Authz as a Service: Automate. Automate. Automate.
August 4, 2014 | DevOps | Kevin O'Brien
Authz as a Service
One of the ideas that underpins the entire DevOps movement, from Chef to Puppet, Ansible to Docker, is the idea that the age of automation has arrived. The promise of automation is that users of these new toolchains can get user and access management (“authz”), server creation and deprovisioning, and policy changes to be simple, repeatable, and most importantly, automated throughout their entire infrastructure.
As stated by Werner Vogel, CTO of Amazon, back in 2012 “Automate your application and processes; humans are terrible at automation.”
He was not kidding.
Humans tend to be inefficient and error-prone when performing repetitive tasks, and ergonomics studies suggest that even on a biomechanical level, the human body is not well conditioned for repeating the same motions over and over again — take, for example, the repetitive motion injuries seen in workers from Ford’s assembly line. The consequences of these errors tend to be magnified in environments where speed is enhanced by machines; a misconfigured access right may be relatively innocuous when it only impacts a single user or machine, but with the modern cloud-based infrastructure stack, that error is apt to be replicated to dozens or even hundreds of servers.
DevOps are a growing group of people who are working to automate operations and bring down the number of preventable accidents by using trusted images, tools like the ones listed above, and better predictive design in the compliance realm. Accordingly, many are turning to Conjur to help them implement authorization-as-a-service, with which they can define a single set of rules and permissions and allow them to propagate across their environments seamlessly and correctly.
If you’re looking to understand and improve authz for your own DevOps team or project, we can help! The easiest way to get started is simply to roll out a trial appliance; doing so is as easy as signing up.