Authorization using Policy as code
by Manik Kashikar
A famous Quote says -"People are prone to taking mental shortcuts. They may know that they shouldn't give out certain information, but the fear of not being nice or appearing ignorant, the fear of a perceived authority figure - all these are triggers, which can be used by a social engineer to convince a person to override established security procedures" hence it is important to strengthen the Security by providing access based on principle of least privilege.
Implementing Policy Based Access helps to automate the Authorization process and also decouples the burden of decision making from Application/ System.
Manik will take you through the Approach on how to build & deploy Authorization engine using OPA (Open Policy Agent).
Tech SME, Thoughtworks
Manik is a Tech SME at Thoughtworks and has over 17+ years of extensive experience in design & implementation of Technology solutions which includes Digital Transformation, cross-functional Security, Journey to Cloud Assessment, Cloud Migration & Modernization, Securing cloud . Before joining Thoughtworks, She has worked more than a decade with various Banking clients in the Retail & SME banking area.
For the last 2.5 years, she has worked extensively in the Security domain across various dimensions like Securing Access, Communication & Data. Manik is multi-cloud certified and has been an active Advisor and Member of Women in Cloud, Women in Technology & Women Who Code communities.