Protecting your data with a Service Mesh

January 23, 2020

350

Protecting your data with a Service Mesh

In this talk, we will see a practical demo on how you can use a Service Mesh and its Identity and Authorization primitives to secure access to your data.

Ignasi Barrera

January 23, 2020

More Decks by Ignasi Barrera

See All by Ignasi Barrera

Next-gen Authorization

nacx

110

Access Control for Microservices

nacx

120

Identity provisioning in a Service Mesh

nacx

320

Service Mesh and the future of networking

nacx

290

Next Generation Access Control (NGAC) for the Multi-Cloud World

nacx

1.7k

Do you need a Service Mesh?

nacx

350

Standalone Neutron: How we integrated it with Abiquo

nacx

440

Rule the cloud with Apache jclouds

nacx

460

Introduction to Apache jclouds - ApacheCon EU 2014

nacx

190

Other Decks in Research

See All in Research

請求書仕分け自動化での物体検知モデル活用 / Utilization of Object Detection Models in Automated Invoice Sorting

sansan_randd

160

o1 pro mode の調査レポート

smorce

150

資産間の相関関係を頑健に評価する指標を用いたファクターアローケーション戦略の構築

nomamist

190

Weekly AI Agents News! 2月号アーカイブ

masatoto

150

20250226 NLP colloquium: "SoftMatcha: 10億単語規模コーパス検索のための柔らかくも高速なパターンマッチャー"

de9uch1

320

博士論文公聴会： Scaling Telemetry Workloads in Cloud Applications: Techniques for Instrumentation, Storage, and Mining / PhD Defence

yuukit

120

TRIPOD+AI Expandedチェックリスト有志翻訳による日本語版 version.1.1

shuntaros

120

한국어 오픈소스 거대 언어 모델의 가능성: 새로운 시대의 언어 이해와 생성

inureyes

PRO

300

公立高校入試等に対する受入保留アルゴリズム（DA）導入の提言

shunyanoda

1.9k

RapidPen: AIエージェントによるペネトレーションテスト初期侵入全自動化の研究

laysakura

330

Sosiaalisen median katsaus 03/2025 + tekoäly

hponka

740

LLM-as-a-Judge: 文章をLLMで評価する@教育機関DXシンポ

k141303

610

Featured

See All Featured

個人開発の失敗を避けるイケてる考え方 / tips for indie hackers

panda_program

104

19k

The Cult of Friendly URLs

andyhume

6.3k

Understanding Cognitive Biases in Performance Measurement

bluesmoon

1.6k

Raft: Consensus for Rubyists

vanstee

137

6.9k

How to Create Impact in a Changing Tech Landscape [PerfNow 2023]

tammyeverts

2.4k

Building an army of robots

kneath

304

45k

I Don’t Have Time: Getting Over the Fear to Launch Your Podcast

jcasabona

2.2k

StorybookのUI Testing Handbookを読んだ

zakiyama

5.6k

Why You Should Never Use an ORM

jnunemaker

PRO

9.3k

Build The Right Thing And Hit Your Dates

maggiecrowley

2.6k

Six Lessons from altMBA

skipperchong

3.7k

Bootstrapping a Software Product

garrettdimon

PRO

307

110k

Transcript

Tetrate The service mesh company
A B Traditional access control for databases is provided by
network reachability and DB credentials C
A B C If an attacker breaks into the system
and gains access to the network, the data is compromised
A B C A service mesh provides proper Identity primitives
to enforce runtime authentication Envoy Envoy Envoy Envoy
A B C It also provides authorization primitives to be
enforced at runtime PEP PEP PEP PEP
A B C Access decisions can be made based on
proper identity and high level concepts Envoy Envoy Envoy Envoy
EXAMPLE Unauthorized access
A B C NGAC provides a context-ful authorization framework Envoy
Envoy Envoy Envoy NGAC / NDAC P D P
A B C L7 policies can be enforced, because the
proxies understand L7 protocols Envoy Envoy Envoy Envoy NGAC / NDAC P D P
EXAMPLE L7 policy enforcement
A B C L7 policies can be enforced, because the
proxies understand L7 protocols Envoy Envoy Envoy Envoy NGAC / NDAC P D P
A B C This context-ful framework can be used to
enforce complex and dynamic policies that are environment-dependent Envoy Envoy Envoy Envoy NGAC / NDAC us-east1 eu-west2 P D P
EXAMPLE Policy combination: RBAC + Location + Time
Thanks