Defense In-Depth for API and DevOps Security

Posted by Nathanael Coffing on Jul 10, 2018 6:43:55 PM
Nathanael Coffing
Find me on:

 Authorization has come along way since setting bits in the file system. With the advancements in Machine learning, big data and behavioral profiling its time for authorization to take its next generational leap and move into a flexible risk based access control model that works in concert with legacy access control policies.

Cloud Authorization engines must focus on adding intelligence to the authorization process with validators that query external platforms for consensus during transactional processing and merry that with emerging threats to any of the entities (users, services, things, locations, etc) present within the transaction. Threat mitigation options must be designed to rebuild the trust within the transaction or to mitigate the emerging risk by providing consensus via the leveraging of traditional methods ABAC, RBAC, entitlements, scope and respond during the transaction with transactional step-up Auth, degradation of Entitlements, reduction in data attributes returned, etc.

In this presentation, we showed how to create architectures and UX flows that support real time threat mitigation for transactions involving any user, service or thing.

 


 

Topics: IAM, Identity, devops

Developer Self Service for Identity and API Security.

Cloudentity provides enterprise application developers with a suite of microservices that seamlessly integrates Identity and API Security. Accelerate the DevOps processes with a service mesh that reduces time to market and development cost by 30%.

Download the whitepaper

 

Try the Cloudentity API Security Trial

Or refer it to an Enterprise Developer in your company.

TRY FOR FREE

 

Subscribe Here!

Recent Posts