To the cloud and beyond: delivering policy-driven authorization for cloud applications and data lakes
Report
Share
•3 likes•265 views
To the cloud and beyond: delivering policy-driven authorization for cloud applications and data lakes
•3 likes•265 views
Report
Share
Download to read offline
In this presentation delivered at the European Identity Conference, I discuss how externalized dynamic authorization management based on attributes and policies (ABAC and PBAC) have evolved to cater to securing cloud capabilities such as S3, Databricks, and so on.
Recommended
More Related Content
What's hot
![Service Mesh in the Real World [Raleigh NC Meetup]](https://cdn.slidesharecdn.com/ss_thumbnails/service-mesh-real-world-191016164816-thumbnail.jpg?width=384&fit=bounds)
What's hot(20)
![Service Mesh in the Real World [Raleigh NC Meetup]](https://cdn.slidesharecdn.com/ss_thumbnails/service-mesh-real-world-191016164816-thumbnail.jpg?width=768&fit=bounds)
Similar to To the cloud and beyond: delivering policy-driven authorization for cloud applications and data lakes
Similar to To the cloud and beyond: delivering policy-driven authorization for cloud applications and data lakes(20)
More from David Brossard
More from David Brossard(6)
Recently uploaded
Recently uploaded(20)
To the cloud and beyond: delivering policy-driven authorization for cloud applications and data lakes
- 1. EIC 2019 - To the Cloud and Beyond Delivering Policy-Driven Authorization for Cloud Applications and Data Lakes David Brossard VP Customer Relations | IDPro Founding Member | OASIS XACML Member
- 2. © Axiomatics 2019 - All Rights Reserved Enterprises are all going to cloud Photo by Dallas Reedy on Unsplash
- 3. © Axiomatics 2019 - All Rights Reserved 3Photo by Elvir K on Unsplash One approach is shift and lift (business as usual – you just run on cloud metal)
- 4. © Axiomatics 2019 - All Rights Reserved 4Photo by Daniel McCullough on Unsplash Another is design from scratch (leverage cloud capabilities – PaaS – containers)
- 5. © Axiomatics 2019 - All Rights Reserved 5 Technology Trends To the Cloud and Beyond: Delivering Policy-Driven Authorization for Cloud Applications and Data Lakes ⁃ Architectures ⁃ APIs everywhere ⁃ Microservices, service mesh ⁃ Serverless, event-driven ⁃ Development paradigms ⁃ Distributed applications built by small independent teams ⁃ DevSecOps ⁃ Cloud deployment ⁃ Hybrid clouds ⁃ Migration & repatriation ⁃ Data in the cloud ⁃ Serverless relational databases and data warehouses ⁃ Managed Hadoop services ⁃ Extreme scale to many ⁃ Applications and microservices ⁃ Devices ⁃ Data records ⁃ Users and teams ⁃ Regulations
- 6. © Axiomatics 2019 - All Rights Reserved 6Photo by Harshal Desai on Unsplash Dynamic Authorization Decide at runtime – make the right decision Applicable to Applications, APIs, Microservices, Databases and Big Data
- 7. © Axiomatics 2019 - All Rights Reserved 7 ⁃ Run-time access control model whereby access to information resources is enforced through the evaluation of policies in an externalized and centralized authorization solution ⁃ Access to functions, transactions and data is enforced through contextual attributes that consider the who, what, when, where, how and why of an access request Dynamic Authorization Management To the Cloud and Beyond: Delivering Policy-Driven Authorization for Cloud Applications and Data Lakes
- 8. © Axiomatics 2019 - All Rights Reserved Authorization as a reusable building block
- 9. © Axiomatics 2019 - All Rights Reserved Authorization that scales
- 10. © Axiomatics 2019 - All Rights Reserved Elastic Authorization
- 11. © Axiomatics 2019 - All Rights Reserved Policy-Based Authorization (Use ALFA – the abbreviated language for AuthZ) Photo by Helloquence on Unsplash
- 12. © Axiomatics 2019 - All Rights Reserved Authorization as a sidecar / microservice
- 13. © Axiomatics 2019 - All Rights Reserved Cloud-Native Authorization (the twelve-factor app)
- 14. © Axiomatics 2019 - All Rights Reserved 14 ⁃ An implementation that follows the twelve-factor app ⁃ Authorization that can be containerized natively ⁃ Docker ⁃ Authorization that can be orchestrated by the cloud ⁃ Kubernetes ⁃ Authorization that can run in any major cloud platform ⁃ AWS – leverage AWS Beanstalk ⁃ GCP ⁃ Azure ⁃ Pivotal… Cloud Native Authorization To the Cloud and Beyond: Delivering Policy-Driven Authorization for Cloud Applications and Data Lakes
- 15. © Axiomatics 2019 - All Rights Reserved Protect multiple endpoints (PaaS / SaaS) (Databricks, S3, AWS RDS…) Photo by Rock'n Roll Monkey on Unsplash
Editor's Notes
- Everyone is moving to the cloud
- I. Codebase One codebase tracked in revision control, many deploys II. Dependencies Explicitly declare and isolate dependencies III. Config Store config in the environment IV. Backing services Treat backing services as attached resources V. Build, release, run Strictly separate build and run stages VI. Processes Execute the app as one or more stateless processes VII. Port binding Export services via port binding VIII. Concurrency Scale out via the process model IX. Disposability Maximize robustness with fast startup and graceful shutdown X. Dev/prod parity Keep development, staging, and production as similar as possible XI. Logs Treat logs as event streams XII. Admin processes Run admin/management tasks as one-off processes