Blog
Company Updates & Technology Articles

A CISO Perspective on the Importance of Separating Authorization Policy and Application Code
In this post, we cover how treating authorization policy as code allows information security and application teams to enforce strong separation of duties in multiple areas.

Cloud-native authorization on Techstrong TV
Fine-grained access control is a hot topic. Google, Netflix, and Airbnb have written about how they have solved access. We distteled commonalities and best-practices from their descriptions and used them as the basis for the "five laws of cloud-native authorization."
Jan 17th, 2023

RBAC vs ABAC: pros, cons, and example policies
RBAC and ABAC are two popular models for securing access to resources. Both models have their merits and both have limitations. Learn all about role-based and attribute-based access control and see example policies in this post.
Jan 11th, 2023

A CISO perspective on Broken Access Control
A CISO view of what Broken Access Control is, why it keeps them up at night, and some strategic priorities your organization can pursue to address and mitigate broken access control threats.
Jan 4th, 2023
Goodbye Open Policy Registry, Hello Open Policy Containers!
Open Policy Containers (OPCR) is now a CNCF Sandbox project, and it’s time to sunset the Open Policy Registry!
Dec 30th, 2022

How to avoid Broken Access Control vulnerabilities
Broken Access Control vulnerabilities are pervasive. This post explores three techniques that can be combined to create secure-by-default applications that can avoid or eliminate Broken Access Control vulnerabilities.
Dec 21st, 2022

How Google Drive models authorization
Zanzibar is Google's centralized access control system. Learn more about this common authorization solution that has high availability, low latency, and the flexibility to deliver fine-grained access control for every Google service (e.g. Gmail, Drive, YouTube, Calendar, etc.).
Dec 15th, 2022