOne begins as early as the implementation phase. While Google Cloud and Atlassian have unified APIs, ConductorOne forces you to configure 3+ connectors for Google Cloud and 6+ connectors for Atlassian, before you’re able to review existing access and grant requests for new access. Even then, this only gives you surface level visibility that doesn’t match what you can see from within the platforms themselves.

‍

ConductorOne - Policy Learning Curves

When you finally get your connectors connected, you you then have to start defining your company’s policies. There are request policies, review policies, and revoke policies. And if you expect them to be set to a default that makes sense for most organizations, you're out of luck. ConductorOne requires you to become an expert in Common Expression Language (CEL) just to specify who should approve an access request to production or what to do to a user’s access when they leave the company.

‍

ConductorOne - Least Privilege Impossibilities

When you’re reviewing what access users have in ConductorOne, it’s normal to ask a single basic question: “But do these users need this?” Unfortunately, with the information available in the application, this question will never be answered. ConductorOne has been designed to “answer” this question the same way emails and tickets always have: you can ask someone else if Harry in Business Intelligence truly needs access to production data. You receive a rubber stamp response and tell your auditors that you're following least privilege principles. But do the users with the highest privileges ever use them? ConductorOne will never tell you. Because it doesn’t have any means to analyze audit logs and compare a user’s actions to the tens of thousands of AWS permissions granted to them.

‍

Trustle Makes All of this Easy

‍

• Minimal implementation effort
  For all integrations, Trustle requires a single connector, no matter the depth of analytics it delivers. Google Cloud entitlements, groups memberships, and the full analysis of its audit logs are all performed from a single connector.
• Policies without a learning curve
  There is no scripting language or new tool to learn. Trustle’s approval logic and leaver policies are laid out in plain English. Rules for all approvals are inherited from the common default for each integration, yet easily tweaked with the click of a button.
• Least privilege analysis from day 1
  As soon as you connect Trustle to AWS, Azure, GCP, or Snowflake, it will analyze all of your users’ permissions and all of their actions across your audit trail. You’ll be shown how over-privileged users are, and even if the accounts are completely unused.

You deserve better than ConductorOne’s "maybe someday" journey to least privilege. Trustle’s makes key IAM principles easy for even the smallest teams.