Virtualization Technology News and Information
Article
RSS
Cerbos Hub Helps Developer, Product and Security Teams Easily Manage Authorization, a Top 10 API Security Risk

Cerbos announced that Cerbos Hub, formerly called Cerbos Cloud, is now in public beta. Cerbos Hub is a managed service offering for the popular open source authorization product, Cerbos, now known as Cerbos Policy Decision Point (PDP). Cerbos PDP lets teams provide the right access to the right person and the right service, across any application and at web scale and is used by hundreds of organizations in production with hundreds of millions of authorization checks being done monthly.

Today's news follows Open Worldwide Application Security Project (OWASP) naming authorization a top 10 API security risk: https://owasp.org/API-Security/editions/2023/en/0x11-t10/

"Authorization is a crucial part of any application and making changes is a delicate process. A homegrown GitOps flow can work but with Cerbos Hub, that is fully managed for users. The dedicated deployment pipeline natively validates, compiles and tests changes which is way more robust than alternative methods. Cerbos Hub catches faulty logic, or, if all tests pass, coordinates the rollout of changes to all the deployed Policy Decision Points with no downtime or synchronization worries," said Rasmus Dencker, CTO at Firtal Group. 

Cerbos Hub is a management interface and policy distribution infrastructure for Cerbos PDP. Cerbos Hub simplifies the process of collaboratively authoring, testing and distributing authorization policy updates in real-time even to the edge and end client devices via its WebAssembly extension. It is a stateless, scalable and collaborative solution for teams who want to save time, streamline their workflows and confidently roll out authorization updates. 

"Decoupling authorization makes life easier for both developers as well as product managers and security teams who create the requirements. Once implemented, developers can focus on the rest of their job without having to deal with every change in access control logic," said Emre Baran, co-founder and CEO of Cerbos. "We are opening up the beta of Cerbos Hub to make the deployment and management of authorization everywhere in the stack, including at the edge or on client devices, possible. Cerbos Hub takes away the operational burden of managing, testing and deploying changes with its collaborative policy development environment and managed deployment pipeline. Developers can now spend even more of their valuable time delivering great products instead of maintaining the infrastructure of the authorization layer." 

Cerbos takes a unique stateless approach which enables limitless scale. As application usage and authorization logic complexity grows, Cerbos can be scaled up to handle the increased volume without any limits or additional infrastructure. At the same time, Cerbos takes a policy-based approach that keeps all authorization rules centralized and manageable, decoupling it from the codebase. This enables roles and permissions rules to be updated without rewriting code, all while maintaining strong audit logs, a requirement for regulated industries. 

Cerbos Hub offers a range of powerful features that simplify authorization management: 

  • The fully managed user interface handles the precise details of policy management and coordinates with the Cerbos PDP instances running inside the environment, without external dependencies, ensuring that the developer stays in control while maintaining low-latency authorization checks. 
  • The PDP end points, powered by WebAssembly, enable embedded authorization at both edge locations and client devices using the same set policies as the authorization service deployments.
  • A collaborative policy playground lets users collectively iterate on policy, get real time feedback on changes and evaluate test suites right from the browser. Users can test the integration with their application without requiring any infrastructure or services.
  • The managed CI pipeline radically simplifies policy testing and distribution, and policies remain in the team's GitHub repo which they can control and manage access to.
Published Tuesday, November 07, 2023 9:23 AM by David Marshall
Filed under:
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<November 2023>
SuMoTuWeThFrSa
2930311234
567891011
12131415161718
19202122232425
262728293012
3456789