Pro Yearly is on sale from $80 to $50! »

Protecting your data with a Service Mesh

Protecting your data with a Service Mesh

In this talk, we will see a practical demo on how you can use a Service Mesh and its Identity and Authorization primitives to secure access to your data.

4ca6230b05046f1a809835985b1f8bc2?s=128

Ignasi Barrera

January 23, 2020
Tweet

Transcript

  1. Tetrate The service mesh company

  2. A B Traditional access control for databases is provided by

    network reachability and DB credentials C
  3. A B C If an attacker breaks into the system

    and gains access to the network, the data is compromised
  4. A B C A service mesh provides proper Identity primitives

    to enforce runtime authentication Envoy Envoy Envoy Envoy
  5. A B C It also provides authorization primitives to be

    enforced at runtime PEP PEP PEP PEP
  6. A B C Access decisions can be made based on

    proper identity and high level concepts Envoy Envoy Envoy Envoy
  7. EXAMPLE Unauthorized access

  8. A B C NGAC provides a context-ful authorization framework Envoy

    Envoy Envoy Envoy NGAC / NDAC P D P
  9. A B C L7 policies can be enforced, because the

    proxies understand L7 protocols Envoy Envoy Envoy Envoy NGAC / NDAC P D P
  10. EXAMPLE L7 policy enforcement

  11. A B C L7 policies can be enforced, because the

    proxies understand L7 protocols Envoy Envoy Envoy Envoy NGAC / NDAC P D P
  12. A B C This context-ful framework can be used to

    enforce complex and dynamic policies that are environment-dependent Envoy Envoy Envoy Envoy NGAC / NDAC us-east1 eu-west2 P D P
  13. EXAMPLE Policy combination: RBAC + Location + Time

  14. Thanks