Automating Authorization Governance

Cloudentity makes authorization governance effective, flexible and scalable – ensuring secure, compliant and confidential access and data exchange across hybrid, multi-cloud and microservices infrastructure.

Declarative Authorization Advantages

App modernization, big data, and service integration are foundational for digital transformation, and almost all done over APIs – introducing massive scale, security and data privacy issues. While federated identity authentication mechanisms, such as MFA and SSO, facilitates protected session access, essential authorization governance remains fragmented, inefficient and inadequate.

Developer Challenge
  • Authorization rules are typically hardcoded by engineers for each application – prone to human error, policy inconsistency and operational blind spots.
  • Developers must content with complex multi-cloud workloads and diverse API service connections, and a cumbersome array of identity, security, configuration and compliance requisites.
Security Challenge
  • Organizations are challenged to ensure data governance and privacy consent across apps, services and APIs with required OAuth scope, transactional control and audit-ability.
  • The control gaps and limited enforcement capabilities opens the business to cyberattack that exploit web, app and access exposures as evidenced in the OWASP API vulnerabilities.

These known development and security operational gaps ultimately delay app delivery and service innovation due to more prolonged security verification. It’s time to evolve the conventional approach to application transactional authentication and authorization.

CLOUDENTITY OVERCOMES THESE ENTERPRISE CHALLENGES.
We’ve decoupled authentication from authorization and moved user, machine and service access and data exchange authorization to the edge. Our solution automates governance through an externally managed, declarative authorization platform that delivers fine-grained policy-as-code with dynamic, high-performance enforcement for every transaction.  As a result, engineering and security teams have increased development velocity and service agility while mitigating privacy, API security and compliance risks. More so, organizations can accelerate digital transformation business opportunities with crucial service / data protection and privacy requisites. 

Before Cloudentity

After Cloudentity

  • Delayed application delivery and service enhancement

  • Impacted Open Data initiatives

  • Authorization policy inconsistency and inadequacy

  • Development and DevSecOps complexity and inefficiency

  • Increased web, app and API attack surface

  • Privacy, audit and compliance exposures

 

Dynamic Authorization

Fine Grained. Extensive Context. Adaptive.

Cloudentity Dynamic Authorization extends nominal identity-based authentication with fine-grained authorization with extended context that complies with NIST authorization and privacy standards. Policy development is facilitated through a graphical, natural language rules editor, multi-source context normalization, and pre-defined compliance policy packs.

 

The approach provides comprehensive, adaptive access control with granular OAuth scope and data exchange protection mechanisms, as well as end-to-end data lineage for reporting, forensics and audit. Cloudentity Privacy Ledger™ provides a tamper-proof audit of the who, what, where, when and why consent was granted and to whom.

Our Solution

Cloud-native. Interoperable. Portable.

Cloudentity’s microservice delivery model and infrastructure agnostic approach allows customers to seamlessly integrate Authorization Governance into their existing hybrid, multi-cloud and microservice (e.g. Kubernetes) infrastructure.

Bring Your Own Identity Provider

Authorization Control Plane 

MicroPerimeter

 

Bring Your Own API Security Gateway

Bring Your Own Identity Platform (BYOIDP)

Okta, Microsoft, Ping, AWS, SailPoint, SAML...

BYOIDP allows organizations to leverage their existing identity management investments. Seamlessly integrate dynamic authorization into popular identity and application ecosystems. By decoupling authentication sources from application authorization, IdPs can be readily switched and/or aggregated to enable service delivery and flexibility.

Bring Your Own API Gateway (BYOAG)

Consul, Istio and Kubernetes

Cloudentity’s authorization governance automation solutions were designed to work with your existing container orchestration platform. Once deployed in a Kubernetes cluster, the sidecar automatically registers with the central repository providing true East/West lateral visibility, tracking, and security.

 

Docker Deployment

Each Cloudentity solution is distributed as a Docker container or lightweight installable Linux package.

This approach allows you to:

  • Setup automation and faster developer onboarding
  • Offer maximum portability
  • Enable continuous deployment
  • Scale up without significant changes to tooling or practices

Hyperscale Performance

To achieve real-world, high volume transaction enforcement – performance matters. Cloudentity’s microservice architecture offers access and data exchange control at hyperscale to optimize protection and user experience. Compared to other solutions in the market, Cloudentity delivers 60x the performance of OAuth token minting and evaluation at 90% lower latency.

 

Support the Latest Standards

Cloudentity supports the latest standards including OAuth 2.1, FAPI R/W, OIDC and SAML v2, delivered at lightning speeds. Prebuilt connections make integration into your existing IDP(s) a snap, allowing a simple means to unify user identity into a single source of truth.

Multi-tenancy

Roles-based access control administration, with multi-tenant and delegated access capabilities, enables centralized management of users, policies, services, and APIs across multiple workspaces and environments.

 

PARTNERS AND PROVIDERS

MSIRobot