Defense In-Depth For an API and DevOps Security

Authorization has come along way since setting bits in the file system. With the advancements in machine learning, big data, and behavioral profiling, it’s time for authorization to take its next generational leap and move into a flexible, risk-based access control model that works in concert with legacy access control policies.

Cloud Authorization engines must focus on adding intelligence to the authorization process, with validators that query external platforms for consensus during transactional processing. Those validators should marry that consensus with emerging threats to any of the entities (users, services, things, locations, etc) present within the transaction. Threat mitigation options must be designed to rebuild the trust within the transaction, or to mitigate the emerging risk by providing consensus via the leveraging of traditional methods ABAC, RBAC, entitlements, and scope. Those mitigation options should also respond during the transaction with transactional step-up Auth, degradation of entitlements, reduction in data attributes returned, etc.

In this presentation, available on Cloudentity’s YouTube channel, we show you how to create architectures and UX flows that support real-time threat mitigation for transactions involving any user, service, or thing.