DevOps Paradox podcast: Moving from hardcoded to externalized authorization

In a recent episode of the DevOps Paradox podcast, Alex Olivier, CPO and co-founder of Cerbos, joined Darin and Viktor to discuss the challenges of implementing authorization in modern applications and the solutions provided by Cerbos. The conversation covered the role of externalized authorization in scalable systems, policy-based approaches to authorization, the importance of performance and scalability of authorization systems, and practical advice for those looking to implement Cerbos.

Read on to discover the key takeaways. If you want to explore specific parts of the discussion - check out the mentioned timestamps.

The need for scalable authorization

[00:03:51]

Authorization is an essential component of any system with multiple users, but hardcoding logic repeatedly is inefficient and error-prone. Alex explained how Cerbos simplifies this process by externalizing authorization logic, enabling developers to focus on building applications without reinventing the wheel. This approach enhances scalability, compliance, and maintainability.

Challenges with hardcoded authorization logic

[00:06:00]

Hardcoding authorization logic often leads to duplication and inefficiencies, especially when requirements evolve. Developers face compliance burdens, such as proving to auditors that access controls are robust and reliable.

Benefits of externalized authorization

[00:08:40]

Alex examined how externalized authorization is a better approach, and addresses the above pain points. It centralizes access control logic into a separate, policy-driven system, offering several advantages.

• By separating authorization from application code, developers can reuse policies across multiple services, ensuring consistent access control rules.
• Centralized policies reduce the overhead of updating scattered, hardcoded logic when requirements change, saving time and preventing errors.
• Externalized systems provide an auditable trail of decisions, making it easier to demonstrate compliance with regulatory requirements.
• Teams can modify and test policies independently of application code, enabling rapid iterations without deploying new software versions.
• Policy-based authorization systems like Cerbos scale seamlessly as applications grow in complexity, handling diverse scenarios like role-based and attribute-based access control.

About Cerbos

Use cases supported by Cerbos

[00:05:33]

Alex describes how Cerbos handles both internal and external applications, from SaaS platforms to regulated industries like finance and healthcare. Authorization rules can accommodate role-based (RBAC) and attribute-based (ABAC) models to ensure granular control.

Data filtering and AI integration

[00:30:12]

As AI agents interact with sensitive business data, Alex explained how Cerbos ensures AI respects user permissions by applying filters at the data retrieval stage. This prevents unauthorized access while enabling dynamic, real-time interactions.

Zero trust and its practical application

[00:35:12]

Zero trust is a guiding principle in modern security that requires continuous verification of both users and actions. Alex elaborated on how Cerbos aligns with zero trust principles by ensuring that every request is verified against up-to-date policies. He emphasized the importance of verifying not just the identity but also the context of each request.

Performance and scalability

[00:18:35]

Performance is critical for authorization systems since they are in the request path of every action. Cerbos achieves sub-millisecond decision times by loading policies in memory and optimizing for high throughput. Alex then shared insights into how Cerbos handles billions of requests per day without compromising performance.

Getting started with Cerbos

Open source Cerbos PDP

[00:40:31]

Getting started with Cerbos PDP is straightforward. Policies can be defined in YAML files, and the Cerbos Policy Decision Point (PDP) can run as a Docker container or standalone binary. Users can integrate it via SDKs for popular programming languages.

Advanced capabilities with Cerbos Hub

[00:46:00]

Alex explained how Cerbos Hub complements the open-source project. Cerbos Hub, the managed SaaS offering, simplifies policy management and audit log collection. It provides a UI for non-developers, making it easier to handle compliance and collaborate with security teams.

Conclusion

Alex’s appearance on DevOps Paradox reinforced why externalized, policy-based authorization is essential in today’s software landscape. Cerbos empowers developers with a flexible, scalable solution that reduces complexity, improves compliance, and integrates seamlessly with existing workflows. Whether you’re building a SaaS platform, securing internal tools, or adopting AI, Cerbos can save you time and effort.