An Intellyx BrainBlog by Jason Bloomberg, for Permit.io
Building authorization into software products is becoming an increasingly complex task as both software vendors, and software-centric enterprises shift their efforts toward cloud native computing.
Gone are the monolithic architectures and perimeter-based security strategies of old. In their place: applications consisting of numerous ephemeral microservices interacting in real-time with third-party SaaS applications and services.
Furthermore, the cloud is now the center of gravity for such cloud native applications – but on-premises assets remain an important part of the IT landscape, especially for enterprises. And software vendors and enterprises must both consider assets on the edge as well.
All these characteristics of modern IT impact the challenge of authorization – what permissions do users have on particular applications and services, given those assets are widely distributed and inherently dynamic?
Fortunately, the best practices of cloud native computing itself – beyond simply Kubernetes best practices – bring clarity to such authorization challenges. Here are the basics.
Cloud Native Best Practice #1: Declarative Control Plane
Cloud native computing depends upon comprehensive declarative abstractions that enable organizations to configure and control their IT infrastructure automatically as a matter of policy.
In other words, cloud native computing calls for a control plane that enables organizations to configure and control their entire IT landscape via declarative configurations and automated workflows.
This control plane decouples policy from code – an essential best practice for supporting authorization in cloud native environments.
Without this separation, developers end up mixing code for the authorization layer with the application code itself, leading to problematic technical debt that impedes the organization’s ability to support dynamic microservices and in general, expand the functionality of the applications over time.
Read the entire BrainBlog here.
