Today, majority of the cloud conversations share a universal thread – how businesses can leverage cloud with flexibility in a multi-cloud environment while putting the proper guardrails to avert any security failures. Businesses seek peace of mind through uncompromising flexibility and simplicity.They expect it while spinning up elastic services; moving up the product development pipeline way faster through seamless integration, or externalizing the integration to an identity authentication platform. Nevertheless, flexibility is a tough nut to crack especially when companies operate in a labyrinth of multiple cloud and Identity providers. “What if context could be added atop each layer of the application services? What if a centrally managed identity authorization platform embeds itself with each of the distributed services with no code changes,” says Nathanael Coffing, Co-Founder, CSO and Board Member, CLOUDENTITY. Located in Seattle, WA, CLOUDENTITY uses dynamic authorization models to up your security ante using their patent-pending“who, what, where, when, why” contextual and ML models. Companies can experience dynamic authorization at a very granular level, offering their customers future-proof privacy, API Protection and extreme flexibility across application types (FAAS, PAAS, IAAS).
Previously, a trusted data center with a well-defined perimeter simplified the protection of intra-application transactions by featuring a trusted zone. The scene has dramatically changed. Companies have moved to a multi-cloud architecture with distributed services. Alongside this dramatic shift, the demand of authentication and authorization started mandating zero-trust at each and every user to service and service to service interaction. “We devised a proactive strategy to challenge the status quo. We innovated, building distributed identity authorization platform that acts on the API layer of every distributed service,” explains Coffing. Cloudentity’s context-aware dynamic authorization platform was built from the ground up to provide protection and hyper-scale transactional performance.
In today’s API-world, application modernization and elastic ephemeral services require infrastructure and deployment to be code-driven or programmable through built-in templatized capabilities. So, exercising and implementing authorization and identity in the same capacity as-code is required to maintain the same level of sophistication. “So, you’re able to automate your new platforms, infrastructures running in Kubernetes, or Docker as containers or functions. We’re making that as-code approach available for Identity and authorization; allowing developers to build new services without hard-coding identity and authorization into those services. Now, they can have elastic services that automatically conform with privacy and Regulatory requirements leveraging dynamic authorization and identity context as code. So, it brings a very powerful way for companies to reduce their overall development cost and reduce their risk” simplifies Coffing.
“Behind the scenes, automation is the real hero here. Ideally, once a new API or application is created, the next action is to automatically onboard it into the identity and authorization ecosystem. Post this, Application entitlements, authentication context, Cyber Risk context takes central stage weighing the transactional value against the transactional risk. What we’ve done is, we have automated and simplified the entire process. We’re covering everything from automated discovery of what services &API’s an organization has deployed; Automating the onboarding of them into the identity ecosystem; giving them a unique spiffee-based application identifier; performing as an OAuth authorization service in conjunction with the IDP or your API gateway; performing as a future-proof fine-grained privacy and consent management and at the API edge, we’re bringing in finegrained authorization policies and governance, for a seamless end-to-end experience. Now users can onboard and protect those applications in one fell swoop, fully automated and dynamic.”
Looking ahead, CLOUDENTITY eyes on the fortification of the platform by reinforcing more dynamic capabilities extending their machine learning algorithms. “We’ve partnered recently with not just the IDPs and API gateways of the world, but also companies like Signal Science, Imperva, and Akamai to bring more context about what’s happening on the transaction. This way we can do a better job of using that context to secure the authorization.” Coffing attributes all this to a pull approach rather than a push. “Why? We’re actually giving the developers the service through which they subscribe to data at scale and on demand. CLOUDENTITY is bringing in a layer of control that issues dynamic contextual authorization enforcement on every interaction, transaction across a network.”
Nathanael Coffing, Co-Founder, CSO
Cloud Identity is almost a decade old provider of identity and access management software solutions for in-house and cloud-based applications. The company is focused on distributing flexible identity and access management solutions to its clients.