Successful SaaS platforms deliver value to their customers quickly and safely; this requires a perpetual balance of continuous improvement and risk mitigation. A business that prioritizes one against the other are either leaving money or time on the table… and worse yet, could be exposing itself or its customers to serious security vulnerabilities.
Experts agree that the key to agility is continuous integration and continuous delivery (CI/CD) and the key to mitigating risk is to eliminate implicit trust (i.e. ZERO TRUST), so the desired state must be to build Zero Trust into your CI/CD strategy.
Logically separate and delegate the authorization configuration and policies for your customer tenants
Enable API/Workload discovery, Policy Enforcement and Transactional Audit
Properly identify non-human users to enforce specific policies for agent-based API calls and service invocations
Enable policy governance and change management within your SDLC
Easily integrate application and service authorization configuration into your existing CI/CD pipelines
Grow your business with confidence that Cloudentity can easily scale to meet your needs
A leading Application Performance Monitoring provider is building its next-generation platform using Cloudentity software to provide the security foundation for their multi-tenant SaaS platform leveraging a large-scale microservice architecture. By integrating Cloudentity into their core architecture and their CI/CD pipelines, this customer has been able to accelerate their time to market while simultaneously saving hundreds of thousands of dollars in development costs and drastically reducing risk for the business and its customers.
By defining a baseline set of application integration patterns and security policies for each customer tenant, the creation of new Cloudentity tenants can be bootstrapped and prepared for use via your existing automation and orchestration platform.
As new and updated policies and configurations become available, they are pushed out to all tenants via deployment pipelines that detect configuration and policy-as-code changes in source control.
Developers are responsible for policy adoption when they define their applications and APIs.
Policies are selected and attached via the deployment pipeline when the application is initially deployed or subsequently changed.
When policies or policy attachments change and they are updated via pipeline invocations of the Authorization Control Plane’s APIs, these changes are automatically propagated to all instances of the MicroPerimeter distributed policy determination point (PDP) using Cloudentity’s internal automation and orchestration.
Updated policies are enforced instantly and consistently across the entire system.
Each MicroPerimeter PDP actively discovers new APIs and workloads as they become available and can attach default policy in the case that the API or workload has not adopted a policy during deployment.
Each MicroPerimeter PDP audits the details of every authorization decision and asynchronously reports this audit data to the Authorization Control Plane so that Audit data can be monitored, queried, and used to generate reports from a single, central location.