Protecting your data with a Service Mesh

January 23, 2020

320

Protecting your data with a Service Mesh

In this talk, we will see a practical demo on how you can use a Service Mesh and its Identity and Authorization primitives to secure access to your data.

Ignasi Barrera

January 23, 2020

More Decks by Ignasi Barrera

See All by Ignasi Barrera

Next-gen Authorization

nacx

Access Control for Microservices

nacx

Identity provisioning in a Service Mesh

nacx

280

Service Mesh and the future of networking

nacx

260

Next Generation Access Control (NGAC) for the Multi-Cloud World

nacx

1.6k

Do you need a Service Mesh?

nacx

320

Standalone Neutron: How we integrated it with Abiquo

nacx

420

Rule the cloud with Apache jclouds

nacx

430

Introduction to Apache jclouds - ApacheCon EU 2014

nacx

170

Other Decks in Research

See All in Research

論文紹介/Expectations over Unspoken Alternatives Predict Pragmatic Inferences

chemical_tree

260

Zipf 白色化：タイプとトークンの区別がもたらす良質な埋め込み空間と損失関数

eumesy

PRO

720

論文紹介: COSMO: A Large-Scale E-commerce Common Sense Knowledge Generation and Serving System at Amazon (SIGMOD 2024)

ynakano

100

ダイナミックプライシングとその実例

skmr2348

410

Human-Informed Machine Learning Models and Interactions

hiromu1996

480

2024/10/30 産総研AIセミナー発表資料

keisuke198619

330

熊本から日本の都市交通政策を立て直す～「車1割削減、渋滞半減、公共交通2倍」の実現へ～＠公共交通マーケティング研究会リスタートセミナー

trafficbrain

140

LiDARとカメラのセンサーフュージョンによる点群からのノイズ除去

kentaitakura

130

Geospecific View Generation - Geometry-Context Aware High-resolution Ground View Inference from Satellite Views

satai

100

Weekly AI Agents News! 9月号論文のアーカイブ

masatoto

120

新規のC言語処理系を実装することによる 組込みシステム研究にもたらす価値 についての考察

zacky1972

160

機械学習による言語パフォーマンスの評価

langstat

730

Featured

See All Featured

XXLCSS - How to scale CSS and keep your sanity

sugarenia

246

1.3M

GraphQLの誤解/rethinking-graphql

sonatard

10k

Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything

marktimemedia

2.1k

How GitHub (no longer) Works

holman

310

140k

What's new in Ruby 2.0

geeforr

343

31k

Site-Speed That Sticks

csswizardry

A Philosophy of Restraint

colly

203

16k

Helping Users Find Their Own Way: Creating Modern Search Experiences

danielanewman

2.3k

Fireside Chat

paigeccino

How STYLIGHT went responsive

nonsquared

5.2k

Rebuilding a faster, lazier Slack

samanthasiow

8.7k

Done Done

chrislema

181

16k

Transcript

Tetrate The service mesh company
A B Traditional access control for databases is provided by
network reachability and DB credentials C
A B C If an attacker breaks into the system
and gains access to the network, the data is compromised
A B C A service mesh provides proper Identity primitives
to enforce runtime authentication Envoy Envoy Envoy Envoy
A B C It also provides authorization primitives to be
enforced at runtime PEP PEP PEP PEP
A B C Access decisions can be made based on
proper identity and high level concepts Envoy Envoy Envoy Envoy
EXAMPLE Unauthorized access
A B C NGAC provides a context-ful authorization framework Envoy
Envoy Envoy Envoy NGAC / NDAC P D P
A B C L7 policies can be enforced, because the
proxies understand L7 protocols Envoy Envoy Envoy Envoy NGAC / NDAC P D P
EXAMPLE L7 policy enforcement
A B C L7 policies can be enforced, because the
proxies understand L7 protocols Envoy Envoy Envoy Envoy NGAC / NDAC P D P
A B C This context-ful framework can be used to
enforce complex and dynamic policies that are environment-dependent Envoy Envoy Envoy Envoy NGAC / NDAC us-east1 eu-west2 P D P
EXAMPLE Policy combination: RBAC + Location + Time
Thanks