Blog
Company Updates & Technology Articles
Five common authorization patterns
In this post we share five common authorization patterns, starting from the simplest IDP-based RBAC, and culminating in a combination of group-based RBAC with fine-grained permissions and fine-grained resources. You can easily evolve from the simple models to the more sophisticated ones, by evolving the authorization policy using Topaz.
Solving cloud-native authorization
Cloud-native authorization is hard. This post covers exactly why and how to build fine-grained access control systems for cloud-native applications. We highlight a couple open-source projects you can use today, as well as the "5 laws of cloud-native authorization."
Mar 14th, 2023
A CISO Perspective on Enterprise Forensics: How to Get Back From a Breach
Authorization decision logs provide accurate and detailed information about every action taken within the system for which those logs are being generated. These logs promote quick and effective responses which mitigate harm. And they do so more effectively than other logs or audit trails in isolation, and certainly when correlated with other information.
Mar 8th, 2023
Product Pulse #4: New directory and authorizer, evaluator, and more!
Over the past weeks we've rolled out a new version of our authorizer and directory. We’ve added the ability to support data-first ReBAC models and test permissions and relations between objects and subjects. And we've simplified user management for Aserto Organization admins.
Mar 1st, 2023
A secure software supply chain for OPA policies
OPA policies are important artifacts in the application lifecycle and need to be secured. You can do this by using the policy CLI from the OPCR project to build, tag, push, and pull OPA policies as OCI images, and the cosign CLI from the Sigstore project to sign and verify signatures over these images.
Feb 22nd, 2023
What Happens When Access Controls Fail
Broken access controls are the world's common source of application security failures. The risk in allowing users to act outside of their intended permissions is as great as with any other kind of cyber failure, with potential for both reputational and financial consequences for organizations and their users alike.
Feb 15th, 2023
A CISO Perspective on Simplifying Compliance with Decision Logs
Driving compliance, or managing risk, is key for any organization. Competent cybersecurity demands the centralization of authorization decision logs. Knowing who is accessing what, when and why is critical to safeguarding your assets and data. Learn more in this post.
Feb 7th, 2023