Episode 12: Diving Into Authorization And Policy Bases Access Controls

Episode 12 December 10, 2019 00:35:29
Episode 12: Diving Into Authorization And Policy Bases Access Controls
SilverLining IL
Episode 12: Diving Into Authorization And Policy Bases Access Controls
/

Hosted By

Moshe Ferber Ariel Munafo

Show Notes

Attendees

Guest: Tsachi Lutaty

Guest title: R&D manager

Company: PlainID

Abstract

In the past years we have reached important progress in authentication. Multi factor authentication and Identity  Federation solved many of the identity authentication challenges. So it is now time to focus on the second aspect of Identity & Access Management - the aspect of Identity Authorization.  In this podcast we are talking with Tsachi Lutaty, R&D manager for PlainID, about the move from Role based access controls to Policy based access controls and how organizations can better engineer their authorization scheme and policies.

Timing:

0:41 introducing our guest

1:25 Introducing PlainID 

2:45 Authorization challenges - what are modern authorization challenges

8:00 Role based access control vs. Attribute / Policy  based access control 

15:30 Existing authorization standards  

18:58 How can we better engineer authorization system - The technology angle

26:15 How can we better engineer authorization system - The process angle

29:30 How can we better engineer authorization system - The people angle

32:50 Summary and final words

Other Episodes

Episode 26

September 16, 2020 00:49:26
Episode Cover

Episode 26: Current Challenges With Cloud

This is a special episode where both of us (Moshe & Ariel – no guests this time) discuss the future of cloud computing and challenges that should be solved. We take a detailed look at shortage in manpower and knowledge, privacy laws and their influence on innovation and technology challenges such as multi tenancy, APi’s, encryption, continuous monitoring and more. Agenda Opening words  - 5 min  introducing the podcast  - Moshe / Ariel  Introducing our guest - Ariel Introducing myself - Moshe Introducing the topic and context of the podcast - Moshe  Security challenges   People Shortage in manpower:  There are missing jobs for cyber professional and especially application security Shortage in knowledge: security professional lag behind learning new technologies Process Malicious insider - one of the biggest challenges for cloud providers Shared responsibility model collapsing Privacy laws are creating islands of data - Privacy laws are limiting the transfer of data Jurisdiction, Court orders and government access to data - as cloud provider host more data - they are a target for more & more government interest Technology API security best practices - there will be more & more API’s, we did not master how to protect them Encryption and key management - the holy grail for holding your own encryption keys is fading Multi tenancy - we don't have clear practices on building multi tenant applications Identity based access controls - network access controls are useless in cloud ...

Listen

Episode 15

January 28, 2020 00:38:46
Episode Cover

Episode 15: Challenges Of Selecting SaaS Providers

Attendees Guest: Tal Arad Guest title: Former CISO Company: CEVA logistics Abstract Consuming SaaS from various vendors can be a challenging task, the first challenge is to distinguish who are the mature providers that you can trust your data with, and the second challenge is auditing them and their services. In this episode we talk with Tal Arad, former CISO of CEVA logistics about the challenges of selecting SaaS providers and how to auditing them wisely. Timing: 0:35 introducing our guest 02:30 Introducing Ceva Logistics and the CISO challenges 5:55 How to get started in as a new CISO  9:20 Challenges with SaaS providers - distinguishing between mature and immature Providers 16:15 tips for selecting SaaS providers 22:30 what happens when something happens and choosing providers carefully 24:50 Tips for managing ongoing relationships with SaaS providers 34:27 Summary and final words ...

Listen

Episode 37

April 13, 2021 00:27:16
Episode Cover

SilverLining Episode 37: Software Package Dependencies Attacks

Attendees Guest: Tzachi Zornstain Guest Title: Co-Founder & CEO, Dustico Topic: Software Package Dependencies Attacks Abstract Supply chain and software dependencies attacks are becoming more popular, and organizations are having a hard time coping with those types of vectors. In this episode, we spoke with Tzach Zornstain, Co-Founder at Dustico, about the difference between malicious software and vulnerable software, and how organizations should use 3rd party software for the development of their own applications securely. ...

Listen