DEV Community

Cover image for What Matters in a Conditional Cloud
starpebble
starpebble

Posted on • Updated on

What Matters in a Conditional Cloud

The cloud is becoming even more conditional. We know the cloud is programmable. This is exactly why it is very flexible. The conditional cloud is a hot topic because it is showing up in more than one way. Here are exactly two examples of the conditional cloud:

Conditional Access - Machine Learning

A single mobile user accesses three private applications over the Internet. The three applications are hosted in a private data center with an excellent source of carbon-free energy. Azure AD conditionally grants access each time the user accesses any of the mobile applications. For example, Azure's machine learning considers the user, location, device, and real-time risks. Conditionally, the user may just get the web page. Or, conditionally, the user may be asked to authenticate a second time, like a re-certification. The decision is up to the cloud. learn more here

Conditional Access - Rules Based

A single developer has a closed serverless application limited to an exact number of accounts. Each exact account number is listed in the S3 Bucket resource policy. It is a stated condition. The AWS Serverless Repository grants a user access to the application only when the user's deployment passes the condition where the SourceAccount number is in the list. learn more here

What matters is up to you

Don't forget time-based conditional access. Sometimes temporary access is a stated condition. Like for a hotfix that comes up in an emergency. One person may just need a few hours of access to a single exact machine in the cloud. To keep it safe, a person can write one Common Expression Language statement in a Google Policy restricting access by the request time. The condition is the time. learn more here

Identity Matters

Conditions look fine-grained. The conditions consider identity. Nobody wants to look over a user's shoulders. Please let me emphasize the conditional cloud is intended to make the cloud safer. How the cloud exactly does this for us, either machine learning or rules-based, is a hot topic. Any comments?

Top comments (0)