Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
EIC 2019 - To the Cloud and Beyond
Delivering Policy-Driven Authorization for Cloud Applications and Data Lakes
David Bros...
© Axiomatics 2019 - All Rights Reserved
Enterprises are all going to cloud
Photo by Dallas Reedy on Unsplash
© Axiomatics 2019 - All Rights Reserved 3Photo by Elvir K on Unsplash
One approach is shift and lift
(business as usual – ...
© Axiomatics 2019 - All Rights Reserved 4Photo by Daniel McCullough on Unsplash
Another is design from scratch
(leverage c...
© Axiomatics 2019 - All Rights Reserved 5
Technology Trends
To the Cloud and Beyond: Delivering Policy-Driven Authorizatio...
© Axiomatics 2019 - All Rights Reserved 6Photo by Harshal Desai on Unsplash
Dynamic Authorization
Decide at runtime – make...
© Axiomatics 2019 - All Rights Reserved 7
⁃ Run-time access control model
whereby access to information
resources is enfor...
© Axiomatics 2019 - All Rights Reserved
Authorization as a reusable building block
© Axiomatics 2019 - All Rights Reserved
Authorization that scales
© Axiomatics 2019 - All Rights Reserved
Elastic Authorization
© Axiomatics 2019 - All Rights Reserved
Policy-Based Authorization
(Use ALFA – the abbreviated language for AuthZ)
Photo b...
© Axiomatics 2019 - All Rights Reserved
Authorization as a sidecar / microservice
© Axiomatics 2019 - All Rights Reserved
Cloud-Native Authorization
(the twelve-factor app)
© Axiomatics 2019 - All Rights Reserved 14
⁃ An implementation that follows the twelve-factor app
⁃ Authorization that can...
© Axiomatics 2019 - All Rights Reserved
Protect multiple endpoints (PaaS / SaaS)
(Databricks, S3, AWS RDS…)
Photo by Rock'...
Upcoming SlideShare
Loading in …5
×

of

To the cloud and beyond: delivering policy-driven authorization for cloud applications and data lakes Slide 1 To the cloud and beyond: delivering policy-driven authorization for cloud applications and data lakes Slide 2 To the cloud and beyond: delivering policy-driven authorization for cloud applications and data lakes Slide 3 To the cloud and beyond: delivering policy-driven authorization for cloud applications and data lakes Slide 4 To the cloud and beyond: delivering policy-driven authorization for cloud applications and data lakes Slide 5 To the cloud and beyond: delivering policy-driven authorization for cloud applications and data lakes Slide 6 To the cloud and beyond: delivering policy-driven authorization for cloud applications and data lakes Slide 7 To the cloud and beyond: delivering policy-driven authorization for cloud applications and data lakes Slide 8 To the cloud and beyond: delivering policy-driven authorization for cloud applications and data lakes Slide 9 To the cloud and beyond: delivering policy-driven authorization for cloud applications and data lakes Slide 10 To the cloud and beyond: delivering policy-driven authorization for cloud applications and data lakes Slide 11 To the cloud and beyond: delivering policy-driven authorization for cloud applications and data lakes Slide 12 To the cloud and beyond: delivering policy-driven authorization for cloud applications and data lakes Slide 13 To the cloud and beyond: delivering policy-driven authorization for cloud applications and data lakes Slide 14 To the cloud and beyond: delivering policy-driven authorization for cloud applications and data lakes Slide 15
Upcoming SlideShare
What to Upload to SlideShare
Next
Download to read offline and view in fullscreen.

2 Likes

Share

Download to read offline

To the cloud and beyond: delivering policy-driven authorization for cloud applications and data lakes

Download to read offline

In this presentation delivered at the European Identity Conference, I discuss how externalized dynamic authorization management based on attributes and policies (ABAC and PBAC) have evolved to cater to securing cloud capabilities such as S3, Databricks, and so on.

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

To the cloud and beyond: delivering policy-driven authorization for cloud applications and data lakes

  1. 1. EIC 2019 - To the Cloud and Beyond Delivering Policy-Driven Authorization for Cloud Applications and Data Lakes David Brossard VP Customer Relations | IDPro Founding Member | OASIS XACML Member
  2. 2. © Axiomatics 2019 - All Rights Reserved Enterprises are all going to cloud Photo by Dallas Reedy on Unsplash
  3. 3. © Axiomatics 2019 - All Rights Reserved 3Photo by Elvir K on Unsplash One approach is shift and lift (business as usual – you just run on cloud metal)
  4. 4. © Axiomatics 2019 - All Rights Reserved 4Photo by Daniel McCullough on Unsplash Another is design from scratch (leverage cloud capabilities – PaaS – containers)
  5. 5. © Axiomatics 2019 - All Rights Reserved 5 Technology Trends To the Cloud and Beyond: Delivering Policy-Driven Authorization for Cloud Applications and Data Lakes ⁃ Architectures ⁃ APIs everywhere ⁃ Microservices, service mesh ⁃ Serverless, event-driven ⁃ Development paradigms ⁃ Distributed applications built by small independent teams ⁃ DevSecOps ⁃ Cloud deployment ⁃ Hybrid clouds ⁃ Migration & repatriation ⁃ Data in the cloud ⁃ Serverless relational databases and data warehouses ⁃ Managed Hadoop services ⁃ Extreme scale to many ⁃ Applications and microservices ⁃ Devices ⁃ Data records ⁃ Users and teams ⁃ Regulations
  6. 6. © Axiomatics 2019 - All Rights Reserved 6Photo by Harshal Desai on Unsplash Dynamic Authorization Decide at runtime – make the right decision Applicable to Applications, APIs, Microservices, Databases and Big Data
  7. 7. © Axiomatics 2019 - All Rights Reserved 7 ⁃ Run-time access control model whereby access to information resources is enforced through the evaluation of policies in an externalized and centralized authorization solution ⁃ Access to functions, transactions and data is enforced through contextual attributes that consider the who, what, when, where, how and why of an access request Dynamic Authorization Management To the Cloud and Beyond: Delivering Policy-Driven Authorization for Cloud Applications and Data Lakes
  8. 8. © Axiomatics 2019 - All Rights Reserved Authorization as a reusable building block
  9. 9. © Axiomatics 2019 - All Rights Reserved Authorization that scales
  10. 10. © Axiomatics 2019 - All Rights Reserved Elastic Authorization
  11. 11. © Axiomatics 2019 - All Rights Reserved Policy-Based Authorization (Use ALFA – the abbreviated language for AuthZ) Photo by Helloquence on Unsplash
  12. 12. © Axiomatics 2019 - All Rights Reserved Authorization as a sidecar / microservice
  13. 13. © Axiomatics 2019 - All Rights Reserved Cloud-Native Authorization (the twelve-factor app)
  14. 14. © Axiomatics 2019 - All Rights Reserved 14 ⁃ An implementation that follows the twelve-factor app ⁃ Authorization that can be containerized natively ⁃ Docker ⁃ Authorization that can be orchestrated by the cloud ⁃ Kubernetes ⁃ Authorization that can run in any major cloud platform ⁃ AWS – leverage AWS Beanstalk ⁃ GCP ⁃ Azure ⁃ Pivotal… Cloud Native Authorization To the Cloud and Beyond: Delivering Policy-Driven Authorization for Cloud Applications and Data Lakes
  15. 15. © Axiomatics 2019 - All Rights Reserved Protect multiple endpoints (PaaS / SaaS) (Databricks, S3, AWS RDS…) Photo by Rock'n Roll Monkey on Unsplash
  • Bibliomaniacal

    May. 6, 2020
  • DrSebastianRies

    Feb. 24, 2020

In this presentation delivered at the European Identity Conference, I discuss how externalized dynamic authorization management based on attributes and policies (ABAC and PBAC) have evolved to cater to securing cloud capabilities such as S3, Databricks, and so on.

Views

Total views

224

On Slideshare

0

From embeds

0

Number of embeds

0

Actions

Downloads

3

Shares

0

Comments

0

Likes

2

×