Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

To the cloud and beyond: delivering policy-driven authorization for cloud applications and data lakes

73 views

Published on

In this presentation delivered at the European Identity Conference, I discuss how externalized dynamic authorization management based on attributes and policies (ABAC and PBAC) have evolved to cater to securing cloud capabilities such as S3, Databricks, and so on.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

To the cloud and beyond: delivering policy-driven authorization for cloud applications and data lakes

  1. 1. EIC 2019 - To the Cloud and Beyond Delivering Policy-Driven Authorization for Cloud Applications and Data Lakes David Brossard VP Customer Relations | IDPro Founding Member | OASIS XACML Member
  2. 2. © Axiomatics 2019 - All Rights Reserved Enterprises are all going to cloud Photo by Dallas Reedy on Unsplash
  3. 3. © Axiomatics 2019 - All Rights Reserved 3Photo by Elvir K on Unsplash One approach is shift and lift (business as usual – you just run on cloud metal)
  4. 4. © Axiomatics 2019 - All Rights Reserved 4Photo by Daniel McCullough on Unsplash Another is design from scratch (leverage cloud capabilities – PaaS – containers)
  5. 5. © Axiomatics 2019 - All Rights Reserved 5 Technology Trends To the Cloud and Beyond: Delivering Policy-Driven Authorization for Cloud Applications and Data Lakes ⁃ Architectures ⁃ APIs everywhere ⁃ Microservices, service mesh ⁃ Serverless, event-driven ⁃ Development paradigms ⁃ Distributed applications built by small independent teams ⁃ DevSecOps ⁃ Cloud deployment ⁃ Hybrid clouds ⁃ Migration & repatriation ⁃ Data in the cloud ⁃ Serverless relational databases and data warehouses ⁃ Managed Hadoop services ⁃ Extreme scale to many ⁃ Applications and microservices ⁃ Devices ⁃ Data records ⁃ Users and teams ⁃ Regulations
  6. 6. © Axiomatics 2019 - All Rights Reserved 6Photo by Harshal Desai on Unsplash Dynamic Authorization Decide at runtime – make the right decision Applicable to Applications, APIs, Microservices, Databases and Big Data
  7. 7. © Axiomatics 2019 - All Rights Reserved 7 ⁃ Run-time access control model whereby access to information resources is enforced through the evaluation of policies in an externalized and centralized authorization solution ⁃ Access to functions, transactions and data is enforced through contextual attributes that consider the who, what, when, where, how and why of an access request Dynamic Authorization Management To the Cloud and Beyond: Delivering Policy-Driven Authorization for Cloud Applications and Data Lakes
  8. 8. © Axiomatics 2019 - All Rights Reserved Authorization as a reusable building block
  9. 9. © Axiomatics 2019 - All Rights Reserved Authorization that scales
  10. 10. © Axiomatics 2019 - All Rights Reserved Elastic Authorization
  11. 11. © Axiomatics 2019 - All Rights Reserved Policy-Based Authorization (Use ALFA – the abbreviated language for AuthZ) Photo by Helloquence on Unsplash
  12. 12. © Axiomatics 2019 - All Rights Reserved Authorization as a sidecar / microservice
  13. 13. © Axiomatics 2019 - All Rights Reserved Cloud-Native Authorization (the twelve-factor app)
  14. 14. © Axiomatics 2019 - All Rights Reserved 14 ⁃ An implementation that follows the twelve-factor app ⁃ Authorization that can be containerized natively ⁃ Docker ⁃ Authorization that can be orchestrated by the cloud ⁃ Kubernetes ⁃ Authorization that can run in any major cloud platform ⁃ AWS – leverage AWS Beanstalk ⁃ GCP ⁃ Azure ⁃ Pivotal… Cloud Native Authorization To the Cloud and Beyond: Delivering Policy-Driven Authorization for Cloud Applications and Data Lakes
  15. 15. © Axiomatics 2019 - All Rights Reserved Protect multiple endpoints (PaaS / SaaS) (Databricks, S3, AWS RDS…) Photo by Rock'n Roll Monkey on Unsplash

×