Successfully reported this slideshow.
Your SlideShare is downloading. ×

To the cloud and beyond: delivering policy-driven authorization for cloud applications and data lakes

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad

Check these out next

1 of 15 Ad

To the cloud and beyond: delivering policy-driven authorization for cloud applications and data lakes

Download to read offline

In this presentation delivered at the European Identity Conference, I discuss how externalized dynamic authorization management based on attributes and policies (ABAC and PBAC) have evolved to cater to securing cloud capabilities such as S3, Databricks, and so on.

In this presentation delivered at the European Identity Conference, I discuss how externalized dynamic authorization management based on attributes and policies (ABAC and PBAC) have evolved to cater to securing cloud capabilities such as S3, Databricks, and so on.

Advertisement
Advertisement

More Related Content

Slideshows for you (20)

Similar to To the cloud and beyond: delivering policy-driven authorization for cloud applications and data lakes (20)

Advertisement

Recently uploaded (20)

To the cloud and beyond: delivering policy-driven authorization for cloud applications and data lakes

  1. 1. EIC 2019 - To the Cloud and Beyond Delivering Policy-Driven Authorization for Cloud Applications and Data Lakes David Brossard VP Customer Relations | IDPro Founding Member | OASIS XACML Member
  2. 2. © Axiomatics 2019 - All Rights Reserved Enterprises are all going to cloud Photo by Dallas Reedy on Unsplash
  3. 3. © Axiomatics 2019 - All Rights Reserved 3Photo by Elvir K on Unsplash One approach is shift and lift (business as usual – you just run on cloud metal)
  4. 4. © Axiomatics 2019 - All Rights Reserved 4Photo by Daniel McCullough on Unsplash Another is design from scratch (leverage cloud capabilities – PaaS – containers)
  5. 5. © Axiomatics 2019 - All Rights Reserved 5 Technology Trends To the Cloud and Beyond: Delivering Policy-Driven Authorization for Cloud Applications and Data Lakes ⁃ Architectures ⁃ APIs everywhere ⁃ Microservices, service mesh ⁃ Serverless, event-driven ⁃ Development paradigms ⁃ Distributed applications built by small independent teams ⁃ DevSecOps ⁃ Cloud deployment ⁃ Hybrid clouds ⁃ Migration & repatriation ⁃ Data in the cloud ⁃ Serverless relational databases and data warehouses ⁃ Managed Hadoop services ⁃ Extreme scale to many ⁃ Applications and microservices ⁃ Devices ⁃ Data records ⁃ Users and teams ⁃ Regulations
  6. 6. © Axiomatics 2019 - All Rights Reserved 6Photo by Harshal Desai on Unsplash Dynamic Authorization Decide at runtime – make the right decision Applicable to Applications, APIs, Microservices, Databases and Big Data
  7. 7. © Axiomatics 2019 - All Rights Reserved 7 ⁃ Run-time access control model whereby access to information resources is enforced through the evaluation of policies in an externalized and centralized authorization solution ⁃ Access to functions, transactions and data is enforced through contextual attributes that consider the who, what, when, where, how and why of an access request Dynamic Authorization Management To the Cloud and Beyond: Delivering Policy-Driven Authorization for Cloud Applications and Data Lakes
  8. 8. © Axiomatics 2019 - All Rights Reserved Authorization as a reusable building block
  9. 9. © Axiomatics 2019 - All Rights Reserved Authorization that scales
  10. 10. © Axiomatics 2019 - All Rights Reserved Elastic Authorization
  11. 11. © Axiomatics 2019 - All Rights Reserved Policy-Based Authorization (Use ALFA – the abbreviated language for AuthZ) Photo by Helloquence on Unsplash
  12. 12. © Axiomatics 2019 - All Rights Reserved Authorization as a sidecar / microservice
  13. 13. © Axiomatics 2019 - All Rights Reserved Cloud-Native Authorization (the twelve-factor app)
  14. 14. © Axiomatics 2019 - All Rights Reserved 14 ⁃ An implementation that follows the twelve-factor app ⁃ Authorization that can be containerized natively ⁃ Docker ⁃ Authorization that can be orchestrated by the cloud ⁃ Kubernetes ⁃ Authorization that can run in any major cloud platform ⁃ AWS – leverage AWS Beanstalk ⁃ GCP ⁃ Azure ⁃ Pivotal… Cloud Native Authorization To the Cloud and Beyond: Delivering Policy-Driven Authorization for Cloud Applications and Data Lakes
  15. 15. © Axiomatics 2019 - All Rights Reserved Protect multiple endpoints (PaaS / SaaS) (Databricks, S3, AWS RDS…) Photo by Rock'n Roll Monkey on Unsplash

Editor's Notes

  • Everyone is moving to the cloud
  • I. Codebase
    One codebase tracked in revision control, many deploys
    II. Dependencies
    Explicitly declare and isolate dependencies
    III. Config
    Store config in the environment
    IV. Backing services
    Treat backing services as attached resources
    V. Build, release, run
    Strictly separate build and run stages
    VI. Processes
    Execute the app as one or more stateless processes
    VII. Port binding
    Export services via port binding
    VIII. Concurrency
    Scale out via the process model
    IX. Disposability
    Maximize robustness with fast startup and graceful shutdown
    X. Dev/prod parity
    Keep development, staging, and production as similar as possible
    XI. Logs
    Treat logs as event streams
    XII. Admin processes
    Run admin/management tasks as one-off processes

×