ARTICLE
Atsign’s Zero Trust Planes: Policy Plane
Policy Plane
The policy plane consists of rules to be followed by the actors that exist within the plane (the actors that exist within the other planes will be detailed later). An example of this idea can be seen in the banking industry. Bank policies that exist, exist within their own policy plane.
Consider a scenario where a small company has four employees: Alice, Bob, Chuck, and Dan. All four employees have access to a thousand devices. If a new employee, Eva, joins, all devices will need to be updated to accommodate her access.
Similarly, if Dan were to leave the company, all devices would need to be updated again. This demonstrates that the current system does not scale well.
Furthermore, the employees who have access to the devices can set the policies for those devices. In an ideal situation, this is not what an administrator would want. Policies should be separated and enforced so that individuals cannot change their own policies within the environment.
The diagram above illustrates the Atsign policy plane in action. From this diagram, we can interpret the following:
The first step on the policy plane involves having a manager, or a list of managers, who can act as an authorizing atSign (referred to as the “policy atSign” for simplicity).
If this atSign is set within an environment, the daemon in any session receiving a new request will communicate with it to determine if the requester can speak to the daemon in the first place.
In many cases, simple files such as config files are sufficient to enhance the scalability of architectures using the Atsign policy plane. Using atSigns creates an extremely user-friendly environment.
Instead of updating 1,000 individual devices, all devices can be updated in one place. If a new team member joins the company, the config file can be easily modified to add the new team member’s, in this case Eva’s, atSign. The same applies if Dan were to leave the company, his atSign could simply be removed from the file.
In the next post, we’ll explain more about the control plane.
For more on Atsign’s unique architecture, take a look at Co-founder and CTO Colin’s post on Accountability on the Internet.
Mitigating Man-in-the-Middle Risks and Ensuring Data Integrity
Prevent Man-in-the-Middle risks, protect your data, and maintain privacy while implementing corporate policies.
Atsign’s Zero Trust Planes
Learn how Atsign’s innovative use of control, data, and policy planes revolutionizes data transmission, eliminating vulnerabilities associated with VPNs and firewalls.
Why Are There Constantly Escalating Data Breaches and Security Violations?
Data breaches are on the rise. Traditional security measures like firewalls and VPNs have limitations. Atsign offers a new solution with atSigns, a secure digital address that eliminates the need for open ports and complex authentication, simplifying data security.
Transforming Fleet Management with Real-Time Telemetry: An Atsign Use Case
Learn how a real-time telemetry solution with Atsign technology can help a large fleet management company achieve significant improvements in reliability, reduce costs, and optimize maintenance schedules.
Data Transmission Methods with Atsign’s NoPorts and atSDK
Learn how Atsign is addressing vulnerabilities in data transmissions, making it safer to send data securely over the Internet.