IAM is complex in Microservices
Modern applications are comprised of APIs and complex Identity & Access Management (IAM) constraints.
IAM involves Role Based Access Control (RBAC) policies, that try to answer the following questions:
- What is the identity of the user making the request?
- What are their role (or scope) entitlements?
- Does the role give them access to the API operation they are attempting?
- Does the role given them access to specific JSON objects being requested?
Suboptimal IAM configuration leads to authorization exploits
Given the complexity of API, roles, and associated RBAC policies, it is very easy to misconfigure authorization, resulting in dangerous exploits that leak customer data.
Preventing IAM abuse requires API observability
Preventing authentication & authorization exploits requires the continuous monitoring of your users, their role entitlements and the specific APIs/JSON objects they are trying to access.
At a minimum you need to be able to answer the following questions:
- Who are my users?
- What are the role entitlements for these users?
- What specific API endpoints and JSON objects are being accessed via the role entitlements?
Current observability methods are too intrusive
Conventional observability is based on Traffic Mirroring (packet capture), In-App Agents, or Sidecar Proxy Agents.
All these techniques require application code/config changes, lead to increased application latency, and increased operational overhead (additional steps during debugging, upgrading, etc.)
Conventional tools result in increased friction between Developers, Operations, and Security.
eBPF enables frictionless IAM Observability
eBPF is a revolutionary technology that provides superpowers for API observability.
eBPF probes can be used to passively instrument modern API driven apps, and capture the full request/response payloads of APIs.
Below are top benefits of an eBPF based API observability solution:
- Instant & comprehensive observability for your APIs, roles, and users.
- Agent-less, and does not require code or configuration changes to your applications.
- Full TLS / SSL visibility for all applications and services.
- TLS observability does not require sharing of private keys.
- Completely passive, and not inline with the application.
- No impact to the applicationโs latency.
- No impact to daily operational workflows (debugging, upgrading, etc.).
- Eliminates friction between Developers, Operations, and Security, that is common with conventional tools.
Want to learn more about eBPF powered API Observability?
You can learn more about frictionless API Observability & Security here.
Top comments (0)