It allows you to decouple authorization logic and policy from the application itself while standardizing on a single trusted tech-agnostic tool. Here, Open Policy Agent (OPA), created and maintained by Styra, is by far the most popular and dependable tool for implementing policy as code.
This is the same reason why developers adopt other as-code solutions, like Infrastructure as Code.
#Modern key holder code
Most companies and developer teams used to hard code authorization logic and policies directly into applications, but given the complexity of cloud native environments, this no longer works. GigaOm defines policy as code as a means for “mapping human-readable policies into machine-enforceable code.” This is a way to take critical security, operations and compliance policies and automate them in your application and across teams. This is the most critical move you can make to adopt modern authorization. We’re going to share five best practices, with some technical details, to get authorization right in your cloud native application. If you can solve for authorization - allowing only the actions and users that you specifically permit at key access points - you can solve the vast majority of security, compliance and operations problems that arise from the complexity of modern applications.
While in traditional, monolithic apps, there were may be dozens of individual components, with thousands of access possibilities that needed securing, today’s apps have thousands of moving parts, with potentially trillions of access possibilities, creating a substantially larger attack surface for every app.Īuthorization - the means by which app owners can control who (and what) can access applications, and what they’re allowed to do, once inside - is at the heart of these challenges. With their many benefits, modern applications made these challenges significantly harder to solve. For many organizations, microservices have become the architecture of choice, not only for building new applications, but for migrating legacy apps. With the rise of cloud native applications, the challenges of security, compliance and access control have become top of mind.
0 kommentar(er)
