Protecting your data with a Service Mesh

Protecting your data with a Service Mesh

In this talk, we will see a practical demo on how you can use a Service Mesh and its Identity and Authorization primitives to secure access to your data.

4ca6230b05046f1a809835985b1f8bc2?s=128

Ignasi Barrera

January 23, 2020
Tweet

Transcript

  1. 2.

    A B Traditional access control for databases is provided by

    network reachability and DB credentials C
  2. 3.

    A B C If an attacker breaks into the system

    and gains access to the network, the data is compromised
  3. 4.

    A B C A service mesh provides proper Identity primitives

    to enforce runtime authentication Envoy Envoy Envoy Envoy
  4. 5.

    A B C It also provides authorization primitives to be

    enforced at runtime PEP PEP PEP PEP
  5. 6.

    A B C Access decisions can be made based on

    proper identity and high level concepts Envoy Envoy Envoy Envoy
  6. 9.

    A B C L7 policies can be enforced, because the

    proxies understand L7 protocols Envoy Envoy Envoy Envoy NGAC / NDAC P D P
  7. 11.

    A B C L7 policies can be enforced, because the

    proxies understand L7 protocols Envoy Envoy Envoy Envoy NGAC / NDAC P D P
  8. 12.

    A B C This context-ful framework can be used to

    enforce complex and dynamic policies that are environment-dependent Envoy Envoy Envoy Envoy NGAC / NDAC us-east1 eu-west2 P D P
  9. 14.