Skip to content

Cloud Native Security

Cloud Native Security

Use cloud native resource isolation and security when possible The value of a OSDU depends on its ability to collect and contain data from a variety of users, departments and organizations/companies. To encourage contribution, the OSDU must earn the trust of its participants.

Status

  • Proposed
  • Trialing
  • Under review
  • Approved
  • Retired

Context

Decision

OSDU will take advantage of the resource isolation and access control mechanism of the cloud provider rather than attempting to implement these itself. It will take advantage of resource isolation (Projects/Subscriptions/VPCs) between companies to ensure complete isolation and use Access Control Lists based on groups or roles within a company for finer grain control.

Rationale

Leveraging the native security controls of the cloud

  1. avoids introducing complexity/vulnerabilities in the data ecosystem implementation,
  2. reduces the requirement for privileged accounts and
  3. avoids the possibility of someone gaining access to data by circumventing the OSDU services.

Consequences

  1. The finest granularity of access control is dictated by the capabilities of the cloud provider
Edited by Stephen Whitley (Invited Expert)
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information