Tetrate The service mesh company 

A B Traditional access control for databases is provided by network reachability and DB credentials C 

A B C If an attacker breaks into the system and gains access to the network, the data is compromised 

A B C A service mesh provides proper Identity primitives to enforce runtime authentication Envoy Envoy Envoy Envoy 

A B C It also provides authorization primitives to be enforced at runtime PEP PEP PEP PEP 

A B C Access decisions can be made based on proper identity and high level concepts Envoy Envoy Envoy Envoy 

EXAMPLE Unauthorized access 

A B C NGAC provides a context-ful authorization framework Envoy Envoy Envoy Envoy NGAC / NDAC P D P 

A B C L7 policies can be enforced, because the proxies understand L7 protocols Envoy Envoy Envoy Envoy NGAC / NDAC P D P 

EXAMPLE L7 policy enforcement 

A B C L7 policies can be enforced, because the proxies understand L7 protocols Envoy Envoy Envoy Envoy NGAC / NDAC P D P 

A B C This context-ful framework can be used to enforce complex and dynamic policies that are environment-dependent Envoy Envoy Envoy Envoy NGAC / NDAC us-east1 eu-west2 P D P 

EXAMPLE Policy combination: RBAC + Location + Time 

Thanks