The cloud is becoming even more conditional. We know the cloud is programmable. This is exactly why it is very flexible. The conditional cloud is a hot topic because it is showing up in more than one way. Here are exactly two examples of the conditional cloud:
Conditional Access - Machine Learning
A single mobile user accesses three private applications over the Internet. The three applications are hosted in a private data center with an excellent source of carbon-free energy. Azure AD conditionally grants access each time the user accesses any of the mobile applications. For example, Azure's machine learning considers the user, location, device, and real-time risks. Conditionally, the user may just get the web page. Or, conditionally, the user may be asked to authenticate a second time, like a re-certification. The decision is up to the cloud. learn more here
Conditional Access - Rules Based
A single developer has a closed serverless application limited to an exact number of accounts. Each exact account number is listed in the S3 Bucket resource policy. It is a stated condition. The AWS Serverless Repository grants a user access to the application only when the user's deployment passes the condition where the SourceAccount number is in the list. learn more here
What matters is up to you
Don't forget time-based conditional access. Sometimes temporary access is a stated condition. Like for a hotfix that comes up in an emergency. One person may just need a few hours of access to a single exact machine in the cloud. To keep it safe, a person can write one Common Expression Language statement in a Google Policy restricting access by the request time. The condition is the time. learn more here
Identity Matters
Conditions look fine-grained. The conditions consider identity. Nobody wants to look over a user's shoulders. Please let me emphasize the conditional cloud is intended to make the cloud safer. How the cloud exactly does this for us, either machine learning or rules-based, is a hot topic. Any comments?
Top comments (0)