DEVOPSdigest

Cloudentity announced a new Software-as-a-Service (SaaS) version of its platform which provides a smart, fast, and automated way to manage authorization policies across application programming interfaces (APIs) and data.

Cloudentity’s new service provides a first-of-its-kind solution that enables Zero Trust API access by externalizing fine-grained authorization, privacy consent and personal data exchange enforcement at cloud-scale.

Deployable in minutes, Cloudentity empowers businesses to deliver Open Banking, Embedded Finance and other innovative online services without changing identity providers or application code. Cloudentity delivers a declarative identity and authorization framework that works across any cloud to simplify access control and data governance. From Open Banking to eCommerce fraud prevention, Cloudentity makes it easier to deliver cloud-native applications and safer to extend your data to the customers and partners that matter most.

A standout capability of the new SaaS platform is its drag and drop Data Lineage feature, which provides a simple and intuitive way of mapping identity and user context data to an application. For developers, Data Lineage solves the complexities of Single Sign On (SSO) and provides real-time control over who can access each element of your API data. For ITops, DevOps and SecurityOps, teams can rapidly validate controls and pinpoint areas that need to be updated or fixed to prevent API data leakage and meet personal data protection obligations.

“Organizations are advancing digital business initiatives through app modernization powered by APIs that connect information between users, systems and services. This has increased IT complexity while adding more security and privacy requisites to development teams. Our cloud-native, identity and authorization management solution addresses this growing problem,” said Jason Needham, CEO of Cloudentity. “The SaaS version of our platform makes deployment and time-to-value faster for any organization. Developers save time and get better control of their data, while ensuring security and automated governance for their APIs.”

Cloudentity was also recently awarded a key technology patent for “Microservice Architecture for Identity and Access Management” (U.S. Patent No. 11,057,393 B2), which provides foundational technology to automate service identities (dynamic machine or workload-based identities common in cloud-native architectures) and enable auto-scale authorizations between any API endpoint.

“This is a key patent for Cloudentity and reinforces our leadership in the area of service and workload identity, providing a truly externalized authorization service that is capable of handling cloud-native architectures,” said Nathanael Coffing, CSO at Cloudentity. “This patent enables Zero Trust access control for APIs and better protection of both North/South and East/West API access.”

App modernization, big data, machine learning and microservices are the foundation of digital transformation and are almost always done through APIs, which introduces significant scale, attack surface and data privacy issues. To combat these challenges, enterprises require granular authorization management, which has traditionally been approached in a fragmented manner. In most organizations, authorization rules are decentralized and typically hard-coded by engineers for each application -- a process that is inefficient and prone to human error, policy inconsistency and operational blind spots.

Cloudentity overcomes these challenges by decoupling identity and authorization from applications and APIs and enabling declarative authorization policy as code. This provides a simpler, more integrated cloud-native approach over traditional IAM methods by centralizing management and analytics in a way that orchestrates multiple authentications, authorization, and privacy components in one platform, rather than having to use different solutions for each step in the process.

Additional features and enhancements within Cloudentity’s new SaaS offering include:

- Data Lineage Visualization and Mapping: A graphical, drag-and-drop interface that is used to view and govern the mapping and distribution of user data from identity providers to applications. The simple user interface, with built-in guided tours and examples, allows even non-technical users to easily understand, administer and validate authorization governance policy. The visual representation of the policies that are applied to the applications and the data they consume reduces administrative complexity and compliance risks.

- Transactional Multi-factor Authentication (MFA): Policies that conditionally trigger an MFA challenge before authorization access to an app or data is permitted. By invoking additional authentication at a preferred moment in the user journey, enterprises can reduce user experience friction without compromising security. This new approach ties MFA to application and data governance policies as a form of “recovery” that will only prompt users for MFA when one or more of the applied policies dictates.

- Intelligent Identity Provider (IdP) Discovery: This enables linking user login email address domains with IdPs to allow Cloudentity to initially recommend IdPs and enable subsequent IdP auto-routing at end-user login to improve user experience and reduce operational cost by negating the use of custom IdP routing mechanisms.

- Industry Leading Open Banking Certification and New API Open Standards: Cloudentity provides the first SaaS and API access product on the market to support multiple Open Banking jurisdictions on a single SaaS solution, enabling enterprises to comply with current and evolving global open standards. This includes extended support for Financial-grade API (FAPI) advanced, Client Initiated Backchannel Authentication (CIBA) and Open Banking UK, Brazil and Australia (CDR) certifications.