Dynamic Authorization and Policy Control for Microservice Environments скачать в хорошем качестве

Dynamic Authorization and Policy Control for Microservice Environments

Organizations use containerized workloads to build and deploy applications. Although diverse in nature these deployments must conform to company-wide constraints around cost, security, and performance. These constraints affect the entire stack, require state from multiple locations, and evolve over time thereby making it difficult to enforce them. The only sustainable, scalable way to enforce or even monitor security, compliance, and operational policies requires that those policies be taken out of PDFs, emails, wikis and hardcoded software and be written in a domain-agnostic programming language. In this talk, we will introduce the Open Policy Agent (OPA), an open source, general-purpose policy engine that was built to provide policy-as-code using a logic-based declarative language. We will discuss how companies like Netflix, Intuit, and CapitalOne have used OPA to enforce fine-grained security policies across a breadth of domains such as custom applications, container-management, i.e. Kubernetes, public clouds, server management etc. We will also demo a prevalent use-case that allows organizations to create secure applications that provide least-privilege access to sensitive resources by injecting OPA alongside their microservices. Main Takeaways: The attendees can expect to take away new ideas about how to enforce fine-grained authorization policies at scale across the stack in any system without requiring significant changes to their existing microservice architecture. They will also be able to create frameworks that result in OPA-powered secure microservices, irrespective of the diverse and unique components in their environments. About the Speaker Ash Narkar @ashtalk, Software Engineer at Styra | Maintainer - Open Policy Agent Ash Narkar is a maintainer of the Open Policy Agent project. Ash has over 5 years of experience working on large-scale distributed systems. Ash is a Senior Software Engineer at Styra, Inc. working on OPA development and integrations. Previously he was a Principal Engineer at Verizon Labs where he worked on their IoT platform. Ash also worked as a Software Engineer at Cyan, Inc. where he contributed to the core components of their SDN platform. Ash has presented the OPA project at KubeCon, Open Source Summit, Kubernetes meetups, and more SANS Institute Summits at https://www.sans.org/cyber-security-s... SANS Cloud Security Curriculum, https://www.sans.org/cloud-security/ SANS Cloud Security on Twitter: @SANSCloudSec SANS Cloud Security on LinkedIn:   / sanscloudsec