Dynamic Policy Enforcement for Privacy Techniques in Microservice Architectures

Explore dynamic policy enforcement for privacy techniques in microservice architectures in this 22-minute conference talk by Rami Haddad from Cisco. Learn about the challenges microservices face in complying with privacy regulations like GDPR and CCPA, and discover a proposed solution that integrates advanced privacy measures into gRPC. Understand how data minimisation and purpose limitation can be implemented within gRPC using an interceptor, enabling configurable policy enforcement based on processing purposes and data minimisation needs. Examine a prototype implemented in a cloud-native microservice environment, demonstrating the practicality of this approach with reasonable overheads. Consider the potential for future work, including performance assessments and optimisation for broader adoption in large-scale web systems.