Protecting your data with a Service Mesh

January 23, 2020

260

Protecting your data with a Service Mesh

In this talk, we will see a practical demo on how you can use a Service Mesh and its Identity and Authorization primitives to secure access to your data.

Ignasi Barrera

January 23, 2020

More Decks by Ignasi Barrera

See All by Ignasi Barrera

Next-gen Authorization

nacx

Access Control for Microservices

nacx

Identity provisioning in a Service Mesh

nacx

230

Service Mesh and the future of networking

nacx

220

Next Generation Access Control (NGAC) for the Multi-Cloud World

nacx

1.4k

Do you need a Service Mesh?

nacx

260

Standalone Neutron: How we integrated it with Abiquo

nacx

370

Rule the cloud with Apache jclouds

nacx

370

Introduction to Apache jclouds - ApacheCon EU 2014

nacx

160

Other Decks in Research

See All in Research

Julia Tokyo #11 トーク: 「Juliaで歩く自動微分」

abap34

1.3k

Gmail の「メール送信者のガイドライン」強化から 1 ヵ月、今後予想されるメールセキュリティの変化とは

hirachan

240

論文紹介 DSRNet: Single Image Reflection Separation via Component Synergy (ICCV 2023)

tattaka

180

CASCON 2023 Most Influential Paper Award Talk

tsantalis

120

訓練データ作成のためのCloudCompareを利用した点群の手動ラベリング

kentaitakura

540

眠眠ガチャ：ガチャを活用した睡眠意欲向上アプリの開発 / EC71inui

yumulab

150

Webスケールデータセットに対する実用的なポイズニング手法 / Poisoning Web-Scale Training Datasets is Practical

nttcom

120

The Theory behind Vector DB

matsui_528

1.7k

SANER 2019 Most Influential Paper Talk

tsantalis

120

脳卒中患者・家族からみた循環器病対策推進基本計画の進捗に関する調査

japanstrokeassociation

530

言語間転移学習で大規模言語モデルを賢くする

ikuyamada

3.3k

LiDARセキュリティ最前線

kentaroy47

280

Featured

See All Featured

VelocityConf: Rendering Performance Case Studies

addyosmani

320

23k

JavaScript: Past, Present, and Future - NDC Porto 2020

reverentgeek

4.4k

"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)

danielanewman

221

21k

Creating an realtime collaboration tool: Agile Flush - .NET Oxford

marcduiker

1.5k

The Pragmatic Product Professional

lauravandoore

5.8k

How GitHub (no longer) Works

holman

304

140k

CSS Pre-Processors: Stylus, Less & Sass

bermonpainter

352

28k

Making the Leap to Tech Lead

cromwellryan

124

8.5k

Imperfection Machines: The Place of Print at Facebook

scottboms

260

12k

A designer walks into a library…

pauljervisheath

200

23k

YesSQL, Process and Tooling at Scale

rocio

164

13k

Optimizing for Happiness

mojombo

370

69k

Transcript

Tetrate The service mesh company
A B Traditional access control for databases is provided by
network reachability and DB credentials C
A B C If an attacker breaks into the system
and gains access to the network, the data is compromised
A B C A service mesh provides proper Identity primitives
to enforce runtime authentication Envoy Envoy Envoy Envoy
A B C It also provides authorization primitives to be
enforced at runtime PEP PEP PEP PEP
A B C Access decisions can be made based on
proper identity and high level concepts Envoy Envoy Envoy Envoy
EXAMPLE Unauthorized access
A B C NGAC provides a context-ful authorization framework Envoy
Envoy Envoy Envoy NGAC / NDAC P D P
A B C L7 policies can be enforced, because the
proxies understand L7 protocols Envoy Envoy Envoy Envoy NGAC / NDAC P D P
EXAMPLE L7 policy enforcement
A B C L7 policies can be enforced, because the
proxies understand L7 protocols Envoy Envoy Envoy Envoy NGAC / NDAC P D P
A B C This context-ful framework can be used to
enforce complex and dynamic policies that are environment-dependent Envoy Envoy Envoy Envoy NGAC / NDAC us-east1 eu-west2 P D P
EXAMPLE Policy combination: RBAC + Location + Time
Thanks